OWASP ZAP · Capability

ZAP API — pscan

ZAP API — pscan. 17 operations. Lead operation: pscan. Self-contained Naftiko capability covering one Owasp Zap business surface.

Run with Naftiko Owasp Zappscan

What You Can Do

GET
Pscanactionclearqueue — Clears the passive scan queue.
/v1/json/pscan/action/clearqueue
GET
Pscanactiondisableallscanners — Disables all passive scan rules.
/v1/json/pscan/action/disableallscanners
GET
Pscanactiondisablealltags — Disables all passive scan tags.
/v1/json/pscan/action/disablealltags
GET
Pscanactiondisablescanners — Disables passive scan rules.
/v1/json/pscan/action/disablescanners
GET
Pscanactionenableallscanners — Enables all passive scan rules.
/v1/json/pscan/action/enableallscanners
GET
Pscanactionenablealltags — Enables all passive scan tags.
/v1/json/pscan/action/enablealltags
GET
Pscanactionenablescanners — Enables passive scan rules.
/v1/json/pscan/action/enablescanners
GET
Pscanactionsetenabled — Sets whether or not the passive scanning is enabled (Note: the enabled state is not persisted).
/v1/json/pscan/action/setenabled
GET
Pscanactionsetmaxalertsperrule — Sets the maximum number of alerts a passive scan rule can raise.
/v1/json/pscan/action/setmaxalertsperrule
GET
Pscanactionsetscanonlyinscope — Sets whether or not the passive scan should be performed only on messages that are in scope.
/v1/json/pscan/action/setscanonlyinscope
GET
Pscanactionsetscanneralertthreshold — Sets the alert threshold of a passive scan rule.
/v1/json/pscan/action/setscanneralertthreshold
GET
Pscanviewcurrentrule — Use the currentTasks view instead.
/v1/json/pscan/view/currentrule
GET
Pscanviewcurrenttasks — Shows information about the passive scan tasks currently being run (if any).
/v1/json/pscan/view/currenttasks
GET
Pscanviewmaxalertsperrule — Gets the maximum number of alerts a passive scan rule should raise.
/v1/json/pscan/view/maxalertsperrule
GET
Pscanviewrecordstoscan — The number of records the passive scanner still has to scan.
/v1/json/pscan/view/recordstoscan
GET
Pscanviewscanonlyinscope — Tells whether or not the passive scan should be performed only on messages that are in scope.
/v1/json/pscan/view/scanonlyinscope
GET
Pscanviewscanners — Lists all passive scan rules with their ID, name, enabled state, and alert threshold.
/v1/json/pscan/view/scanners

MCP Tools

clears-passive-scan-queue

Clears the passive scan queue.

read-only idempotent
disables-all-passive-scan-rules

Disables all passive scan rules.

read-only idempotent
disables-all-passive-scan-tags

Disables all passive scan tags.

read-only idempotent
disables-passive-scan-rules

Disables passive scan rules.

read-only idempotent
enables-all-passive-scan-rules

Enables all passive scan rules.

read-only idempotent
enables-all-passive-scan-tags

Enables all passive scan tags.

read-only idempotent
enables-passive-scan-rules

Enables passive scan rules.

read-only idempotent
sets-whether-not-passive-scanning

Sets whether or not the passive scanning is enabled (Note: the enabled state is not persisted).

read-only idempotent
sets-maximum-number-alerts-passive

Sets the maximum number of alerts a passive scan rule can raise.

read-only idempotent
sets-whether-not-passive-scan

Sets whether or not the passive scan should be performed only on messages that are in scope.

read-only idempotent
sets-alert-threshold-passive-scan

Sets the alert threshold of a passive scan rule.

read-only idempotent
use-currenttasks-view-instead

Use the currentTasks view instead.

read-only idempotent
shows-information-about-passive-scan

Shows information about the passive scan tasks currently being run (if any).

read-only idempotent
gets-maximum-number-alerts-passive

Gets the maximum number of alerts a passive scan rule should raise.

read-only idempotent
number-records-passive-scanner-still

The number of records the passive scanner still has to scan.

read-only idempotent
tells-whether-not-passive-scan

Tells whether or not the passive scan should be performed only on messages that are in scope.

read-only idempotent
lists-all-passive-scan-rules

Lists all passive scan rules with their ID, name, enabled state, and alert threshold.

