Zest is an experimental specialized scripting language (also known as a domain-specific language) originally developed by the Mozilla security team and is intended to be used in web oriented security tools. from https://www.zaproxy.org/docs/desktop/addons/zest/

It is included by default with ZAP. However, it can also be used as the CLI. this repository for easy setup the CLI environment.

- name: Zest CLI
  uses: hahwul/[email protected]
  with:
    script: <YOUR-ZEST-SCRIPT>
    flags: "-token 'id=secret' -token 'password=secret'"

Flags

• -summary
• -list
• -debug
• -timeout: timeout for requests in second
• -prefix: http://prefix
• -token: name=value
• -http-auth-site: site
• -http-auth-realm: realm
• -http-auth-user: user
• -http-auth-password: password
• -insecure: skip the SSL certificate check

docker pull hahwul/zest-env
docker pull hahwul/zest-env:latest
docker pull hahwul/zest-env:v1.1.0

FROM hahwul/zest-env:v1.1.0
# Add your Job
RUN /usr/bin/zest -script <FILENAME>

docker pull ghcr.io/hahwul/zest-env:v1.1.0

FROM ghcr.io/hahwul/zest-env:v1.1.0
# Add your Job
RUN /usr/bin/zest -script <FILENAME>

git clone https://github.com/hahwul/zest-env
cd zest-env
docker build .

• https://www.zaproxy.org/docs/desktop/addons/zest/
• https://github.com/zaproxy/zest/
• https://twitter.com/hahwul/status/1530234639469932544
• https://www.hahwul.com/2022/05/19/zest-and-headless-authentication-script/
• https://www.hahwul.com/2022/05/28/zest-in-cli/