OWASP ZAP (Zed Attack Proxy) is an open-source, cross-platform web application security scanner written in Java, and is available in all the popular operating systems: Windows, Linux, and Mac OS X.

OWASP ZAP provides a REST API, which allows us to write a script to communicate with Zap programmatically. We can use the python-owasp-zap module to access this API. The python-owasp-zap-v2.4 module can be installed with pip.

Start by loading the required modules:

from zapv2 import ZAPv2 
from pprint import pprint 
import time 

Define the target to scan:

target = 'http://127.0.0.1'

Now, we can instantiate the zap instance, as follows:

zap = zapv2()

This will instantiate a new instance with the assumption zap listens in the default port 8080. If Zap listens a non-default port, then we have to pass the custom proxy settings as the parameters, as follows:

zap = ZAPv2(proxies={'http': 'http://127.0.0.1:8090', 'https': 'http://127.0.0.1:8090'}) 

Set the target...