Advanced Scripting Techniques

Complex automation often requires scripts to interact with multiple ZAP components. Access scanners, spiders, and other extensions through ZAP's comprehensive API:

// Advanced script coordinating multiple ZAP components
function automatedSecurityTest(targetUrl) {
    var URI = Java.type("java.net.URI");
    var HttpSender = Java.type("org.parosproxy.paros.network.HttpSender");
    
    // Get references to extensions
    var extSpider = control.getExtensionLoader().getExtension("ExtensionSpider");
    var extAscan = control.getExtensionLoader().getExtension("ExtensionActiveScan");
    
    // Configure context
    var context = model.getSession().newContext("AutoTest");
    context.addIncludeInContextRegex(targetUrl + ".*");
    
    // Start spider
    print("Starting spider scan...");
    var spiderId = extSpider.startScan(targetUrl, null, null, null, context.getId());
    
    // Wait for spider to complete
    while (extSpider.getSpiderProgress(spiderId) < 100) {
        Java.type("java.lang.Thread").sleep(1000);
        print("Spider progress: " + extSpider.getSpiderProgress(spiderId) + "%");
    }
    
    // Start active scan
    print("Starting active scan...");
    var ascanId = extAscan.startScan(targetUrl, null, null, null, null, context.getId());
    
    // Monitor and report progress
    while (extAscan.getScanProgress(ascanId) < 100) {
        Java.type("java.lang.Thread").sleep(5000);
        print("Active scan progress: " + extAscan.getScanProgress(ascanId) + "%");
    }
    
    print("Security test completed!");
}

Script persistence and sharing enhance team collaboration. Save proven scripts to version control, document expected inputs and outputs, and create script libraries for common tasks. ZAP's script templates provide starting points for new scripts, accelerating development. Consider creating organization-specific templates encoding your testing standards and patterns.