OWASP ZAP · Capability

ZAP API — ascan

ZAP API — ascan. 90 operations. Lead operation: ascan. Self-contained Naftiko capability covering one Owasp Zap business surface.

Run with Naftiko Owasp Zapascan

What You Can Do

GET
Ascanactionaddexcludedparam — Adds a new parameter excluded from the scan, using the specified name. Optionally sets if the new entry applies to a specific URL (default, all URLs) and sets the ID of the type of the parameter (default, ID of any type). The type IDs can b
/v1/json/ascan/action/addexcludedparam
GET
Ascanactionaddscanpolicy — ascanactionaddscanpolicy
/v1/json/ascan/action/addscanpolicy
GET
Ascanactionclearexcludedfromscan — Clears the regexes of URLs excluded from the active scans.
/v1/json/ascan/action/clearexcludedfromscan
GET
Ascanactiondisableallscanners — Disables all scan rules of the scan policy with the given name, or the default if none given.
/v1/json/ascan/action/disableallscanners
GET
Ascanactiondisablescanners — Disables the scan rules with the given IDs (comma separated list of IDs) of the scan policy with the given name, or the default if none given.
/v1/json/ascan/action/disablescanners
GET
Ascanactionenableallscanners — Enables all scan rules of the scan policy with the given name, or the default if none given.
/v1/json/ascan/action/enableallscanners
GET
Ascanactionenablescanners — Enables the scan rules with the given IDs (comma separated list of IDs) of the scan policy with the given name, or the default if none given.
/v1/json/ascan/action/enablescanners
GET
Ascanactionexcludefromscan — Adds a regex of URLs that should be excluded from the active scans.
/v1/json/ascan/action/excludefromscan
GET
Ascanactionimportscanpolicy — Imports a Scan Policy using the given file system path.
/v1/json/ascan/action/importscanpolicy
GET
Ascanactionmodifyexcludedparam — Modifies a parameter excluded from the scan. Allows to modify the name, the URL and the type of parameter. The parameter is selected with its index, which can be obtained with the view excludedParams.
/v1/json/ascan/action/modifyexcludedparam
GET
Ascanactionpause — ascanactionpause
/v1/json/ascan/action/pause
GET
Ascanactionpauseallscans — ascanactionpauseallscans
/v1/json/ascan/action/pauseallscans
GET
Ascanactionremoveallscans — ascanactionremoveallscans
/v1/json/ascan/action/removeallscans
GET
Ascanactionremoveexcludedparam — Removes a parameter excluded from the scan, with the given index. The index can be obtained with the view excludedParams.
/v1/json/ascan/action/removeexcludedparam
GET
Ascanactionremovescan — ascanactionremovescan
/v1/json/ascan/action/removescan
GET
Ascanactionremovescanpolicy — ascanactionremovescanpolicy
/v1/json/ascan/action/removescanpolicy
GET
Ascanactionresume — ascanactionresume
/v1/json/ascan/action/resume
GET
Ascanactionresumeallscans — ascanactionresumeallscans
/v1/json/ascan/action/resumeallscans
GET
Ascanactionscan — Runs the active scanner against the given URL or Context. Optionally, the 'recurse' parameter can be used to scan URLs under the given URL, the parameter 'inScopeOnly' can be used to constrain the scan to URLs that are in scope (ignored if
/v1/json/ascan/action/scan
GET
Ascanactionscanasuser — Active Scans from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details.
/v1/json/ascan/action/scanasuser
GET
Ascanactionsetenabledpolicies — ascanactionsetenabledpolicies
/v1/json/ascan/action/setenabledpolicies
GET
Ascanactionsetoptionaddqueryparam — Sets whether or not the active scanner should add a query param to GET requests which do not have parameters to start with.
/v1/json/ascan/action/setoptionaddqueryparam
GET
Ascanactionsetoptionallowattackonstart — ascanactionsetoptionallowattackonstart
/v1/json/ascan/action/setoptionallowattackonstart
GET
Ascanactionsetoptionattackpolicy — ascanactionsetoptionattackpolicy
/v1/json/ascan/action/setoptionattackpolicy
GET
Ascanactionsetoptiondefaultpolicy — ascanactionsetoptiondefaultpolicy
/v1/json/ascan/action/setoptiondefaultpolicy
GET
Ascanactionsetoptiondelayinms — This option has been superseded. Use the API rate limit endpoints in the 'network' component instead.
/v1/json/ascan/action/setoptiondelayinms
GET
Ascanactionsetoptionencodecookievalues — Sets whether or not the active scanner should encode cookie values.
/v1/json/ascan/action/setoptionencodecookievalues
GET
Ascanactionsetoptionhandleanticsrftokens — ascanactionsetoptionhandleanticsrftokens
/v1/json/ascan/action/setoptionhandleanticsrftokens
GET
Ascanactionsetoptionhostperscan — ascanactionsetoptionhostperscan
/v1/json/ascan/action/setoptionhostperscan
GET
Ascanactionsetoptioninjectpluginidinheader — Sets whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scan rule that's sending the requests.
/v1/json/ascan/action/setoptioninjectpluginidinheader
GET
Ascanactionsetoptionmaxalertsperrule — Sets the maximum number of alerts that a rule can raise before being skipped.
/v1/json/ascan/action/setoptionmaxalertsperrule
GET
Ascanactionsetoptionmaxcharttimeinmins — ascanactionsetoptionmaxcharttimeinmins
/v1/json/ascan/action/setoptionmaxcharttimeinmins
GET
Ascanactionsetoptionmaxresultstolist — ascanactionsetoptionmaxresultstolist
/v1/json/ascan/action/setoptionmaxresultstolist
GET
Ascanactionsetoptionmaxruledurationinmins — ascanactionsetoptionmaxruledurationinmins
/v1/json/ascan/action/setoptionmaxruledurationinmins
GET
Ascanactionsetoptionmaxscandurationinmins — ascanactionsetoptionmaxscandurationinmins
/v1/json/ascan/action/setoptionmaxscandurationinmins
GET
Ascanactionsetoptionmaxscansinui — ascanactionsetoptionmaxscansinui
/v1/json/ascan/action/setoptionmaxscansinui
GET
Ascanactionsetoptionpromptinattackmode — ascanactionsetoptionpromptinattackmode
/v1/json/ascan/action/setoptionpromptinattackmode
GET
Ascanactionsetoptionprompttoclearfinishedscans — ascanactionsetoptionprompttoclearfinishedscans
/v1/json/ascan/action/setoptionprompttoclearfinishedscans
GET
Ascanactionsetoptionrescaninattackmode — ascanactionsetoptionrescaninattackmode
/v1/json/ascan/action/setoptionrescaninattackmode
GET
Ascanactionsetoptionscanheadersallrequests — Sets whether or not the HTTP Headers of all requests should be scanned. Not just requests that send parameters, through the query or request body.
/v1/json/ascan/action/setoptionscanheadersallrequests
GET
Ascanactionsetoptionscannulljsonvalues — Sets whether or not the active scanner should scan null JSON values.
