I am trying to run a ZAP API scan against an API but when I run the command below I get error "Invalid option v : option -v not recognized" :

docker run  -t owasp/zap2docker-weekly zap-api-scan.py -t http://100.100.333.888:0000/account?field4=4488082040118"&"field7=GENERIC01"&"field10=ABC076 -f openapi -v $(pwd):/zap/wrk/:rw -r ZAP_Report.html

I want to generate the scan report and dump to the same directory. My understanding is that the command -v $(pwd):/zap/wrk/:rw will map the /zap/wrk/ directory in the docker image to the current working directory (cwd) of the machine in which I am running docker.

Checked the wiki here : ZAP APIScan WIKI but it also appears as if the flag -v is not supported with APIScan.

When I run the same command I also get another error Could not find custom hooks file at /home/zap/.zap_hooks.py.

My issues :

Is there another specific flag that is used with ZAP API scan to mount the /zap/wrk directory?

Why I do need to have a file .zap_hooks.py and if so where would I need to create it ? I have found a sample here Hook (Is this the correct template)

CodePudding user response：

The -v flag is a docker option not a ZAP one, so your command should be docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap-api-scan.py ...

If you dont think you need a hook file then you dont need to supply one. They are explained on https://www.zaproxy.org/docs/docker/scan-hooks/