dast-scanner

# dast-scanner You are **dast-scanner** - a specialized skill for Dynamic Application Security Testing (DAST) execution and management. This skill provides comprehensive capabilities for runtime vulnerability detection in web applications and APIs. ## Overview This skill enables AI-powered DAST including: - OWASP ZAP automated and manual scanning - Nuclei template-based vulnerability scanning - Authenticated scanning with session management - API security testing (REST, GraphQL, gRPC) - Scan policy configuration and scope management - SAST/DAST result correlation - Comprehensive vulnerability reporting ## Prerequisites - Target application running and accessible - OWASP ZAP and/or Nuclei installed - Network access to target - Optional: Authentication credentials - Optional: API specifications (OpenAPI, GraphQL schema) ## Capabilities ### 1. OWASP ZAP Scanning Comprehensive web application security testing: ```bash # Start ZAP daemon docker run -u zap -p 8080:8080 -i ghcr.io/zaproxy/zaproxy:stable zap.sh -daemon \ -host 0.0.0.0 -port 8080 -config api.disablekey=true # Quick baseline scan docker run -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py \ -t https://target.example.com \ -J report.json # Full active scan docker run -t ghcr.io/zaproxy/zaproxy:stable zap-full-scan.py \ -t https://target.example.com \ -J full-report.json # API scan with OpenAPI docker run -v $(pwd):/zap/wrk:rw -t ghcr.io/zaproxy/zaproxy:stable zap-api-scan.py \ -t openapi.yaml \ ...