OWASP ZAP · Capability

ZAP API — spider

ZAP API — spider. 71 operations. Lead operation: spider. Self-contained Naftiko capability covering one Owasp Zap business surface.

Run with Naftiko Owasp Zapspider

What You Can Do

GET
Spideractionadddomainalwaysinscope — Adds a new domain that's always in scope, using the specified value. Optionally sets if the new entry is enabled (default, true) and whether or not the new value is specified as a regex (default, false).
/v1/json/spider/action/adddomainalwaysinscope
GET
Spideractionclearexcludedfromscan — Clears the regexes of URLs excluded from the spider scans.
/v1/json/spider/action/clearexcludedfromscan
GET
Spideractiondisablealldomainsalwaysinscope — Disables all domains that are always in scope.
/v1/json/spider/action/disablealldomainsalwaysinscope
GET
Spideractionenablealldomainsalwaysinscope — Enables all domains that are always in scope.
/v1/json/spider/action/enablealldomainsalwaysinscope
GET
Spideractionexcludefromscan — Adds a regex of URLs that should be excluded from the spider scans.
/v1/json/spider/action/excludefromscan
GET
Spideractionmodifydomainalwaysinscope — Modifies a domain that's always in scope. Allows to modify the value, if enabled or if a regex. The domain is selected with its index, which can be obtained with the view domainsAlwaysInScope.
/v1/json/spider/action/modifydomainalwaysinscope
GET
Spideractionpause — spideractionpause
/v1/json/spider/action/pause
GET
Spideractionpauseallscans — spideractionpauseallscans
/v1/json/spider/action/pauseallscans
GET
Spideractionremoveallscans — spideractionremoveallscans
/v1/json/spider/action/removeallscans
GET
Spideractionremovedomainalwaysinscope — Removes a domain that's always in scope, with the given index. The index can be obtained with the view domainsAlwaysInScope.
/v1/json/spider/action/removedomainalwaysinscope
GET
Spideractionremovescan — spideractionremovescan
/v1/json/spider/action/removescan
GET
Spideractionresume — spideractionresume
/v1/json/spider/action/resume
GET
Spideractionresumeallscans — spideractionresumeallscans
/v1/json/spider/action/resumeallscans
GET
Spideractionscan — Runs the spider against the given URL (or context). Optionally, the 'maxChildren' parameter can be set to limit the number of children scanned, the 'recurse' parameter can be used to prevent the spider from seeding recursively, the paramete
/v1/json/spider/action/scan
GET
Spideractionscanasuser — Runs the spider from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details.
/v1/json/spider/action/scanasuser
GET
Spideractionsetoptionacceptcookies — Sets whether or not a spider process should accept cookies while spidering.
/v1/json/spider/action/setoptionacceptcookies
GET
Spideractionsetoptionhandleodataparametersvisited — spideractionsetoptionhandleodataparametersvisited
/v1/json/spider/action/setoptionhandleodataparametersvisited
GET
Spideractionsetoptionhandleparameters — spideractionsetoptionhandleparameters
/v1/json/spider/action/setoptionhandleparameters
GET
Spideractionsetoptionlogoutavoidance — Sets whether or not the Spider should attempt to avoid logout related paths/functionality.
/v1/json/spider/action/setoptionlogoutavoidance
GET
Spideractionsetoptionmaxchildren — Sets the maximum number of child nodes (per node) that can be crawled, 0 means no limit.
/v1/json/spider/action/setoptionmaxchildren
GET
Spideractionsetoptionmaxdepth — Sets the maximum depth the spider can crawl, 0 for unlimited depth.
/v1/json/spider/action/setoptionmaxdepth
GET
Spideractionsetoptionmaxduration — spideractionsetoptionmaxduration
/v1/json/spider/action/setoptionmaxduration
GET
Spideractionsetoptionmaxparsesizebytes — Sets the maximum size, in bytes, that a response might have to be parsed. This allows the spider to skip big responses/files.
/v1/json/spider/action/setoptionmaxparsesizebytes
GET
Spideractionsetoptionmaxscansinui — spideractionsetoptionmaxscansinui
/v1/json/spider/action/setoptionmaxscansinui
GET
Spideractionsetoptionparsecomments — spideractionsetoptionparsecomments
/v1/json/spider/action/setoptionparsecomments
GET
Spideractionsetoptionparsedsstore — spideractionsetoptionparsedsstore
/v1/json/spider/action/setoptionparsedsstore
GET
Spideractionsetoptionparsegit — spideractionsetoptionparsegit
/v1/json/spider/action/setoptionparsegit
GET
Spideractionsetoptionparserobotstxt — spideractionsetoptionparserobotstxt
/v1/json/spider/action/setoptionparserobotstxt
GET
Spideractionsetoptionparsesvnentries — spideractionsetoptionparsesvnentries
/v1/json/spider/action/setoptionparsesvnentries
GET
Spideractionsetoptionparsesitemapxml — spideractionsetoptionparsesitemapxml
/v1/json/spider/action/setoptionparsesitemapxml
GET
Spideractionsetoptionpostform — spideractionsetoptionpostform
/v1/json/spider/action/setoptionpostform
GET