/v1/json/ascan/action/setoptionscannulljsonvalues
GET
Ascanactionsetoptionshowadvanceddialog — ascanactionsetoptionshowadvanceddialog
/v1/json/ascan/action/setoptionshowadvanceddialog
GET
Ascanactionsetoptiontargetparamsenabledrpc — ascanactionsetoptiontargetparamsenabledrpc
/v1/json/ascan/action/setoptiontargetparamsenabledrpc
GET
Ascanactionsetoptiontargetparamsinjectable — ascanactionsetoptiontargetparamsinjectable
/v1/json/ascan/action/setoptiontargetparamsinjectable
GET
Ascanactionsetoptionthreadperhost — ascanactionsetoptionthreadperhost
/v1/json/ascan/action/setoptionthreadperhost
GET
Ascanactionsetpolicyalertthreshold — ascanactionsetpolicyalertthreshold
/v1/json/ascan/action/setpolicyalertthreshold
GET
Ascanactionsetpolicyattackstrength — ascanactionsetpolicyattackstrength
/v1/json/ascan/action/setpolicyattackstrength
GET
Ascanactionsetscanneralertthreshold — ascanactionsetscanneralertthreshold
/v1/json/ascan/action/setscanneralertthreshold
GET
Ascanactionsetscannerattackstrength — ascanactionsetscannerattackstrength
/v1/json/ascan/action/setscannerattackstrength
GET
Ascanactionskipscanner — Skips the scan rule using the given IDs of the scan and the scan rule.
/v1/json/ascan/action/skipscanner
GET
Ascanactionstop — ascanactionstop
/v1/json/ascan/action/stop
GET
Ascanactionstopallscans — ascanactionstopallscans
/v1/json/ascan/action/stopallscans
GET
Ascanactionupdatescanpolicy — ascanactionupdatescanpolicy
/v1/json/ascan/action/updatescanpolicy
GET
Ascanviewalertsids — Gets the IDs of the alerts raised during the scan with the given ID. An alert can be obtained with 'alert' core view.
/v1/json/ascan/view/alertsids
GET
Ascanviewattackmodequeue — ascanviewattackmodequeue
/v1/json/ascan/view/attackmodequeue
GET
Ascanviewexcludedfromscan — Gets the regexes of URLs excluded from the active scans.
/v1/json/ascan/view/excludedfromscan
GET
Ascanviewexcludedparamtypes — Gets all the types of excluded parameters. For each type the following are shown: the ID and the name.
/v1/json/ascan/view/excludedparamtypes
GET
Ascanviewexcludedparams — Gets all the parameters that are excluded. For each parameter the following are shown: the name, the URL, and the parameter type.
/v1/json/ascan/view/excludedparams
GET
Ascanviewmessagesids — Gets the IDs of the messages sent during the scan with the given ID. A message can be obtained with 'message' core view.
/v1/json/ascan/view/messagesids
GET
Ascanviewoptionaddqueryparam — Tells whether or not the active scanner should add a query parameter to GET request that don't have parameters to start with.
/v1/json/ascan/view/optionaddqueryparam
GET
Ascanviewoptionallowattackonstart — ascanviewoptionallowattackonstart
/v1/json/ascan/view/optionallowattackonstart
GET
Ascanviewoptionattackpolicy — ascanviewoptionattackpolicy
/v1/json/ascan/view/optionattackpolicy
GET
Ascanviewoptiondefaultpolicy — ascanviewoptiondefaultpolicy
/v1/json/ascan/view/optiondefaultpolicy
GET
Ascanviewoptiondelayinms — This option has been superseded. Use the API rate limit endpoints in the 'network' component instead.
/v1/json/ascan/view/optiondelayinms
GET
Ascanviewoptionencodecookievalues — Tells whether or not the active scanner should encode cookie values.
/v1/json/ascan/view/optionencodecookievalues
GET
Ascanviewoptionexcludedparamlist — Use view excludedParams instead.
/v1/json/ascan/view/optionexcludedparamlist
GET
Ascanviewoptionhandleanticsrftokens — ascanviewoptionhandleanticsrftokens
/v1/json/ascan/view/optionhandleanticsrftokens
GET
Ascanviewoptionhostperscan — ascanviewoptionhostperscan
/v1/json/ascan/view/optionhostperscan
GET
Ascanviewoptioninjectpluginidinheader — Tells whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scan rule that's sending the requests.
/v1/json/ascan/view/optioninjectpluginidinheader
GET
Ascanviewoptionmaxalertsperrule — Gets the maximum number of alerts that a rule can raise before being skipped.
/v1/json/ascan/view/optionmaxalertsperrule
GET
Ascanviewoptionmaxcharttimeinmins — ascanviewoptionmaxcharttimeinmins
/v1/json/ascan/view/optionmaxcharttimeinmins
GET
Ascanviewoptionmaxresultstolist — ascanviewoptionmaxresultstolist
/v1/json/ascan/view/optionmaxresultstolist
GET
Ascanviewoptionmaxruledurationinmins — ascanviewoptionmaxruledurationinmins
/v1/json/ascan/view/optionmaxruledurationinmins
GET
Ascanviewoptionmaxscandurationinmins — ascanviewoptionmaxscandurationinmins
/v1/json/ascan/view/optionmaxscandurationinmins
GET
Ascanviewoptionmaxscansinui — ascanviewoptionmaxscansinui
/v1/json/ascan/view/optionmaxscansinui
GET
Ascanviewoptionpromptinattackmode — ascanviewoptionpromptinattackmode
/v1/json/ascan/view/optionpromptinattackmode
GET
Ascanviewoptionprompttoclearfinishedscans — ascanviewoptionprompttoclearfinishedscans
/v1/json/ascan/view/optionprompttoclearfinishedscans
GET
Ascanviewoptionrescaninattackmode — ascanviewoptionrescaninattackmode
/v1/json/ascan/view/optionrescaninattackmode
GET
Ascanviewoptionscanheadersallrequests — Tells whether or not the HTTP Headers of all requests should be scanned. Not just requests that send parameters, through the query or request body.
/v1/json/ascan/view/optionscanheadersallrequests
GET
Ascanviewoptionscannulljsonvalues — Tells whether or not the active scanner should scan null JSON values.
/v1/json/ascan/view/optionscannulljsonvalues
GET
Ascanviewoptionshowadvanceddialog — ascanviewoptionshowadvanceddialog
/v1/json/ascan/view/optionshowadvanceddialog
GET
Ascanviewoptiontargetparamsenabledrpc — ascanviewoptiontargetparamsenabledrpc
/v1/json/ascan/view/optiontargetparamsenabledrpc
GET
Ascanviewoptiontargetparamsinjectable — ascanviewoptiontargetparamsinjectable
/v1/json/ascan/view/optiontargetparamsinjectable
GET
Ascanviewoptionthreadperhost — ascanviewoptionthreadperhost
/v1/json/ascan/view/optionthreadperhost
GET
Ascanviewpolicies — ascanviewpolicies
/v1/json/ascan/view/policies
GET
Ascanviewscanpolicynames — ascanviewscanpolicynames
/v1/json/ascan/view/scanpolicynames
GET
Ascanviewscanprogress — ascanviewscanprogress
/v1/json/ascan/view/scanprogress
GET
Ascanviewscanners — Gets the scan rules, optionally, of the given scan policy or scanner policy/category ID.
/v1/json/ascan/view/scanners
GET
Ascanviewscans — ascanviewscans
/v1/json/ascan/view/scans
GET
Ascanviewstatus — ascanviewstatus
/v1/json/ascan/view/status

