OWASP ZAP · Capability

ZAP API — exim

ZAP API — exim. 9 operations. Lead operation: exim. Self-contained Naftiko capability covering one Owasp Zap business surface.

Run with Naftiko Owasp Zapexim

What You Can Do

GET
Eximactionexportsitestree — Exports the Sites Tree in the Sites Tree YAML format.
/v1/json/exim/action/exportsitestree
GET
Eximactionimporthar — Imports a HAR file.
/v1/json/exim/action/importhar
GET
Eximactionimportmodsec2logs — Imports ModSecurity2 logs from the file with the given file system path.
/v1/json/exim/action/importmodsec2logs
GET
Eximactionimporturls — Imports URLs (one per line) from the file with the given file system path.
/v1/json/exim/action/importurls
GET
Eximactionimportzaplogs — Imports previously exported ZAP messages from the file with the given file system path.
/v1/json/exim/action/importzaplogs
GET
Eximactionprunesitestree — Prunes the Sites Tree based on a file in the Sites Tree YAML format.
/v1/json/exim/action/prunesitestree
GET
Eximotherexporthar — Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages
/v1/other/exim/other/exporthar
GET
Eximotherexportharbyid — Gets the HTTP messages with the given IDs, in HAR format.
/v1/other/exim/other/exportharbyid
GET
Eximothersendharrequest — Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirection
/v1/other/exim/other/sendharrequest

MCP Tools

exports-sites-tree-sites-tree

Exports the Sites Tree in the Sites Tree YAML format.

read-only idempotent
imports-har-file

Imports a HAR file.

read-only idempotent
imports-modsecurity2-logs-file-given

Imports ModSecurity2 logs from the file with the given file system path.

read-only idempotent
imports-urls-one-per-line

Imports URLs (one per line) from the file with the given file system path.

read-only idempotent
imports-previously-exported-zap-messages

Imports previously exported ZAP messages from the file with the given file system path.

read-only idempotent
prunes-sites-tree-based-file

Prunes the Sites Tree based on a file in the Sites Tree YAML format.

read-only idempotent
gets-http-messages-sent-through

Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages

read-only idempotent
gets-http-messages-given-ids

Gets the HTTP messages with the given IDs, in HAR format.

