| alertsIds (scanId* ) | Gets the IDs of the alerts raised during the scan with the given ID. An alert can be obtained with 'alert' core view. |
| attackModeQueue | |
| excludedFromScan | Gets the regexes of URLs excluded from the active scans. |
| excludedParamTypes | Gets all the types of excluded parameters. For each type the following are shown: the ID and the name. |
| excludedParams | Gets all the parameters that are excluded. For each parameter the following are shown: the name, the URL, and the parameter type. |
| messagesIds (scanId* ) | Gets the IDs of the messages sent during the scan with the given ID. A message can be obtained with 'message' core view. |
| optionAddQueryParam | Tells whether or not the active scanner should add a query parameter to GET request that don't have parameters to start with. |
| optionAllowAttackOnStart | |
| optionAttackPolicy | |
| optionDefaultPolicy | |
| optionDelayInMs | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. This option has been superseded. Use the API rate limit endpoints in the 'network' component instead. |
| optionEncodeCookieValues | Tells whether or not the active scanner should encode cookie values. |
| optionExcludedParamList | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. Use view excludedParams instead. |
| optionHandleAntiCSRFTokens | |
| optionHostPerScan | |
| optionInjectPluginIdInHeader | Tells whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scan rule that's sending the requests. |
| optionMaxAlertsPerRule | Gets the maximum number of alerts that a rule can raise before being skipped. |
| optionMaxChartTimeInMins | |
| optionMaxResultsToList | |
| optionMaxRuleDurationInMins | |
| optionMaxScanDurationInMins | |
| optionMaxScansInUI | |
| optionPromptInAttackMode | |
| optionPromptToClearFinishedScans | |
| optionRescanInAttackMode | |
| optionScanHeadersAllRequests | Tells whether or not the HTTP Headers of all requests should be scanned. Not just requests that send parameters, through the query or request body. |
| optionScanNullJsonValues | Tells whether or not the active scanner should scan null JSON values. |
| optionShowAdvancedDialog | |
| optionTargetParamsEnabledRPC | |
| optionTargetParamsInjectable | |
| optionThreadPerHost | |
| policies (scanPolicyName policyId ) | |
| scanPolicyNames | |
| scanProgress (scanId ) | |
| scanners (scanPolicyName policyId ) | Gets the scan rules, optionally, of the given scan policy or scanner policy/category ID. |
| scans | |
| status (scanId ) |
| addExcludedParam (name* type url ) | Adds a new parameter excluded from the scan, using the specified name. Optionally sets if the new entry applies to a specific URL (default, all URLs) and sets the ID of the type of the parameter (default, ID of any type). The type IDs can be obtained with the view excludedParamTypes. |
| addScanPolicy (scanPolicyName* alertThreshold attackStrength ) | |
| clearExcludedFromScan | Clears the regexes of URLs excluded from the active scans. |
| disableAllScanners (scanPolicyName ) | Disables all scan rules of the scan policy with the given name, or the default if none given. |
| disableScanners (ids* scanPolicyName ) | Disables the scan rules with the given IDs (comma separated list of IDs) of the scan policy with the given name, or the default if none given. |
| enableAllScanners (scanPolicyName ) | Enables all scan rules of the scan policy with the given name, or the default if none given. |
| enableScanners (ids* scanPolicyName ) | Enables the scan rules with the given IDs (comma separated list of IDs) of the scan policy with the given name, or the default if none given. |
| excludeFromScan (regex* ) | Adds a regex of URLs that should be excluded from the active scans. |
| importScanPolicy (path* ) | Imports a Scan Policy using the given file system path. |
| modifyExcludedParam (idx* name type url ) | Modifies a parameter excluded from the scan. Allows to modify the name, the URL and the type of parameter. The parameter is selected with its index, which can be obtained with the view excludedParams. |
| pause (scanId* ) | |
| pauseAllScans | |
| removeAllScans | |
| removeExcludedParam (idx* ) | Removes a parameter excluded from the scan, with the given index. The index can be obtained with the view excludedParams. |
| removeScan (scanId* ) | |
| removeScanPolicy (scanPolicyName* ) | |
| resume (scanId* ) | |
| resumeAllScans | |
| scan (url recurse inScopeOnly scanPolicyName method postData contextId ) | Runs the active scanner against the given URL or Context. Optionally, the 'recurse' parameter can be used to scan URLs under the given URL, the parameter 'inScopeOnly' can be used to constrain the scan to URLs that are in scope (ignored if a Context is specified), the parameter 'scanPolicyName' allows to specify the scan policy (if none is given it uses the default scan policy), the parameters 'method' and 'postData' allow to select a given request in conjunction with the given URL. |
| scanAsUser (url contextId userId recurse scanPolicyName method postData ) | Active Scans from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details. |
| setEnabledPolicies (ids* scanPolicyName ) | |
| setOptionAddQueryParam (Boolean* ) | Sets whether or not the active scanner should add a query param to GET requests which do not have parameters to start with. |
| setOptionAllowAttackOnStart (Boolean* ) | |
| setOptionAttackPolicy (String* ) | |
| setOptionDefaultPolicy (String* ) | |
| setOptionDelayInMs (Integer* ) | Deprecated API Endpoint. Its use is discouraged, it will be removed in a future version. This option has been superseded. Use the API rate limit endpoints in the 'network' component instead. |
| setOptionEncodeCookieValues (Boolean* ) | Sets whether or not the active scanner should encode cookie values. |
| setOptionHandleAntiCSRFTokens (Boolean* ) | |
| setOptionHostPerScan (Integer* ) | |
| setOptionInjectPluginIdInHeader (Boolean* ) | Sets whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scan rule that's sending the requests. |
| setOptionMaxAlertsPerRule (Integer* ) | Sets the maximum number of alerts that a rule can raise before being skipped. |
| setOptionMaxChartTimeInMins (Integer* ) | |
| setOptionMaxResultsToList (Integer* ) | |
| setOptionMaxRuleDurationInMins (Integer* ) | |
| setOptionMaxScanDurationInMins (Integer* ) | |
| setOptionMaxScansInUI (Integer* ) | |
| setOptionPromptInAttackMode (Boolean* ) | |
| setOptionPromptToClearFinishedScans (Boolean* ) | |
| setOptionRescanInAttackMode (Boolean* ) | |
| setOptionScanHeadersAllRequests (Boolean* ) | Sets whether or not the HTTP Headers of all requests should be scanned. Not just requests that send parameters, through the query or request body. |
| setOptionScanNullJsonValues (Boolean* ) | Sets whether or not the active scanner should scan null JSON values. |
| setOptionShowAdvancedDialog (Boolean* ) | |
| setOptionTargetParamsEnabledRPC (Integer* ) | |
| setOptionTargetParamsInjectable (Integer* ) | |
| setOptionThreadPerHost (Integer* ) | |
| setPolicyAlertThreshold (id* alertThreshold* scanPolicyName ) | |
| setPolicyAttackStrength (id* attackStrength* scanPolicyName ) | |
| setScannerAlertThreshold (id* alertThreshold* scanPolicyName ) | |
| setScannerAttackStrength (id* attackStrength* scanPolicyName ) | |
| skipScanner (scanId* scannerId* ) | Skips the scan rule using the given IDs of the scan and the scan rule. |
| stop (scanId* ) | |
| stopAllScans | |
| updateScanPolicy (scanPolicyName* alertThreshold attackStrength ) |