MCP Tools

adds-new-parameter-excluded-scan

Adds a new parameter excluded from the scan, using the specified name. Optionally sets if the new entry applies to a specific URL (default, all URLs) and sets the ID of the type of the parameter (default, ID of any type). The type IDs can b

read-only idempotent
ascanactionaddscanpolicy

ascanactionaddscanpolicy

read-only idempotent
clears-regexes-urls-excluded-active

Clears the regexes of URLs excluded from the active scans.

read-only idempotent
disables-all-scan-rules-scan

Disables all scan rules of the scan policy with the given name, or the default if none given.

read-only idempotent
disables-scan-rules-given-ids

Disables the scan rules with the given IDs (comma separated list of IDs) of the scan policy with the given name, or the default if none given.

read-only idempotent
enables-all-scan-rules-scan

Enables all scan rules of the scan policy with the given name, or the default if none given.

read-only idempotent
enables-scan-rules-given-ids

Enables the scan rules with the given IDs (comma separated list of IDs) of the scan policy with the given name, or the default if none given.

read-only idempotent
adds-regex-urls-that-should

Adds a regex of URLs that should be excluded from the active scans.

read-only idempotent
imports-scan-policy-using-given

Imports a Scan Policy using the given file system path.

read-only idempotent
modifies-parameter-excluded-scan-allows

Modifies a parameter excluded from the scan. Allows to modify the name, the URL and the type of parameter. The parameter is selected with its index, which can be obtained with the view excludedParams.