read-only idempotent

Capability Spec

owasp-zap-pscan.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: ZAP API — pscan
  description: 'ZAP API — pscan. 17 operations. Lead operation: pscan. Self-contained Naftiko capability covering one Owasp
    Zap business surface.'
  tags:
  - Owasp Zap
  - pscan
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    OWASP_ZAP_API_KEY: OWASP_ZAP_API_KEY
capability:
  consumes:
  - type: http
    namespace: owasp-zap-pscan
    baseUri: http://zap
    description: ZAP API — pscan business capability. Self-contained, no shared references.
    resources:
    - name: JSON-pscan-action-clearQueue
      path: /JSON/pscan/action/clearQueue/
      operations:
      - name: pscanactionclearqueue
        method: GET
        description: Clears the passive scan queue.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-pscan-action-disableAllScanners
      path: /JSON/pscan/action/disableAllScanners/
      operations:
      - name: pscanactiondisableallscanners
        method: GET
        description: Disables all passive scan rules.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-pscan-action-disableAllTags
      path: /JSON/pscan/action/disableAllTags/
      operations:
      - name: pscanactiondisablealltags
        method: GET
        description: Disables all passive scan tags.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-pscan-action-disableScanners
      path: /JSON/pscan/action/disableScanners/
      operations:
      - name: pscanactiondisablescanners
        method: GET
        description: Disables passive scan rules.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-pscan-action-enableAllScanners
      path: /JSON/pscan/action/enableAllScanners/
      operations:
      - name: pscanactionenableallscanners
        method: GET
        description: Enables all passive scan rules.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-pscan-action-enableAllTags
      path: /JSON/pscan/action/enableAllTags/
      operations:
      - name: pscanactionenablealltags
        method: GET
        description: Enables all passive scan tags.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-pscan-action-enableScanners
      path: /JSON/pscan/action/enableScanners/
      operations:
      - name: pscanactionenablescanners
        method: GET
        description: Enables passive scan rules.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-pscan-action-setEnabled
      path: /JSON/pscan/action/setEnabled/
      operations:
      - name: pscanactionsetenabled
        method: GET
        description: 'Sets whether or not the passive scanning is enabled (Note: the enabled state is not persisted).'
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-pscan-action-setMaxAlertsPerRule
      path: /JSON/pscan/action/setMaxAlertsPerRule/
      operations:
      - name: pscanactionsetmaxalertsperrule
        method: GET
        description: Sets the maximum number of alerts a passive scan rule can raise.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-pscan-action-setScanOnlyInScope
      path: /JSON/pscan/action/setScanOnlyInScope/
      operations:
      - name: pscanactionsetscanonlyinscope
        method: GET
        description: Sets whether or not the passive scan should be performed only on messages that are in scope.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-pscan-action-setScannerAlertThreshold
      path: /JSON/pscan/action/setScannerAlertThreshold/
      operations:
      - name: pscanactionsetscanneralertthreshold
        method: GET
        description: Sets the alert threshold of a passive scan rule.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-pscan-view-currentRule
      path: /JSON/pscan/view/currentRule/
      operations:
      - name: pscanviewcurrentrule
        method: GET
        description: Use the currentTasks view instead.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-pscan-view-currentTasks
      path: /JSON/pscan/view/currentTasks/
      operations:
      - name: pscanviewcurrenttasks
        method: GET
        description: Shows information about the passive scan tasks currently being run (if any).
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-pscan-view-maxAlertsPerRule
      path: /JSON/pscan/view/maxAlertsPerRule/
      operations:
      - name: pscanviewmaxalertsperrule
        method: GET
        description: Gets the maximum number of alerts a passive scan rule should raise.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-pscan-view-recordsToScan
      path: /JSON/pscan/view/recordsToScan/
      operations:
      - name: pscanviewrecordstoscan
        method: GET
        description: The number of records the passive scanner still has to scan.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-pscan-view-scanOnlyInScope
      path: /JSON/pscan/view/scanOnlyInScope/
      operations:
      - name: pscanviewscanonlyinscope
        method: GET
        description: Tells whether or not the passive scan should be performed only on messages that are in scope.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-pscan-view-scanners
      path: /JSON/pscan/view/scanners/
      operations:
      - name: pscanviewscanners
        method: GET
        description: Lists all passive scan rules with their ID, name, enabled state, and alert threshold.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    authentication:
      type: apikey
      key: X-ZAP-API-Key
      value: '{{env.OWASP_ZAP_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: owasp-zap-pscan-rest
    port: 8080
    description: REST adapter for ZAP API — pscan. One Spectral-compliant resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/json/pscan/action/clearqueue