Spideractionsetoptionprocessform — spideractionsetoptionprocessform
/v1/json/spider/action/setoptionprocessform
GET
Spideractionsetoptionsendrefererheader — Sets whether or not the 'Referer' header should be sent while spidering.
/v1/json/spider/action/setoptionsendrefererheader
GET
Spideractionsetoptionshowadvanceddialog — spideractionsetoptionshowadvanceddialog
/v1/json/spider/action/setoptionshowadvanceddialog
GET
Spideractionsetoptionskipurlstring — spideractionsetoptionskipurlstring
/v1/json/spider/action/setoptionskipurlstring
GET
Spideractionsetoptionthreadcount — spideractionsetoptionthreadcount
/v1/json/spider/action/setoptionthreadcount
GET
Spideractionsetoptionuseragent — spideractionsetoptionuseragent
/v1/json/spider/action/setoptionuseragent
GET
Spideractionstop — spideractionstop
/v1/json/spider/action/stop
GET
Spideractionstopallscans — spideractionstopallscans
/v1/json/spider/action/stopallscans
GET
Spiderviewaddednodes — Returns a list of the names of the nodes added to the Sites tree by the specified scan.
/v1/json/spider/view/addednodes
GET
Spiderviewallurls — Returns a list of unique URLs from the history table based on HTTP messages added by the Spider.
/v1/json/spider/view/allurls
GET
Spiderviewdomainsalwaysinscope — Gets all the domains that are always in scope. For each domain the following are shown: the index, the value (domain), if enabled, and if specified as a regex.
/v1/json/spider/view/domainsalwaysinscope
GET
Spiderviewexcludedfromscan — Gets the regexes of URLs excluded from the spider scans.
/v1/json/spider/view/excludedfromscan
GET
Spiderviewfullresults — spiderviewfullresults
/v1/json/spider/view/fullresults
GET
Spiderviewoptionacceptcookies — Gets whether or not a spider process should accept cookies while spidering.
/v1/json/spider/view/optionacceptcookies
GET
Spiderviewoptiondomainsalwaysinscope — Use view domainsAlwaysInScope instead.
/v1/json/spider/view/optiondomainsalwaysinscope
GET
Spiderviewoptiondomainsalwaysinscopeenabled — Use view domainsAlwaysInScope instead.
/v1/json/spider/view/optiondomainsalwaysinscopeenabled
GET
Spiderviewoptionhandleodataparametersvisited — spiderviewoptionhandleodataparametersvisited
/v1/json/spider/view/optionhandleodataparametersvisited
GET
Spiderviewoptionhandleparameters — spiderviewoptionhandleparameters
/v1/json/spider/view/optionhandleparameters
GET
Spiderviewoptionlogoutavoidance — Gets whether or not the spider should attempt to avoid logout related paths/functionality.
/v1/json/spider/view/optionlogoutavoidance
GET
Spiderviewoptionmaxchildren — Gets the maximum number of child nodes (per node) that can be crawled, 0 means no limit.
/v1/json/spider/view/optionmaxchildren
GET
Spiderviewoptionmaxdepth — Gets the maximum depth the spider can crawl, 0 if unlimited.
/v1/json/spider/view/optionmaxdepth
GET
Spiderviewoptionmaxduration — spiderviewoptionmaxduration
/v1/json/spider/view/optionmaxduration
GET
Spiderviewoptionmaxparsesizebytes — Gets the maximum size, in bytes, that a response might have to be parsed, or 0 for unlimited.
/v1/json/spider/view/optionmaxparsesizebytes
GET
Spiderviewoptionmaxscansinui — spiderviewoptionmaxscansinui
/v1/json/spider/view/optionmaxscansinui
GET
Spiderviewoptionparsecomments — spiderviewoptionparsecomments
/v1/json/spider/view/optionparsecomments
GET
Spiderviewoptionparsedsstore — spiderviewoptionparsedsstore
/v1/json/spider/view/optionparsedsstore
GET
Spiderviewoptionparsegit — spiderviewoptionparsegit
/v1/json/spider/view/optionparsegit
GET
Spiderviewoptionparserobotstxt — spiderviewoptionparserobotstxt
/v1/json/spider/view/optionparserobotstxt
GET
Spiderviewoptionparsesvnentries — spiderviewoptionparsesvnentries
/v1/json/spider/view/optionparsesvnentries
GET
Spiderviewoptionparsesitemapxml — spiderviewoptionparsesitemapxml
/v1/json/spider/view/optionparsesitemapxml
GET
Spiderviewoptionpostform — spiderviewoptionpostform
/v1/json/spider/view/optionpostform
GET
Spiderviewoptionprocessform — spiderviewoptionprocessform
/v1/json/spider/view/optionprocessform
GET
Spiderviewoptionsendrefererheader — Gets whether or not the 'Referer' header should be sent while spidering.
/v1/json/spider/view/optionsendrefererheader
GET
Spiderviewoptionshowadvanceddialog — spiderviewoptionshowadvanceddialog
/v1/json/spider/view/optionshowadvanceddialog
GET
Spiderviewoptionskipurlstring — spiderviewoptionskipurlstring
/v1/json/spider/view/optionskipurlstring
GET
Spiderviewoptionthreadcount — spiderviewoptionthreadcount
/v1/json/spider/view/optionthreadcount
GET
Spiderviewoptionuseragent — spiderviewoptionuseragent
/v1/json/spider/view/optionuseragent
GET
Spiderviewresults — spiderviewresults
/v1/json/spider/view/results
GET
Spiderviewscans — spiderviewscans
/v1/json/spider/view/scans
GET
Spiderviewstatus — spiderviewstatus
/v1/json/spider/view/status