read-only idempotent
ascanactionpause

ascanactionpause

read-only idempotent
ascanactionpauseallscans

ascanactionpauseallscans

read-only idempotent
ascanactionremoveallscans

ascanactionremoveallscans

read-only idempotent
removes-parameter-excluded-scan-given

Removes a parameter excluded from the scan, with the given index. The index can be obtained with the view excludedParams.

read-only idempotent
ascanactionremovescan

ascanactionremovescan

read-only idempotent
ascanactionremovescanpolicy

ascanactionremovescanpolicy

read-only idempotent
ascanactionresume

ascanactionresume

read-only idempotent
ascanactionresumeallscans

ascanactionresumeallscans

read-only idempotent
runs-active-scanner-against-given

Runs the active scanner against the given URL or Context. Optionally, the 'recurse' parameter can be used to scan URLs under the given URL, the parameter 'inScopeOnly' can be used to constrain the scan to URLs that are in scope (ignored if

read-only idempotent
active-scans-perspective-user-obtained

Active Scans from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details.

read-only idempotent
ascanactionsetenabledpolicies

ascanactionsetenabledpolicies

read-only idempotent
sets-whether-not-active-scanner

Sets whether or not the active scanner should add a query param to GET requests which do not have parameters to start with.

read-only idempotent
ascanactionsetoptionallowattackonstart

ascanactionsetoptionallowattackonstart

read-only idempotent
ascanactionsetoptionattackpolicy

ascanactionsetoptionattackpolicy

read-only idempotent
ascanactionsetoptiondefaultpolicy

ascanactionsetoptiondefaultpolicy

read-only idempotent
this-option-has-been-superseded

This option has been superseded. Use the API rate limit endpoints in the 'network' component instead.

read-only idempotent
sets-whether-not-active-scanner-2

Sets whether or not the active scanner should encode cookie values.

read-only idempotent
ascanactionsetoptionhandleanticsrftokens

ascanactionsetoptionhandleanticsrftokens

read-only idempotent
ascanactionsetoptionhostperscan

ascanactionsetoptionhostperscan

read-only idempotent
sets-whether-not-active-scanner-3

Sets whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scan rule that's sending the requests.

read-only idempotent
sets-maximum-number-alerts-that

Sets the maximum number of alerts that a rule can raise before being skipped.

read-only idempotent
ascanactionsetoptionmaxcharttimeinmins

ascanactionsetoptionmaxcharttimeinmins

read-only idempotent
ascanactionsetoptionmaxresultstolist

ascanactionsetoptionmaxresultstolist

read-only idempotent
ascanactionsetoptionmaxruledurationinmins

ascanactionsetoptionmaxruledurationinmins

read-only idempotent
ascanactionsetoptionmaxscandurationinmins

ascanactionsetoptionmaxscandurationinmins

read-only idempotent
ascanactionsetoptionmaxscansinui

ascanactionsetoptionmaxscansinui

read-only idempotent
ascanactionsetoptionpromptinattackmode

ascanactionsetoptionpromptinattackmode

read-only idempotent
ascanactionsetoptionprompttoclearfinishedscans

ascanactionsetoptionprompttoclearfinishedscans

read-only idempotent
ascanactionsetoptionrescaninattackmode

ascanactionsetoptionrescaninattackmode

read-only idempotent
sets-whether-not-http-headers

Sets whether or not the HTTP Headers of all requests should be scanned. Not just requests that send parameters, through the query or request body.

read-only idempotent
sets-whether-not-active-scanner-4

Sets whether or not the active scanner should scan null JSON values.

read-only idempotent
ascanactionsetoptionshowadvanceddialog

ascanactionsetoptionshowadvanceddialog

read-only idempotent
ascanactionsetoptiontargetparamsenabledrpc

ascanactionsetoptiontargetparamsenabledrpc

read-only idempotent
ascanactionsetoptiontargetparamsinjectable

ascanactionsetoptiontargetparamsinjectable

read-only idempotent
ascanactionsetoptionthreadperhost

ascanactionsetoptionthreadperhost

read-only idempotent
ascanactionsetpolicyalertthreshold

ascanactionsetpolicyalertthreshold

read-only idempotent
ascanactionsetpolicyattackstrength

ascanactionsetpolicyattackstrength

read-only idempotent
ascanactionsetscanneralertthreshold

ascanactionsetscanneralertthreshold

read-only idempotent
ascanactionsetscannerattackstrength

ascanactionsetscannerattackstrength

read-only idempotent
skips-scan-rule-using-given

Skips the scan rule using the given IDs of the scan and the scan rule.

read-only idempotent
ascanactionstop

ascanactionstop

read-only idempotent
ascanactionstopallscans

ascanactionstopallscans

read-only idempotent
ascanactionupdatescanpolicy

ascanactionupdatescanpolicy

read-only idempotent
gets-ids-alerts-raised-during

Gets the IDs of the alerts raised during the scan with the given ID. An alert can be obtained with 'alert' core view.

read-only idempotent
ascanviewattackmodequeue

ascanviewattackmodequeue

read-only idempotent
gets-regexes-urls-excluded-active

Gets the regexes of URLs excluded from the active scans.

read-only idempotent
gets-all-types-excluded-parameters

Gets all the types of excluded parameters. For each type the following are shown: the ID and the name.

