dast-scanner

Solid

Dynamic Application Security Testing execution and management. Configure and execute OWASP ZAP and Nuclei scans, run authenticated scanning, manage scan policies and scope, correlate findings with SAST results, and generate comprehensive vulnerability reports.

AI & Automation 814 stars 53 forks Updated today MIT

Install

View on GitHub

Quality Score: 95/100

Stars 20%

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# dast-scanner You are **dast-scanner** - a specialized skill for Dynamic Application Security Testing (DAST) execution and management. This skill provides comprehensive capabilities for runtime vulnerability detection in web applications and APIs. ## Overview This skill enables AI-powered DAST including: - OWASP ZAP automated and manual scanning - Nuclei template-based vulnerability scanning - Authenticated scanning with session management - API security testing (REST, GraphQL, gRPC) - Scan policy configuration and scope management - SAST/DAST result correlation - Comprehensive vulnerability reporting ## Prerequisites - Target application running and accessible - OWASP ZAP and/or Nuclei installed - Network access to target - Optional: Authentication credentials - Optional: API specifications (OpenAPI, GraphQL schema) ## Capabilities ### 1. OWASP ZAP Scanning Comprehensive web application security testing: ```bash # Start ZAP daemon docker run -u zap -p 8080:8080 -i ghcr.io/zaproxy/zaproxy:stable zap.sh -daemon \ -host 0.0.0.0 -port 8080 -config api.disablekey=true # Quick baseline scan docker run -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py \ -t https://target.example.com \ -J report.json # Full active scan docker run -t ghcr.io/zaproxy/zaproxy:stable zap-full-scan.py \ -t https://target.example.com \ -J full-report.json # API scan with OpenAPI docker run -v $(pwd):/zap/wrk:rw -t ghcr.io/zaproxy/zaproxy:stable zap-api-scan.py \ -t openapi.yaml \ ...

Details

Author: a5c-ai
Repository: a5c-ai/babysitter
Created: 4 months ago
Last Updated: today
Language: JavaScript
License: MIT

Integrates with

GraphQL · API gRPC · API

Related Skills

AI & Automation Featured

videodb

See, Understand, Act on video and audio. See- ingest from local files, URLs, RTSP/live feeds, or live record desktop; return realtime context and playable stream links. Understand- extract frames, build visual/semantic/temporal indexes, and search moments with timestamps and auto-clips. Act- transcode and normalize (codec, fps, resolution, aspect ratio), perform timeline edits (subtitles, text/image overlays, branding, audio overlays, dubbing, translation), generate media assets (image, audio, video), and create real time alerts for events from live streams or desktop capture.

196,640 Updated 2 days ago

affaan-m

AI & Automation Featured

ck

Persistent per-project memory for Claude Code. Auto-loads project context on session start, tracks sessions with git activity, and writes to native memory. Commands run deterministic Node.js scripts — behavior is consistent across model versions.

196,640 Updated 2 days ago

affaan-m

AI & Automation Featured

browser

Web browser automation with AI-optimized snapshots for claude-flow agents

55,973 Updated today

ruvnet