MCP Tools

adds-new-domain-that-s-always

Adds a new domain that's always in scope, using the specified value. Optionally sets if the new entry is enabled (default, true) and whether or not the new value is specified as a regex (default, false).

read-only idempotent
clears-regexes-urls-excluded-spider

Clears the regexes of URLs excluded from the spider scans.

read-only idempotent
disables-all-domains-that-are

Disables all domains that are always in scope.

read-only idempotent
enables-all-domains-that-are

Enables all domains that are always in scope.

read-only idempotent
adds-regex-urls-that-should

Adds a regex of URLs that should be excluded from the spider scans.

read-only idempotent
modifies-domain-that-s-always-scope

Modifies a domain that's always in scope. Allows to modify the value, if enabled or if a regex. The domain is selected with its index, which can be obtained with the view domainsAlwaysInScope.

read-only idempotent
spideractionpause

spideractionpause

read-only idempotent
spideractionpauseallscans

spideractionpauseallscans

read-only idempotent
spideractionremoveallscans

spideractionremoveallscans

read-only idempotent
removes-domain-that-s-always-scope

Removes a domain that's always in scope, with the given index. The index can be obtained with the view domainsAlwaysInScope.

read-only idempotent
spideractionremovescan

spideractionremovescan

read-only idempotent
spideractionresume

spideractionresume

read-only idempotent
spideractionresumeallscans

spideractionresumeallscans

read-only idempotent
runs-spider-against-given-url

Runs the spider against the given URL (or context). Optionally, the 'maxChildren' parameter can be set to limit the number of children scanned, the 'recurse' parameter can be used to prevent the spider from seeding recursively, the paramete

read-only idempotent
runs-spider-perspective-user-obtained

Runs the spider from the perspective of a User, obtained using the given Context ID and User ID. See 'scan' action for more details.

read-only idempotent
sets-whether-not-spider-process

Sets whether or not a spider process should accept cookies while spidering.

read-only idempotent
spideractionsetoptionhandleodataparametersvisited

spideractionsetoptionhandleodataparametersvisited

read-only idempotent
spideractionsetoptionhandleparameters

spideractionsetoptionhandleparameters

read-only idempotent
sets-whether-not-spider-should

Sets whether or not the Spider should attempt to avoid logout related paths/functionality.

read-only idempotent
sets-maximum-number-child-nodes

Sets the maximum number of child nodes (per node) that can be crawled, 0 means no limit.

read-only idempotent
sets-maximum-depth-spider-can

Sets the maximum depth the spider can crawl, 0 for unlimited depth.

read-only idempotent
spideractionsetoptionmaxduration

spideractionsetoptionmaxduration

read-only idempotent
sets-maximum-size-bytes-that

Sets the maximum size, in bytes, that a response might have to be parsed. This allows the spider to skip big responses/files.

