How to generate html report from command line?
2,539 views
Skip to first unread message
Lakmi SK
Jun 10, 2015, 12:30:09 AM6/10/15
to zaprox...@googlegroups.com
Hi,
I am able to generate XML report via commandline successfully through the below command-
java –jar zap-2.4.0.jar –quickurl http://localhost:8080/ManageMe/ -quickout C:\Users\xyz\zap.xml –cmd
But html report which is generated via commandline looks like a plain text.
java –jar zap-2.4.0.jar –quickurl http://localhost:8080/ManageMe/ -quickout C:\Users\xyz\zap.html –cmd
Please suggest which command to use to generate a valid html report.
Thanks,
Lakmi
Simon Bennetts
Jun 10, 2015, 5:00:24 AM6/10/15
to zaprox...@googlegroups.com, laks...@gmail.com
If you run ZAP with the "-h" option you'll get some help on the commands available:
./zap.sh -h
Found Java version 1.7.0_71
Available memory: 16003 MB
Setting jvm heap size: -Xmx512m
GUI usage:
zap.sh [-dir directory]
Command line usage:
zap.sh [-h |-help] [-newsession session_file_path | -session existing_session_file_path]
[options] [-dir directory] [-installdir directory] [-host host] [-port port]
[-daemon] [-cmd] [-version]options:
-script [script_path]: Script to run from commandline or load in GUI
-quickurl [target url]: The URL to attack, eg http://www.example.com
-quickout [output filename]: The file to write the XML results to
-last_scan_report [file_path]: Generate 'Last Scan Report' into the file_path provided.
You'll see that the -quickout option only generates XML results, regardless of the extension of the filename you specify.
What OS are you using?
You could try applying the XSLT file that ZAP uses to transform the XML results to HTML: https://github.com/zaproxy/zaproxy/blob/master/src/xml/report.html.xsl - this is included in the XML directory.
Also happy to accept an issue raised for an html file option ;)
Btw - any reason why you're not using either zap.sh or zap.bat?
Cheers,
Simon
./zap.sh -h
Found Java version 1.7.0_71
Available memory: 16003 MB
Setting jvm heap size: -Xmx512m
GUI usage:
zap.sh [-dir directory]
Command line usage:
zap.sh [-h |-help] [-newsession session_file_path | -session existing_session_file_path]
[options] [-dir directory] [-installdir directory] [-host host] [-port port]
[-daemon] [-cmd] [-version]options:
-script [script_path]: Script to run from commandline or load in GUI
-quickurl [target url]: The URL to attack, eg http://www.example.com
-quickout [output filename]: The file to write the XML results to
-last_scan_report [file_path]: Generate 'Last Scan Report' into the file_path provided.
You'll see that the -quickout option only generates XML results, regardless of the extension of the filename you specify.
What OS are you using?
You could try applying the XSLT file that ZAP uses to transform the XML results to HTML: https://github.com/zaproxy/zaproxy/blob/master/src/xml/report.html.xsl - this is included in the XML directory.
Also happy to accept an issue raised for an html file option ;)
Btw - any reason why you're not using either zap.sh or zap.bat?
Cheers,
Simon
Lakmi
Jun 10, 2015, 7:13:09 AM6/10/15
to zaprox...@googlegroups.com
Hi Simon,
Actually, I'm exploring this tool :)
From UI, I'm able to generate reports of various formats - HTML, XML & PDF.
So out of curiosity, I just thought of asking whether there is a limitation via command line.
I'm using Windows 7.
Regards,
Lakmi
Simon Bennetts
Jun 10, 2015, 7:20:40 AM6/10/15
to zaprox...@googlegroups.com, laks...@gmail.com
In that case yes, it is a limitation via the command line :)
Re the platform - just wondering why you werent using zap.bat ?
It doesnt do so much on Windows - the Linux one does more.
Cheers,
Simon
Re the platform - just wondering why you werent using zap.bat ?
It doesnt do so much on Windows - the Linux one does more.
Cheers,
Simon
Khopithan Sathiyakeerthy
Apr 19, 2021, 7:14:25 AM4/19/21
to OWASP ZAP User Group
Hi Lakmi,
Did you find any way to generate .html or .pdf report from ZAP in cmd? If yes, can you share that. Thanks.
Regards,
Khopi
Pritish Thapa
Mar 28, 2023, 3:01:39 PM3/28/23
to OWASP ZAP User Group
Hi there,
Yes you can generate the report of any type through the command line:-
zap-cli report -o <output-file> -f <report-format> [-s <scan-id>]
Yes you can generate the report of any type through the command line:-
zap-cli report -o <output-file> -f <report-format> [-s <scan-id>]
- report: This command tells ZAP to generate a report.
- -o: This parameter specifies the output file name and location.
- -f: This parameter specifies the format of the report. ZAP supports multiple report formats such as HTML, JSON, and XML.
- -s: This optional parameter specifies the ID of the scan to generate the report for. If not specified, ZAP will generate a report for the most recent scan. Thanks, Pritish Thapa
thc...@gmail.com
Mar 28, 2023, 3:09:58 PM3/28/23
to zaprox...@googlegroups.com
For the record, zap-cli is no longer maintained.
Best regards.
On 28/03/2023 20:01, Pritish Thapa wrote:
> Hi there,
> Yes you can generate the report of any type through the command line:-
>
> *zap-cli report -o <output-file> -f <report-format> [-s <scan-id>**]*
>
> - report: This command tells ZAP to generate a report.
> - -o: This parameter specifies the output file name and location.
> - -f: This parameter specifies the format of the report. ZAP supports
Best regards.
On 28/03/2023 20:01, Pritish Thapa wrote:
> Hi there,
> Yes you can generate the report of any type through the command line:-
>
>
> - report: This command tells ZAP to generate a report.
> - -o: This parameter specifies the output file name and location.
> - -f: This parameter specifies the format of the report. ZAP supports
> multiple report formats such as HTML, JSON, and XML.
> - -s: This optional parameter specifies the ID of the scan to generate
> the report for. If not specified, ZAP will generate a report for the most
> recent scan. Thanks, Pritish Thapa
> -
> recent scan. Thanks, Pritish Thapa
Reply all
Reply to author
Forward
0 new messages