read-only idempotent
sends-first-har-request-entry

Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirection

read-only idempotent

Capability Spec

owasp-zap-exim.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: ZAP API — exim
  description: 'ZAP API — exim. 9 operations. Lead operation: exim. Self-contained Naftiko capability covering one Owasp Zap
    business surface.'
  tags:
  - Owasp Zap
  - exim
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    OWASP_ZAP_API_KEY: OWASP_ZAP_API_KEY
capability:
  consumes:
  - type: http
    namespace: owasp-zap-exim
    baseUri: http://zap
    description: ZAP API — exim business capability. Self-contained, no shared references.
    resources:
    - name: JSON-exim-action-exportSitesTree
      path: /JSON/exim/action/exportSitesTree/
      operations:
      - name: eximactionexportsitestree
        method: GET
        description: Exports the Sites Tree in the Sites Tree YAML format.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-exim-action-importHar
      path: /JSON/exim/action/importHar/
      operations:
      - name: eximactionimporthar
        method: GET
        description: Imports a HAR file.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-exim-action-importModsec2Logs
      path: /JSON/exim/action/importModsec2Logs/
      operations:
      - name: eximactionimportmodsec2logs
        method: GET
        description: Imports ModSecurity2 logs from the file with the given file system path.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-exim-action-importUrls
      path: /JSON/exim/action/importUrls/
      operations:
      - name: eximactionimporturls
        method: GET
        description: Imports URLs (one per line) from the file with the given file system path.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-exim-action-importZapLogs
      path: /JSON/exim/action/importZapLogs/
      operations:
      - name: eximactionimportzaplogs
        method: GET
        description: Imports previously exported ZAP messages from the file with the given file system path.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-exim-action-pruneSitesTree
      path: /JSON/exim/action/pruneSitesTree/
      operations:
      - name: eximactionprunesitestree
        method: GET
        description: Prunes the Sites Tree based on a file in the Sites Tree YAML format.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: OTHER-exim-other-exportHar
      path: /OTHER/exim/other/exportHar/
      operations:
      - name: eximotherexporthar
        method: GET
        description: Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with
          'start' position and 'count' of messages
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: OTHER-exim-other-exportHarById
      path: /OTHER/exim/other/exportHarById/
      operations:
      - name: eximotherexportharbyid
        method: GET
        description: Gets the HTTP messages with the given IDs, in HAR format.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: OTHER-exim-other-sendHarRequest
      path: /OTHER/exim/other/sendHarRequest/
      operations:
      - name: eximothersendharrequest
        method: GET
        description: Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request
          sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and
          following redirection
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    authentication:
      type: apikey
      key: X-ZAP-API-Key
      value: '{{env.OWASP_ZAP_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: owasp-zap-exim-rest
    port: 8080
    description: REST adapter for ZAP API — exim. One Spectral-compliant resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/json/exim/action/exportsitestree
      name: json-exim-action-exportsitestree
      description: REST surface for JSON-exim-action-exportSitesTree.
      operations:
      - method: GET
        name: eximactionexportsitestree
        description: Exports the Sites Tree in the Sites Tree YAML format.
        call: owasp-zap-exim.eximactionexportsitestree
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/exim/action/importhar
      name: json-exim-action-importhar
      description: REST surface for JSON-exim-action-importHar.
      operations:
      - method: GET
        name: eximactionimporthar
        description: Imports a HAR file.
        call: owasp-zap-exim.eximactionimporthar
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/exim/action/importmodsec2logs
      name: json-exim-action-importmodsec2logs
      description: REST surface for JSON-exim-action-importModsec2Logs.
      operations:
      - method: GET
        name: eximactionimportmodsec2logs
        description: Imports ModSecurity2 logs from the file with the given file system path.
        call: owasp-zap-exim.eximactionimportmodsec2logs
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/exim/action/importurls
      name: json-exim-action-importurls
      description: REST surface for JSON-exim-action-importUrls.
      operations:
      - method: GET
        name: eximactionimporturls
        description: Imports URLs (one per line) from the file with the given file system path.
        call: owasp-zap-exim.eximactionimporturls
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/exim/action/importzaplogs
      name: json-exim-action-importzaplogs
      description: REST surface for JSON-exim-action-importZapLogs.
      operations:
      - method: GET
        name: eximactionimportzaplogs
        description: Imports previously exported ZAP messages from the file with the given file system path.
        call: owasp-zap-exim.eximactionimportzaplogs
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/exim/action/prunesitestree
      name: json-exim-action-prunesitestree
      description: REST surface for JSON-exim-action-pruneSitesTree.
      operations:
      - method: GET
        name: eximactionprunesitestree
        description: Prunes the Sites Tree based on a file in the Sites Tree YAML format.
        call: owasp-zap-exim.eximactionprunesitestree
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/other/exim/other/exporthar
      name: other-exim-other-exporthar
      description: REST surface for OTHER-exim-other-exportHar.
      operations:
      - method: GET
        name: eximotherexporthar
        description: Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with
          'start' position and 'count' of messages
        call: owasp-zap-exim.eximotherexporthar
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/other/exim/other/exportharbyid
      name: other-exim-other-exportharbyid
      description: REST surface for OTHER-exim-other-exportHarById.
      operations:
      - method: GET
        name: eximotherexportharbyid
        description: Gets the HTTP messages with the given IDs, in HAR format.
        call: owasp-zap-exim.eximotherexportharbyid
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/other/exim/other/sendharrequest
      name: other-exim-other-sendharrequest
      description: REST surface for OTHER-exim-other-sendHarRequest.
      operations:
      - method: GET
        name: eximothersendharrequest
        description: Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request
          sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and
          following redirection
        call: owasp-zap-exim.eximothersendharrequest
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: owasp-zap-exim-mcp
    port: 9090
    transport: http
    description: MCP adapter for ZAP API — exim. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: exports-sites-tree-sites-tree
      description: Exports the Sites Tree in the Sites Tree YAML format.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-exim.eximactionexportsitestree
      outputParameters:
      - type: object
        mapping: $.
    - name: imports-har-file
      description: Imports a HAR file.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-exim.eximactionimporthar
      outputParameters:
      - type: object
        mapping: $.
    - name: imports-modsecurity2-logs-file-given
      description: Imports ModSecurity2 logs from the file with the given file system path.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-exim.eximactionimportmodsec2logs
      outputParameters:
      - type: object
        mapping: $.
    - name: imports-urls-one-per-line
      description: Imports URLs (one per line) from the file with the given file system path.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-exim.eximactionimporturls
      outputParameters:
      - type: object
        mapping: $.
    - name: imports-previously-exported-zap-messages
      description: Imports previously exported ZAP messages from the file with the given file system path.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-exim.eximactionimportzaplogs
      outputParameters:
      - type: object
        mapping: $.
    - name: prunes-sites-tree-based-file
      description: Prunes the Sites Tree based on a file in the Sites Tree YAML format.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-exim.eximactionprunesitestree
      outputParameters:
      - type: object
        mapping: $.
    - name: gets-http-messages-sent-through
      description: Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with
        'start' position and 'count' of messages
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-exim.eximotherexporthar
      outputParameters:
      - type: object
        mapping: $.
    - name: gets-http-messages-given-ids
      description: Gets the HTTP messages with the given IDs, in HAR format.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-exim.eximotherexportharbyid
      outputParameters:
      - type: object
        mapping: $.
    - name: sends-first-har-request-entry
      description: Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request
        sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following
        redirection
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-exim.eximothersendharrequest
      outputParameters:
      - type: object
        mapping: $.