read-only idempotent
gets-all-parameters-that-are

Gets all the parameters that are excluded. For each parameter the following are shown: the name, the URL, and the parameter type.

read-only idempotent
gets-ids-messages-sent-during

Gets the IDs of the messages sent during the scan with the given ID. A message can be obtained with 'message' core view.

read-only idempotent
tells-whether-not-active-scanner

Tells whether or not the active scanner should add a query parameter to GET request that don't have parameters to start with.

read-only idempotent
ascanviewoptionallowattackonstart

ascanviewoptionallowattackonstart

read-only idempotent
ascanviewoptionattackpolicy

ascanviewoptionattackpolicy

read-only idempotent
ascanviewoptiondefaultpolicy

ascanviewoptiondefaultpolicy

read-only idempotent
this-option-has-been-superseded-2

This option has been superseded. Use the API rate limit endpoints in the 'network' component instead.

read-only idempotent
tells-whether-not-active-scanner-2

Tells whether or not the active scanner should encode cookie values.

read-only idempotent
use-view-excludedparams-instead

Use view excludedParams instead.

read-only idempotent
ascanviewoptionhandleanticsrftokens

ascanviewoptionhandleanticsrftokens

read-only idempotent
ascanviewoptionhostperscan

ascanviewoptionhostperscan

read-only idempotent
tells-whether-not-active-scanner-3

Tells whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the ID of the scan rule that's sending the requests.

read-only idempotent
gets-maximum-number-alerts-that

Gets the maximum number of alerts that a rule can raise before being skipped.

read-only idempotent
ascanviewoptionmaxcharttimeinmins

ascanviewoptionmaxcharttimeinmins

read-only idempotent
ascanviewoptionmaxresultstolist

ascanviewoptionmaxresultstolist

read-only idempotent
ascanviewoptionmaxruledurationinmins

ascanviewoptionmaxruledurationinmins

read-only idempotent
ascanviewoptionmaxscandurationinmins

ascanviewoptionmaxscandurationinmins

read-only idempotent
ascanviewoptionmaxscansinui

ascanviewoptionmaxscansinui

read-only idempotent
ascanviewoptionpromptinattackmode

ascanviewoptionpromptinattackmode

read-only idempotent
ascanviewoptionprompttoclearfinishedscans

ascanviewoptionprompttoclearfinishedscans

read-only idempotent
ascanviewoptionrescaninattackmode

ascanviewoptionrescaninattackmode

read-only idempotent
tells-whether-not-http-headers

Tells whether or not the HTTP Headers of all requests should be scanned. Not just requests that send parameters, through the query or request body.

read-only idempotent
tells-whether-not-active-scanner-4

Tells whether or not the active scanner should scan null JSON values.

read-only idempotent
ascanviewoptionshowadvanceddialog

ascanviewoptionshowadvanceddialog

read-only idempotent
ascanviewoptiontargetparamsenabledrpc

ascanviewoptiontargetparamsenabledrpc

read-only idempotent
ascanviewoptiontargetparamsinjectable

ascanviewoptiontargetparamsinjectable

read-only idempotent
ascanviewoptionthreadperhost

ascanviewoptionthreadperhost

read-only idempotent
ascanviewpolicies

ascanviewpolicies

read-only idempotent
ascanviewscanpolicynames

ascanviewscanpolicynames

read-only idempotent
ascanviewscanprogress

ascanviewscanprogress

read-only idempotent
gets-scan-rules-optionally-given

Gets the scan rules, optionally, of the given scan policy or scanner policy/category ID.