read-only idempotent
spideractionsetoptionmaxscansinui

spideractionsetoptionmaxscansinui

read-only idempotent
spideractionsetoptionparsecomments

spideractionsetoptionparsecomments

read-only idempotent
spideractionsetoptionparsedsstore

spideractionsetoptionparsedsstore

read-only idempotent
spideractionsetoptionparsegit

spideractionsetoptionparsegit

read-only idempotent
spideractionsetoptionparserobotstxt

spideractionsetoptionparserobotstxt

read-only idempotent
spideractionsetoptionparsesvnentries

spideractionsetoptionparsesvnentries

read-only idempotent
spideractionsetoptionparsesitemapxml

spideractionsetoptionparsesitemapxml

read-only idempotent
spideractionsetoptionpostform

spideractionsetoptionpostform

read-only idempotent
spideractionsetoptionprocessform

spideractionsetoptionprocessform

read-only idempotent
sets-whether-not-referer-header

Sets whether or not the 'Referer' header should be sent while spidering.

read-only idempotent
spideractionsetoptionshowadvanceddialog

spideractionsetoptionshowadvanceddialog

read-only idempotent
spideractionsetoptionskipurlstring

spideractionsetoptionskipurlstring

read-only idempotent
spideractionsetoptionthreadcount

spideractionsetoptionthreadcount

read-only idempotent
spideractionsetoptionuseragent

spideractionsetoptionuseragent

read-only idempotent
spideractionstop

spideractionstop

read-only idempotent
spideractionstopallscans

spideractionstopallscans

read-only idempotent
returns-list-names-nodes-added

Returns a list of the names of the nodes added to the Sites tree by the specified scan.

read-only idempotent
returns-list-unique-urls-history

Returns a list of unique URLs from the history table based on HTTP messages added by the Spider.

read-only idempotent
gets-all-domains-that-are

Gets all the domains that are always in scope. For each domain the following are shown: the index, the value (domain), if enabled, and if specified as a regex.

read-only idempotent
gets-regexes-urls-excluded-spider

Gets the regexes of URLs excluded from the spider scans.

read-only idempotent
spiderviewfullresults

spiderviewfullresults

read-only idempotent
gets-whether-not-spider-process

Gets whether or not a spider process should accept cookies while spidering.

read-only idempotent
use-view-domainsalwaysinscope-instead

Use view domainsAlwaysInScope instead.

read-only idempotent
use-view-domainsalwaysinscope-instead-2

Use view domainsAlwaysInScope instead.

read-only idempotent
spiderviewoptionhandleodataparametersvisited

spiderviewoptionhandleodataparametersvisited

read-only idempotent
spiderviewoptionhandleparameters

spiderviewoptionhandleparameters

read-only idempotent
gets-whether-not-spider-should

Gets whether or not the spider should attempt to avoid logout related paths/functionality.

read-only idempotent
gets-maximum-number-child-nodes

Gets the maximum number of child nodes (per node) that can be crawled, 0 means no limit.

read-only idempotent
gets-maximum-depth-spider-can

Gets the maximum depth the spider can crawl, 0 if unlimited.

read-only idempotent
spiderviewoptionmaxduration

spiderviewoptionmaxduration

read-only idempotent
gets-maximum-size-bytes-that

Gets the maximum size, in bytes, that a response might have to be parsed, or 0 for unlimited.

read-only idempotent
spiderviewoptionmaxscansinui

spiderviewoptionmaxscansinui

read-only idempotent
spiderviewoptionparsecomments

spiderviewoptionparsecomments

read-only idempotent
spiderviewoptionparsedsstore

spiderviewoptionparsedsstore

read-only idempotent
spiderviewoptionparsegit

spiderviewoptionparsegit

read-only idempotent
spiderviewoptionparserobotstxt

spiderviewoptionparserobotstxt

read-only idempotent
spiderviewoptionparsesvnentries

spiderviewoptionparsesvnentries

read-only idempotent
spiderviewoptionparsesitemapxml

spiderviewoptionparsesitemapxml

read-only idempotent
spiderviewoptionpostform

spiderviewoptionpostform

read-only idempotent
spiderviewoptionprocessform

spiderviewoptionprocessform

read-only idempotent
gets-whether-not-referer-header

Gets whether or not the 'Referer' header should be sent while spidering.