      name: json-pscan-action-clearqueue
      description: REST surface for JSON-pscan-action-clearQueue.
      operations:
      - method: GET
        name: pscanactionclearqueue
        description: Clears the passive scan queue.
        call: owasp-zap-pscan.pscanactionclearqueue
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/pscan/action/disableallscanners
      name: json-pscan-action-disableallscanners
      description: REST surface for JSON-pscan-action-disableAllScanners.
      operations:
      - method: GET
        name: pscanactiondisableallscanners
        description: Disables all passive scan rules.
        call: owasp-zap-pscan.pscanactiondisableallscanners
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/pscan/action/disablealltags
      name: json-pscan-action-disablealltags
      description: REST surface for JSON-pscan-action-disableAllTags.
      operations:
      - method: GET
        name: pscanactiondisablealltags
        description: Disables all passive scan tags.
        call: owasp-zap-pscan.pscanactiondisablealltags
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/pscan/action/disablescanners
      name: json-pscan-action-disablescanners
      description: REST surface for JSON-pscan-action-disableScanners.
      operations:
      - method: GET
        name: pscanactiondisablescanners
        description: Disables passive scan rules.
        call: owasp-zap-pscan.pscanactiondisablescanners
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/pscan/action/enableallscanners
      name: json-pscan-action-enableallscanners
      description: REST surface for JSON-pscan-action-enableAllScanners.
      operations:
      - method: GET
        name: pscanactionenableallscanners
        description: Enables all passive scan rules.
        call: owasp-zap-pscan.pscanactionenableallscanners
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/pscan/action/enablealltags
      name: json-pscan-action-enablealltags
      description: REST surface for JSON-pscan-action-enableAllTags.
      operations:
      - method: GET
        name: pscanactionenablealltags
        description: Enables all passive scan tags.
        call: owasp-zap-pscan.pscanactionenablealltags
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/pscan/action/enablescanners
      name: json-pscan-action-enablescanners
      description: REST surface for JSON-pscan-action-enableScanners.
      operations:
      - method: GET
        name: pscanactionenablescanners
        description: Enables passive scan rules.
        call: owasp-zap-pscan.pscanactionenablescanners
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/pscan/action/setenabled
      name: json-pscan-action-setenabled
      description: REST surface for JSON-pscan-action-setEnabled.
      operations:
      - method: GET
        name: pscanactionsetenabled
        description: 'Sets whether or not the passive scanning is enabled (Note: the enabled state is not persisted).'
        call: owasp-zap-pscan.pscanactionsetenabled
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/pscan/action/setmaxalertsperrule
      name: json-pscan-action-setmaxalertsperrule
      description: REST surface for JSON-pscan-action-setMaxAlertsPerRule.
      operations:
      - method: GET
        name: pscanactionsetmaxalertsperrule
        description: Sets the maximum number of alerts a passive scan rule can raise.
        call: owasp-zap-pscan.pscanactionsetmaxalertsperrule
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/pscan/action/setscanonlyinscope
      name: json-pscan-action-setscanonlyinscope
      description: REST surface for JSON-pscan-action-setScanOnlyInScope.
      operations:
      - method: GET
        name: pscanactionsetscanonlyinscope
        description: Sets whether or not the passive scan should be performed only on messages that are in scope.
        call: owasp-zap-pscan.pscanactionsetscanonlyinscope
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/pscan/action/setscanneralertthreshold
      name: json-pscan-action-setscanneralertthreshold
      description: REST surface for JSON-pscan-action-setScannerAlertThreshold.
      operations:
      - method: GET
        name: pscanactionsetscanneralertthreshold
        description: Sets the alert threshold of a passive scan rule.
        call: owasp-zap-pscan.pscanactionsetscanneralertthreshold
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/pscan/view/currentrule
      name: json-pscan-view-currentrule
      description: REST surface for JSON-pscan-view-currentRule.
      operations:
      - method: GET
        name: pscanviewcurrentrule
        description: Use the currentTasks view instead.
        call: owasp-zap-pscan.pscanviewcurrentrule
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/pscan/view/currenttasks
      name: json-pscan-view-currenttasks
      description: REST surface for JSON-pscan-view-currentTasks.
      operations:
      - method: GET
        name: pscanviewcurrenttasks
        description: Shows information about the passive scan tasks currently being run (if any).
        call: owasp-zap-pscan.pscanviewcurrenttasks
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/pscan/view/maxalertsperrule
      name: json-pscan-view-maxalertsperrule
      description: REST surface for JSON-pscan-view-maxAlertsPerRule.
      operations:
      - method: GET
        name: pscanviewmaxalertsperrule
        description: Gets the maximum number of alerts a passive scan rule should raise.
        call: owasp-zap-pscan.pscanviewmaxalertsperrule
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/pscan/view/recordstoscan
      name: json-pscan-view-recordstoscan