read-only idempotent
ascanviewscans

ascanviewscans

read-only idempotent
ascanviewstatus

ascanviewstatus

read-only idempotent

Capability Spec

owasp-zap-ascan.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: ZAP API — ascan
  description: 'ZAP API — ascan. 90 operations. Lead operation: ascan. Self-contained Naftiko capability covering one Owasp
    Zap business surface.'
  tags:
  - Owasp Zap
  - ascan
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    OWASP_ZAP_API_KEY: OWASP_ZAP_API_KEY
capability:
  consumes:
  - type: http
    namespace: owasp-zap-ascan
    baseUri: http://zap
    description: ZAP API — ascan business capability. Self-contained, no shared references.
    resources:
    - name: JSON-ascan-action-addExcludedParam
      path: /JSON/ascan/action/addExcludedParam/
      operations:
      - name: ascanactionaddexcludedparam
        method: GET
        description: Adds a new parameter excluded from the scan, using the specified name. Optionally sets if the new entry
          applies to a specific URL (default, all URLs) and sets the ID of the type of the parameter (default, ID of any type).
          The type IDs can b
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-addScanPolicy
      path: /JSON/ascan/action/addScanPolicy/
      operations:
      - name: ascanactionaddscanpolicy
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-clearExcludedFromScan
      path: /JSON/ascan/action/clearExcludedFromScan/
      operations:
      - name: ascanactionclearexcludedfromscan
        method: GET
        description: Clears the regexes of URLs excluded from the active scans.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-disableAllScanners
      path: /JSON/ascan/action/disableAllScanners/
      operations:
      - name: ascanactiondisableallscanners
        method: GET
        description: Disables all scan rules of the scan policy with the given name, or the default if none given.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-disableScanners
      path: /JSON/ascan/action/disableScanners/
      operations:
      - name: ascanactiondisablescanners
        method: GET
        description: Disables the scan rules with the given IDs (comma separated list of IDs) of the scan policy with the
          given name, or the default if none given.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-enableAllScanners
      path: /JSON/ascan/action/enableAllScanners/
      operations:
      - name: ascanactionenableallscanners
        method: GET
        description: Enables all scan rules of the scan policy with the given name, or the default if none given.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-enableScanners
      path: /JSON/ascan/action/enableScanners/
      operations:
      - name: ascanactionenablescanners
        method: GET
        description: Enables the scan rules with the given IDs (comma separated list of IDs) of the scan policy with the given
          name, or the default if none given.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-excludeFromScan
      path: /JSON/ascan/action/excludeFromScan/
      operations:
      - name: ascanactionexcludefromscan
        method: GET
        description: Adds a regex of URLs that should be excluded from the active scans.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-importScanPolicy
      path: /JSON/ascan/action/importScanPolicy/
      operations:
      - name: ascanactionimportscanpolicy
        method: GET
        description: Imports a Scan Policy using the given file system path.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-modifyExcludedParam
      path: /JSON/ascan/action/modifyExcludedParam/
      operations:
      - name: ascanactionmodifyexcludedparam
        method: GET
        description: Modifies a parameter excluded from the scan. Allows to modify the name, the URL and the type of parameter.
          The parameter is selected with its index, which can be obtained with the view excludedParams.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-pause
      path: /JSON/ascan/action/pause/
      operations:
      - name: ascanactionpause
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-pauseAllScans
      path: /JSON/ascan/action/pauseAllScans/
      operations:
      - name: ascanactionpauseallscans
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-removeAllScans
      path: /JSON/ascan/action/removeAllScans/
      operations:
      - name: ascanactionremoveallscans
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-removeExcludedParam
      path: /JSON/ascan/action/removeExcludedParam/
      operations:
      - name: ascanactionremoveexcludedparam
        method: GET
        description: Removes a parameter excluded from the scan, with the given index. The index can be obtained with the
          view excludedParams.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-removeScan
      path: /JSON/ascan/action/removeScan/
      operations:
      - name: ascanactionremovescan
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-removeScanPolicy
      path: /JSON/ascan/action/removeScanPolicy/
      operations:
      - name: ascanactionremovescanpolicy
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-resume
      path: /JSON/ascan/action/resume/
      operations:
      - name: ascanactionresume
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-resumeAllScans
      path: /JSON/ascan/action/resumeAllScans/
      operations:
      - name: ascanactionresumeallscans
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-scan
      path: /JSON/ascan/action/scan/
      operations:
      - name: ascanactionscan
        method: GET
        description: 'Runs the active scanner against the given URL or Context. Optionally, the ''recurse'' parameter can
          be used to scan URLs under the given URL, the parameter ''inScopeOnly'' can be used to constrain the scan to URLs
          that are in scope (ignored if '
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-scanAsUser
      path: /JSON/ascan/action/scanAsUser/
      operations:
      - name: ascanactionscanasuser
        method: GET
        description: Active Scans from the perspective of a User, obtained using the given Context ID and User ID. See 'scan'
          action for more details.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setEnabledPolicies
      path: /JSON/ascan/action/setEnabledPolicies/
      operations:
      - name: ascanactionsetenabledpolicies
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionAddQueryParam
      path: /JSON/ascan/action/setOptionAddQueryParam/
      operations:
      - name: ascanactionsetoptionaddqueryparam
        method: GET
        description: Sets whether or not the active scanner should add a query param to GET requests which do not have parameters
          to start with.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionAllowAttackOnStart
      path: /JSON/ascan/action/setOptionAllowAttackOnStart/
      operations:
      - name: ascanactionsetoptionallowattackonstart
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionAttackPolicy
      path: /JSON/ascan/action/setOptionAttackPolicy/
      operations:
      - name: ascanactionsetoptionattackpolicy
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionDefaultPolicy
      path: /JSON/ascan/action/setOptionDefaultPolicy/
      operations:
      - name: ascanactionsetoptiondefaultpolicy
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionDelayInMs
      path: /JSON/ascan/action/setOptionDelayInMs/
      operations:
      - name: ascanactionsetoptiondelayinms
        method: GET
        description: This option has been superseded. Use the API rate limit endpoints in the 'network' component instead.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionEncodeCookieValues
      path: /JSON/ascan/action/setOptionEncodeCookieValues/
      operations:
      - name: ascanactionsetoptionencodecookievalues
        method: GET
        description: Sets whether or not the active scanner should encode cookie values.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionHandleAntiCSRFTokens
      path: /JSON/ascan/action/setOptionHandleAntiCSRFTokens/
      operations:
      - name: ascanactionsetoptionhandleanticsrftokens
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionHostPerScan
      path: /JSON/ascan/action/setOptionHostPerScan/
      operations:
      - name: ascanactionsetoptionhostperscan
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionInjectPluginIdInHeader
      path: /JSON/ascan/action/setOptionInjectPluginIdInHeader/
      operations:
      - name: ascanactionsetoptioninjectpluginidinheader
        method: GET
        description: Sets whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the
          ID of the scan rule that's sending the requests.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionMaxAlertsPerRule
      path: /JSON/ascan/action/setOptionMaxAlertsPerRule/
      operations:
      - name: ascanactionsetoptionmaxalertsperrule
        method: GET
        description: Sets the maximum number of alerts that a rule can raise before being skipped.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionMaxChartTimeInMins
      path: /JSON/ascan/action/setOptionMaxChartTimeInMins/
      operations:
      - name: ascanactionsetoptionmaxcharttimeinmins
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionMaxResultsToList
      path: /JSON/ascan/action/setOptionMaxResultsToList/
      operations:
      - name: ascanactionsetoptionmaxresultstolist
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionMaxRuleDurationInMins
      path: /JSON/ascan/action/setOptionMaxRuleDurationInMins/
      operations:
      - name: ascanactionsetoptionmaxruledurationinmins
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionMaxScanDurationInMins
      path: /JSON/ascan/action/setOptionMaxScanDurationInMins/
      operations:
      - name: ascanactionsetoptionmaxscandurationinmins
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionMaxScansInUI
      path: /JSON/ascan/action/setOptionMaxScansInUI/
      operations:
      - name: ascanactionsetoptionmaxscansinui
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionPromptInAttackMode
      path: /JSON/ascan/action/setOptionPromptInAttackMode/
      operations:
      - name: ascanactionsetoptionpromptinattackmode
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionPromptToClearFinishedScans
      path: /JSON/ascan/action/setOptionPromptToClearFinishedScans/
      operations:
      - name: ascanactionsetoptionprompttoclearfinishedscans
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionRescanInAttackMode
      path: /JSON/ascan/action/setOptionRescanInAttackMode/
      operations:
      - name: ascanactionsetoptionrescaninattackmode
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionScanHeadersAllRequests
      path: /JSON/ascan/action/setOptionScanHeadersAllRequests/
      operations:
      - name: ascanactionsetoptionscanheadersallrequests
        method: GET
        description: Sets whether or not the HTTP Headers of all requests should be scanned. Not just requests that send parameters,
          through the query or request body.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionScanNullJsonValues
      path: /JSON/ascan/action/setOptionScanNullJsonValues/
      operations:
      - name: ascanactionsetoptionscannulljsonvalues
        method: GET
        description: Sets whether or not the active scanner should scan null JSON values.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionShowAdvancedDialog
      path: /JSON/ascan/action/setOptionShowAdvancedDialog/
      operations:
      - name: ascanactionsetoptionshowadvanceddialog
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionTargetParamsEnabledRPC
      path: /JSON/ascan/action/setOptionTargetParamsEnabledRPC/
      operations:
      - name: ascanactionsetoptiontargetparamsenabledrpc
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionTargetParamsInjectable
      path: /JSON/ascan/action/setOptionTargetParamsInjectable/
      operations:
      - name: ascanactionsetoptiontargetparamsinjectable
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setOptionThreadPerHost
      path: /JSON/ascan/action/setOptionThreadPerHost/
      operations:
      - name: ascanactionsetoptionthreadperhost
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setPolicyAlertThreshold
      path: /JSON/ascan/action/setPolicyAlertThreshold/
      operations:
      - name: ascanactionsetpolicyalertthreshold
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setPolicyAttackStrength
      path: /JSON/ascan/action/setPolicyAttackStrength/
      operations:
      - name: ascanactionsetpolicyattackstrength
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setScannerAlertThreshold
      path: /JSON/ascan/action/setScannerAlertThreshold/
      operations:
      - name: ascanactionsetscanneralertthreshold
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-setScannerAttackStrength
      path: /JSON/ascan/action/setScannerAttackStrength/
      operations:
      - name: ascanactionsetscannerattackstrength
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-skipScanner
      path: /JSON/ascan/action/skipScanner/
      operations:
      - name: ascanactionskipscanner
        method: GET
        description: Skips the scan rule using the given IDs of the scan and the scan rule.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-stop
      path: /JSON/ascan/action/stop/
      operations:
      - name: ascanactionstop
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-stopAllScans
      path: /JSON/ascan/action/stopAllScans/
      operations:
      - name: ascanactionstopallscans
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-action-updateScanPolicy
      path: /JSON/ascan/action/updateScanPolicy/
      operations:
      - name: ascanactionupdatescanpolicy
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-alertsIds
      path: /JSON/ascan/view/alertsIds/
      operations:
      - name: ascanviewalertsids
        method: GET
        description: Gets the IDs of the alerts raised during the scan with the given ID. An alert can be obtained with 'alert'
          core view.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-attackModeQueue
      path: /JSON/ascan/view/attackModeQueue/
      operations:
      - name: ascanviewattackmodequeue
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-excludedFromScan
      path: /JSON/ascan/view/excludedFromScan/
      operations:
      - name: ascanviewexcludedfromscan
        method: GET
        description: Gets the regexes of URLs excluded from the active scans.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-excludedParamTypes