read-only idempotent
spiderviewoptionshowadvanceddialog

spiderviewoptionshowadvanceddialog

read-only idempotent
spiderviewoptionskipurlstring

spiderviewoptionskipurlstring

read-only idempotent
spiderviewoptionthreadcount

spiderviewoptionthreadcount

read-only idempotent
spiderviewoptionuseragent

spiderviewoptionuseragent

read-only idempotent
spiderviewresults

spiderviewresults

read-only idempotent
spiderviewscans

spiderviewscans

read-only idempotent
spiderviewstatus

spiderviewstatus

read-only idempotent

Capability Spec

owasp-zap-spider.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: ZAP API — spider
  description: 'ZAP API — spider. 71 operations. Lead operation: spider. Self-contained Naftiko capability covering one Owasp
    Zap business surface.'
  tags:
  - Owasp Zap
  - spider
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    OWASP_ZAP_API_KEY: OWASP_ZAP_API_KEY
capability:
  consumes:
  - type: http
    namespace: owasp-zap-spider
    baseUri: http://zap
    description: ZAP API — spider business capability. Self-contained, no shared references.
    resources:
    - name: JSON-spider-action-addDomainAlwaysInScope
      path: /JSON/spider/action/addDomainAlwaysInScope/
      operations:
      - name: spideractionadddomainalwaysinscope
        method: GET
        description: Adds a new domain that's always in scope, using the specified value. Optionally sets if the new entry
          is enabled (default, true) and whether or not the new value is specified as a regex (default, false).
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-clearExcludedFromScan
      path: /JSON/spider/action/clearExcludedFromScan/
      operations:
      - name: spideractionclearexcludedfromscan
        method: GET
        description: Clears the regexes of URLs excluded from the spider scans.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-disableAllDomainsAlwaysInScope
      path: /JSON/spider/action/disableAllDomainsAlwaysInScope/
      operations:
      - name: spideractiondisablealldomainsalwaysinscope
        method: GET
        description: Disables all domains that are always in scope.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-enableAllDomainsAlwaysInScope
      path: /JSON/spider/action/enableAllDomainsAlwaysInScope/
      operations:
      - name: spideractionenablealldomainsalwaysinscope
        method: GET
        description: Enables all domains that are always in scope.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-excludeFromScan
      path: /JSON/spider/action/excludeFromScan/
      operations:
      - name: spideractionexcludefromscan
        method: GET
        description: Adds a regex of URLs that should be excluded from the spider scans.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-modifyDomainAlwaysInScope
      path: /JSON/spider/action/modifyDomainAlwaysInScope/
      operations:
      - name: spideractionmodifydomainalwaysinscope
        method: GET
        description: Modifies a domain that's always in scope. Allows to modify the value, if enabled or if a regex. The domain
          is selected with its index, which can be obtained with the view domainsAlwaysInScope.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-pause
      path: /JSON/spider/action/pause/
      operations:
      - name: spideractionpause
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-pauseAllScans
      path: /JSON/spider/action/pauseAllScans/
      operations:
      - name: spideractionpauseallscans
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-removeAllScans
      path: /JSON/spider/action/removeAllScans/
      operations:
      - name: spideractionremoveallscans
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-removeDomainAlwaysInScope
      path: /JSON/spider/action/removeDomainAlwaysInScope/
      operations:
      - name: spideractionremovedomainalwaysinscope
        method: GET
        description: Removes a domain that's always in scope, with the given index. The index can be obtained with the view
          domainsAlwaysInScope.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-removeScan
      path: /JSON/spider/action/removeScan/
      operations:
      - name: spideractionremovescan
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-resume
      path: /JSON/spider/action/resume/
      operations:
      - name: spideractionresume
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-resumeAllScans
      path: /JSON/spider/action/resumeAllScans/
      operations:
      - name: spideractionresumeallscans
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-scan
      path: /JSON/spider/action/scan/
      operations:
      - name: spideractionscan
        method: GET
        description: Runs the spider against the given URL (or context). Optionally, the 'maxChildren' parameter can be set
          to limit the number of children scanned, the 'recurse' parameter can be used to prevent the spider from seeding
          recursively, the paramete
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-scanAsUser
      path: /JSON/spider/action/scanAsUser/
      operations:
      - name: spideractionscanasuser
        method: GET
        description: Runs the spider from the perspective of a User, obtained using the given Context ID and User ID. See
          'scan' action for more details.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionAcceptCookies
      path: /JSON/spider/action/setOptionAcceptCookies/
      operations:
      - name: spideractionsetoptionacceptcookies
        method: GET
        description: Sets whether or not a spider process should accept cookies while spidering.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionHandleODataParametersVisited
      path: /JSON/spider/action/setOptionHandleODataParametersVisited/
      operations:
      - name: spideractionsetoptionhandleodataparametersvisited
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionHandleParameters
      path: /JSON/spider/action/setOptionHandleParameters/
      operations:
      - name: spideractionsetoptionhandleparameters
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionLogoutAvoidance
      path: /JSON/spider/action/setOptionLogoutAvoidance/
      operations:
      - name: spideractionsetoptionlogoutavoidance
        method: GET
        description: Sets whether or not the Spider should attempt to avoid logout related paths/functionality.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionMaxChildren
      path: /JSON/spider/action/setOptionMaxChildren/
      operations:
      - name: spideractionsetoptionmaxchildren
        method: GET
        description: Sets the maximum number of child nodes (per node) that can be crawled, 0 means no limit.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionMaxDepth
      path: /JSON/spider/action/setOptionMaxDepth/
      operations:
      - name: spideractionsetoptionmaxdepth
        method: GET
        description: Sets the maximum depth the spider can crawl, 0 for unlimited depth.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionMaxDuration
      path: /JSON/spider/action/setOptionMaxDuration/
      operations:
      - name: spideractionsetoptionmaxduration
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionMaxParseSizeBytes
      path: /JSON/spider/action/setOptionMaxParseSizeBytes/
      operations:
      - name: spideractionsetoptionmaxparsesizebytes
        method: GET
        description: Sets the maximum size, in bytes, that a response might have to be parsed. This allows the spider to skip
          big responses/files.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionMaxScansInUI
      path: /JSON/spider/action/setOptionMaxScansInUI/
      operations:
      - name: spideractionsetoptionmaxscansinui
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionParseComments
      path: /JSON/spider/action/setOptionParseComments/
      operations:
      - name: spideractionsetoptionparsecomments
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionParseDsStore
      path: /JSON/spider/action/setOptionParseDsStore/
      operations:
      - name: spideractionsetoptionparsedsstore
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionParseGit
      path: /JSON/spider/action/setOptionParseGit/
      operations:
      - name: spideractionsetoptionparsegit
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionParseRobotsTxt
      path: /JSON/spider/action/setOptionParseRobotsTxt/
      operations:
      - name: spideractionsetoptionparserobotstxt
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionParseSVNEntries
      path: /JSON/spider/action/setOptionParseSVNEntries/
      operations:
      - name: spideractionsetoptionparsesvnentries
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionParseSitemapXml
      path: /JSON/spider/action/setOptionParseSitemapXml/
      operations:
      - name: spideractionsetoptionparsesitemapxml
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionPostForm
      path: /JSON/spider/action/setOptionPostForm/
      operations:
      - name: spideractionsetoptionpostform
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionProcessForm
      path: /JSON/spider/action/setOptionProcessForm/
      operations:
      - name: spideractionsetoptionprocessform
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionSendRefererHeader
      path: /JSON/spider/action/setOptionSendRefererHeader/
      operations:
      - name: spideractionsetoptionsendrefererheader
        method: GET
        description: Sets whether or not the 'Referer' header should be sent while spidering.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionShowAdvancedDialog
      path: /JSON/spider/action/setOptionShowAdvancedDialog/
      operations:
      - name: spideractionsetoptionshowadvanceddialog
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionSkipURLString
      path: /JSON/spider/action/setOptionSkipURLString/
      operations:
      - name: spideractionsetoptionskipurlstring
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionThreadCount
      path: /JSON/spider/action/setOptionThreadCount/
      operations:
      - name: spideractionsetoptionthreadcount
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-setOptionUserAgent
      path: /JSON/spider/action/setOptionUserAgent/
      operations:
      - name: spideractionsetoptionuseragent
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-stop
      path: /JSON/spider/action/stop/
      operations:
      - name: spideractionstop
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-action-stopAllScans
      path: /JSON/spider/action/stopAllScans/
      operations:
      - name: spideractionstopallscans
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-addedNodes
      path: /JSON/spider/view/addedNodes/
      operations:
      - name: spiderviewaddednodes
        method: GET
        description: Returns a list of the names of the nodes added to the Sites tree by the specified scan.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-allUrls
      path: /JSON/spider/view/allUrls/
      operations:
      - name: spiderviewallurls
        method: GET
        description: Returns a list of unique URLs from the history table based on HTTP messages added by the Spider.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-domainsAlwaysInScope
      path: /JSON/spider/view/domainsAlwaysInScope/
      operations:
      - name: spiderviewdomainsalwaysinscope
        method: GET
        description: 'Gets all the domains that are always in scope. For each domain the following are shown: the index, the
          value (domain), if enabled, and if specified as a regex.'
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-excludedFromScan
      path: /JSON/spider/view/excludedFromScan/
      operations:
      - name: spiderviewexcludedfromscan
        method: GET
