id: zap-rest-api-detect

info:
  name: ZAP Rest API Server Running
  author: hahwul
  severity: info
  reference:
    - https://www.zaproxy.org/docs/api/
  metadata:
    max-request: 1
  tags: zap,tech

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: word
        part: response
        words:
          - '<title>ZAP API UI</title>'
          - 'Welcome to the OWASP Zed Attack Proxy (ZAP)'
          - 'Access-Control-Allow-Headers: ZAP-Header'
        condition: or

# digest: 4a0a00473045022067f2cab354e05af47c7d725053109fcd21aca47b7b8b156ec0ff62e81d305bcd022100af0c20ee397ce442d63cb8b985e9baf568c884b3eb639d5d7d8a621cfe7dc874:922c64590222798bb761d5b6d8e72950