      path: /JSON/ascan/view/excludedParamTypes/
      operations:
      - name: ascanviewexcludedparamtypes
        method: GET
        description: 'Gets all the types of excluded parameters. For each type the following are shown: the ID and the name.'
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-excludedParams
      path: /JSON/ascan/view/excludedParams/
      operations:
      - name: ascanviewexcludedparams
        method: GET
        description: 'Gets all the parameters that are excluded. For each parameter the following are shown: the name, the
          URL, and the parameter type.'
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-messagesIds
      path: /JSON/ascan/view/messagesIds/
      operations:
      - name: ascanviewmessagesids
        method: GET
        description: Gets the IDs of the messages sent during the scan with the given ID. A message can be obtained with 'message'
          core view.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionAddQueryParam
      path: /JSON/ascan/view/optionAddQueryParam/
      operations:
      - name: ascanviewoptionaddqueryparam
        method: GET
        description: Tells whether or not the active scanner should add a query parameter to GET request that don't have parameters
          to start with.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionAllowAttackOnStart
      path: /JSON/ascan/view/optionAllowAttackOnStart/
      operations:
      - name: ascanviewoptionallowattackonstart
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionAttackPolicy
      path: /JSON/ascan/view/optionAttackPolicy/
      operations:
      - name: ascanviewoptionattackpolicy
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionDefaultPolicy
      path: /JSON/ascan/view/optionDefaultPolicy/
      operations:
      - name: ascanviewoptiondefaultpolicy
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionDelayInMs
      path: /JSON/ascan/view/optionDelayInMs/
      operations:
      - name: ascanviewoptiondelayinms
        method: GET
        description: This option has been superseded. Use the API rate limit endpoints in the 'network' component instead.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionEncodeCookieValues
      path: /JSON/ascan/view/optionEncodeCookieValues/
      operations:
      - name: ascanviewoptionencodecookievalues
        method: GET
        description: Tells whether or not the active scanner should encode cookie values.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionExcludedParamList
      path: /JSON/ascan/view/optionExcludedParamList/
      operations:
      - name: ascanviewoptionexcludedparamlist
        method: GET
        description: Use view excludedParams instead.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionHandleAntiCSRFTokens
      path: /JSON/ascan/view/optionHandleAntiCSRFTokens/
      operations:
      - name: ascanviewoptionhandleanticsrftokens
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionHostPerScan
      path: /JSON/ascan/view/optionHostPerScan/
      operations:
      - name: ascanviewoptionhostperscan
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionInjectPluginIdInHeader
      path: /JSON/ascan/view/optionInjectPluginIdInHeader/
      operations:
      - name: ascanviewoptioninjectpluginidinheader
        method: GET
        description: Tells whether or not the active scanner should inject the HTTP request header X-ZAP-Scan-ID, with the
          ID of the scan rule that's sending the requests.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionMaxAlertsPerRule
      path: /JSON/ascan/view/optionMaxAlertsPerRule/
      operations:
      - name: ascanviewoptionmaxalertsperrule
        method: GET
        description: Gets the maximum number of alerts that a rule can raise before being skipped.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionMaxChartTimeInMins
      path: /JSON/ascan/view/optionMaxChartTimeInMins/
      operations:
      - name: ascanviewoptionmaxcharttimeinmins
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionMaxResultsToList
      path: /JSON/ascan/view/optionMaxResultsToList/
      operations:
      - name: ascanviewoptionmaxresultstolist
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionMaxRuleDurationInMins
      path: /JSON/ascan/view/optionMaxRuleDurationInMins/
      operations:
      - name: ascanviewoptionmaxruledurationinmins
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionMaxScanDurationInMins
      path: /JSON/ascan/view/optionMaxScanDurationInMins/
      operations:
      - name: ascanviewoptionmaxscandurationinmins
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionMaxScansInUI
      path: /JSON/ascan/view/optionMaxScansInUI/
      operations:
      - name: ascanviewoptionmaxscansinui
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionPromptInAttackMode
      path: /JSON/ascan/view/optionPromptInAttackMode/
      operations:
      - name: ascanviewoptionpromptinattackmode
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionPromptToClearFinishedScans
      path: /JSON/ascan/view/optionPromptToClearFinishedScans/
      operations:
      - name: ascanviewoptionprompttoclearfinishedscans
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionRescanInAttackMode
      path: /JSON/ascan/view/optionRescanInAttackMode/
      operations:
      - name: ascanviewoptionrescaninattackmode
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionScanHeadersAllRequests
      path: /JSON/ascan/view/optionScanHeadersAllRequests/
      operations:
      - name: ascanviewoptionscanheadersallrequests
        method: GET
        description: Tells whether or not the HTTP Headers of all requests should be scanned. Not just requests that send
          parameters, through the query or request body.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionScanNullJsonValues
      path: /JSON/ascan/view/optionScanNullJsonValues/
      operations:
      - name: ascanviewoptionscannulljsonvalues
        method: GET
        description: Tells whether or not the active scanner should scan null JSON values.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionShowAdvancedDialog
      path: /JSON/ascan/view/optionShowAdvancedDialog/
      operations:
      - name: ascanviewoptionshowadvanceddialog
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionTargetParamsEnabledRPC
      path: /JSON/ascan/view/optionTargetParamsEnabledRPC/
      operations:
      - name: ascanviewoptiontargetparamsenabledrpc
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionTargetParamsInjectable
      path: /JSON/ascan/view/optionTargetParamsInjectable/
      operations:
      - name: ascanviewoptiontargetparamsinjectable
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-optionThreadPerHost
      path: /JSON/ascan/view/optionThreadPerHost/
      operations:
      - name: ascanviewoptionthreadperhost
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-policies
      path: /JSON/ascan/view/policies/
      operations:
      - name: ascanviewpolicies
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-ascan-view-scanPolicyNames
      path: /JSON/ascan/view/scanPolicyNames/
     

# --- truncated at 32 KB (105 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/owasp-zap/refs/heads/main/capabilities/owasp-zap-ascan.yaml