      description: REST surface for JSON-pscan-view-recordsToScan.
      operations:
      - method: GET
        name: pscanviewrecordstoscan
        description: The number of records the passive scanner still has to scan.
        call: owasp-zap-pscan.pscanviewrecordstoscan
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/pscan/view/scanonlyinscope
      name: json-pscan-view-scanonlyinscope
      description: REST surface for JSON-pscan-view-scanOnlyInScope.
      operations:
      - method: GET
        name: pscanviewscanonlyinscope
        description: Tells whether or not the passive scan should be performed only on messages that are in scope.
        call: owasp-zap-pscan.pscanviewscanonlyinscope
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/pscan/view/scanners
      name: json-pscan-view-scanners
      description: REST surface for JSON-pscan-view-scanners.
      operations:
      - method: GET
        name: pscanviewscanners
        description: Lists all passive scan rules with their ID, name, enabled state, and alert threshold.
        call: owasp-zap-pscan.pscanviewscanners
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: owasp-zap-pscan-mcp
    port: 9090
    transport: http
    description: MCP adapter for ZAP API — pscan. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: clears-passive-scan-queue
      description: Clears the passive scan queue.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanactionclearqueue
      outputParameters:
      - type: object
        mapping: $.
    - name: disables-all-passive-scan-rules
      description: Disables all passive scan rules.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanactiondisableallscanners
      outputParameters:
      - type: object
        mapping: $.
    - name: disables-all-passive-scan-tags
      description: Disables all passive scan tags.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanactiondisablealltags
      outputParameters:
      - type: object
        mapping: $.
    - name: disables-passive-scan-rules
      description: Disables passive scan rules.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanactiondisablescanners
      outputParameters:
      - type: object
        mapping: $.
    - name: enables-all-passive-scan-rules
      description: Enables all passive scan rules.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanactionenableallscanners
      outputParameters:
      - type: object
        mapping: $.
    - name: enables-all-passive-scan-tags
      description: Enables all passive scan tags.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanactionenablealltags
      outputParameters:
      - type: object
        mapping: $.
    - name: enables-passive-scan-rules
      description: Enables passive scan rules.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanactionenablescanners
      outputParameters:
      - type: object
        mapping: $.
    - name: sets-whether-not-passive-scanning
      description: 'Sets whether or not the passive scanning is enabled (Note: the enabled state is not persisted).'
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanactionsetenabled
      outputParameters:
      - type: object
        mapping: $.
    - name: sets-maximum-number-alerts-passive
      description: Sets the maximum number of alerts a passive scan rule can raise.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanactionsetmaxalertsperrule
      outputParameters:
      - type: object
        mapping: $.
    - name: sets-whether-not-passive-scan
      description: Sets whether or not the passive scan should be performed only on messages that are in scope.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanactionsetscanonlyinscope
      outputParameters:
      - type: object
        mapping: $.
    - name: sets-alert-threshold-passive-scan
      description: Sets the alert threshold of a passive scan rule.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanactionsetscanneralertthreshold
      outputParameters:
      - type: object
        mapping: $.
    - name: use-currenttasks-view-instead
      description: Use the currentTasks view instead.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanviewcurrentrule
      outputParameters:
      - type: object
        mapping: $.
    - name: shows-information-about-passive-scan
      description: Shows information about the passive scan tasks currently being run (if any).
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanviewcurrenttasks
      outputParameters:
      - type: object
        mapping: $.
    - name: gets-maximum-number-alerts-passive
      description: Gets the maximum number of alerts a passive scan rule should raise.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanviewmaxalertsperrule
      outputParameters:
      - type: object
        mapping: $.
    - name: number-records-passive-scanner-still
      description: The number of records the passive scanner still has to scan.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanviewrecordstoscan
      outputParameters:
      - type: object
        mapping: $.
    - name: tells-whether-not-passive-scan
      description: Tells whether or not the passive scan should be performed only on messages that are in scope.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanviewscanonlyinscope
      outputParameters:
      - type: object
        mapping: $.
    - name: lists-all-passive-scan-rules
      description: Lists all passive scan rules with their ID, name, enabled state, and alert threshold.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-pscan.pscanviewscanners
      outputParameters:
      - type: object
        mapping: $.