        description: Gets the regexes of URLs excluded from the spider scans.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-fullResults
      path: /JSON/spider/view/fullResults/
      operations:
      - name: spiderviewfullresults
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionAcceptCookies
      path: /JSON/spider/view/optionAcceptCookies/
      operations:
      - name: spiderviewoptionacceptcookies
        method: GET
        description: Gets whether or not a spider process should accept cookies while spidering.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionDomainsAlwaysInScope
      path: /JSON/spider/view/optionDomainsAlwaysInScope/
      operations:
      - name: spiderviewoptiondomainsalwaysinscope
        method: GET
        description: Use view domainsAlwaysInScope instead.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionDomainsAlwaysInScopeEnabled
      path: /JSON/spider/view/optionDomainsAlwaysInScopeEnabled/
      operations:
      - name: spiderviewoptiondomainsalwaysinscopeenabled
        method: GET
        description: Use view domainsAlwaysInScope instead.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionHandleODataParametersVisited
      path: /JSON/spider/view/optionHandleODataParametersVisited/
      operations:
      - name: spiderviewoptionhandleodataparametersvisited
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionHandleParameters
      path: /JSON/spider/view/optionHandleParameters/
      operations:
      - name: spiderviewoptionhandleparameters
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionLogoutAvoidance
      path: /JSON/spider/view/optionLogoutAvoidance/
      operations:
      - name: spiderviewoptionlogoutavoidance
        method: GET
        description: Gets whether or not the spider should attempt to avoid logout related paths/functionality.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionMaxChildren
      path: /JSON/spider/view/optionMaxChildren/
      operations:
      - name: spiderviewoptionmaxchildren
        method: GET
        description: Gets the maximum number of child nodes (per node) that can be crawled, 0 means no limit.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionMaxDepth
      path: /JSON/spider/view/optionMaxDepth/
      operations:
      - name: spiderviewoptionmaxdepth
        method: GET
        description: Gets the maximum depth the spider can crawl, 0 if unlimited.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionMaxDuration
      path: /JSON/spider/view/optionMaxDuration/
      operations:
      - name: spiderviewoptionmaxduration
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionMaxParseSizeBytes
      path: /JSON/spider/view/optionMaxParseSizeBytes/
      operations:
      - name: spiderviewoptionmaxparsesizebytes
        method: GET
        description: Gets the maximum size, in bytes, that a response might have to be parsed, or 0 for unlimited.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionMaxScansInUI
      path: /JSON/spider/view/optionMaxScansInUI/
      operations:
      - name: spiderviewoptionmaxscansinui
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionParseComments
      path: /JSON/spider/view/optionParseComments/
      operations:
      - name: spiderviewoptionparsecomments
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionParseDsStore
      path: /JSON/spider/view/optionParseDsStore/
      operations:
      - name: spiderviewoptionparsedsstore
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionParseGit
      path: /JSON/spider/view/optionParseGit/
      operations:
      - name: spiderviewoptionparsegit
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionParseRobotsTxt
      path: /JSON/spider/view/optionParseRobotsTxt/
      operations:
      - name: spiderviewoptionparserobotstxt
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionParseSVNEntries
      path: /JSON/spider/view/optionParseSVNEntries/
      operations:
      - name: spiderviewoptionparsesvnentries
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionParseSitemapXml
      path: /JSON/spider/view/optionParseSitemapXml/
      operations:
      - name: spiderviewoptionparsesitemapxml
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionPostForm
      path: /JSON/spider/view/optionPostForm/
      operations:
      - name: spiderviewoptionpostform
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionProcessForm
      path: /JSON/spider/view/optionProcessForm/
      operations:
      - name: spiderviewoptionprocessform
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionSendRefererHeader
      path: /JSON/spider/view/optionSendRefererHeader/
      operations:
      - name: spiderviewoptionsendrefererheader
        method: GET
        description: Gets whether or not the 'Referer' header should be sent while spidering.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionShowAdvancedDialog
      path: /JSON/spider/view/optionShowAdvancedDialog/
      operations:
      - name: spiderviewoptionshowadvanceddialog
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionSkipURLString
      path: /JSON/spider/view/optionSkipURLString/
      operations:
      - name: spiderviewoptionskipurlstring
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionThreadCount
      path: /JSON/spider/view/optionThreadCount/
      operations:
      - name: spiderviewoptionthreadcount
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-optionUserAgent
      path: /JSON/spider/view/optionUserAgent/
      operations:
      - name: spiderviewoptionuseragent
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-results
      path: /JSON/spider/view/results/
      operations:
      - name: spiderviewresults
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-scans
      path: /JSON/spider/view/scans/
      operations:
      - name: spiderviewscans
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-spider-view-status
      path: /JSON/spider/view/status/
