root@kali:~# owasp-zap -h
Found Java version 21.0.6
Available memory: 7947 MB
Using JVM args: -Xmx1986m
Usage:
zap.sh [Options]
Core options:
-version Reports the ZAP version
-cmd Run inline (exits when command line options complete)
-daemon Starts ZAP in daemon mode, i.e. without a UI
-config Overrides the specified key=value pair in the configuration file
-configfile Overrides the key=value pairs with those in the specified properties file
-dir Uses the specified directory instead of the default one
-installdir Overrides the code that detects where ZAP has been installed with the specified directory
-h Shows all of the command line options available, including those added by add-ons
-help The same as -h
-newsession Creates a new session at the given location
-session Opens the given session after starting ZAP
-lowmem Use the database instead of memory as much as possible - this is still experimental
-experimentaldb Use the experimental generic database code, which is not surprisingly also still experimental
-nostdout Disables the default logging through standard output
-loglevel Sets the log level, overriding the values specified in the log4j2.properties file in the home directory
-sbomzip Creates a zip file containing all of the available SBOMs
-suppinfo Reports support info to the command line and exits
-silent Ensures ZAP does not make any unsolicited requests, including check for updates
Add-on options:
-openapifile Imports an OpenAPI definition from the specified file name
-openapiurl Imports an OpenAPI definition from the specified URL
-openapitargeturl The Target URL, to override the server URL present in the OpenAPI definition. Refer to the help for supported format.
-certload Loads the Root CA certificate from the specified file name
-certpubdump Dumps the Root CA public certificate into the specified file name, this is suitable for importing into browsers
-certfulldump Dumps the Root CA full certificate (including the private key) into the specified file name, this is suitable for importing into ZAP
-host Overrides the host of the main proxy, specified in the configuration file
-port Overrides the port of the main proxy, specified in the configuration file
-postmanfile Imports a Postman collection from the specified file name.
-postmanurl Imports a Postman collection from the specified URL.
-postmanendpointurl The endpoint URL, to override the base URLs present in the Postman collection.
-quickurl The URL to attack, e.g. http://www.example.com
-quickout The file to write the HTML/JSON/MD/XML results to (based on the file extension)
-quickprogress: Display progress bars while scanning
-zapit The URL to perform a quick 'reconnaissance' scan on, e.g. http://www.example.com The -cmd option must be specified
-script