      operations:
      - name: spiderviewstatus
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    authentication:
      type: apikey
      key: X-ZAP-API-Key
      value: '{{env.OWASP_ZAP_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: owasp-zap-spider-rest
    port: 8080
    description: REST adapter for ZAP API — spider. One Spectral-compliant resource per consumed operation, prefixed with
      /v1.
    resources:
    - path: /v1/json/spider/action/adddomainalwaysinscope
      name: json-spider-action-adddomainalwaysinscope
      description: REST surface for JSON-spider-action-addDomainAlwaysInScope.
      operations:
      - method: GET
        name: spideractionadddomainalwaysinscope
        description: Adds a new domain that's always in scope, using the specified value. Optionally sets if the new entry
          is enabled (default, true) and whether or not the new value is specified as a regex (default, false).
        call: owasp-zap-spider.spideractionadddomainalwaysinscope
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/spider/action/clearexcludedfromscan
      name: json-spider-action-clearexcludedfromscan
      description: REST surface for JSON-spider-action-clearExcludedFromScan.
      operations:
      - method: GET
        name: spideractionclearexcludedfromscan
        description: Clears the regexes of URLs excluded from the spider scans.
        call: owasp-zap-spider.spideractionclearexcludedfromscan
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/spider/action/disablealldomainsalwaysinscope
      name: json-spider-action-disablealldomainsalwaysinscope
      description: REST surface for JSON-spider-action-disableAllDomainsAlwaysInScope.
      operations:
      - method: GET
        name: spideractiondisablealldomainsalwaysinscope
        description: Disables all domains that are always in scope.
        call: owasp-zap-spider.spideractiondisablealldomainsalwaysinscope
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/spider/action/enablealldomainsalwaysinscope
      name: json-spider-action-enablealldomainsalwaysinscope
      description: REST surface for JSON-spider-action-enableAllDomainsAlwaysInScope.
      operations:
      - method: GET
        name: spideractionenablealldomainsalwaysinscope
        description: Enables all domains that are always in scope.
        call: owasp-zap-spider.spideractionenablealldomainsalwaysinscope
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/spider/action/excludefromscan
      name: json-spider-action-excludefromscan
      description: REST surface for JSON-spider-action-excludeFromScan.
      operations:
      - method: GET
        name: spideractionexcludefromscan
        description: Adds a regex of URLs that should be excluded from the spider scans.
        call: owasp-zap-spider.spideractionexcludefromscan
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/spider/action/modifydomainalwaysinscope
      name: json-spider-action-modifydomainalwaysinscope
      description: REST surface for JSON-spider-action-modifyDomainAlwaysInScope.
      operations:
      - method: GET
        name: spideractionmodifydomainalwaysinscope
        description: Modifies a domain that's always in scope. Allows to modify the value, if enabled or if a regex. The domain
          is selected with its index, which can be obtained with the view domainsAlwaysInScope.
        call: owasp-zap-spider.spideractionmodifydomainalwaysinscope
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/spider/action/pause
      name: json-spider-action-pause
      description: REST surface for JSON-spider-action-pause.
      operations:
      - method: GET
        name: spideractionpause
        description: spideractionpause
        call: owasp-zap-spider.spideractionpause
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/spider/action/pauseallscans
      name: json-spider-action-pauseallscans
      description: REST surface for JSON-spider-action-pauseAllScans.
      operations:
      - method: GET
        name: spideractionpauseallscans
        description: spideractionpauseallscans
        call: owasp-zap-spider.spideractionpauseallscans
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/spider/action/removeallscans
      name: json-spider-action-removeallscans
      description: REST surface for JSON-spider-action-removeAllScans.
      operations:
      - method: GET
        name: spideractionremoveallscans
        description: spideractionremoveallscans
        call: owasp-zap-spider.spideractionremoveallscans
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/spider/action/removedomainalwaysinscope
      name: json-spider-action-removedomainalwaysinscope
      description: REST surface for JSON-spider-action-removeDomainAlwaysInScope.
      operations:
      - method: GET
        name: spideractionremovedomainalwaysinscope
        description: Removes a domain that's always in scope, with the given index. The index can be obtained with the view
          domainsAlwaysInScope.
        call: owasp-zap-spider.spideractionremovedomainalwaysinscope
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/spider/action/removescan
      name: json-spider-action-removescan
      description: REST surface for JSON-spider-action-removeScan.
      operations:
      - method: GET
        name: spideractionremovescan
        description: spideractionremovescan
        call: owasp-zap-spider.spideractionremovescan
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/spider/action/resume
      name: json-spider-action-resume
      description: REST surface for JSON-spider-action-resume.
      operations:
      - method: GET
        name: spideractionresume
        description: spideractionresume
        call: owasp-zap-spider.spideractionresume


# --- truncated at 32 KB (82 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/owasp-zap/refs/heads/main/capabilities/owasp-zap-spider.yaml