root@kali:~# owasp-zap -h Found Java version 21.0.6 Available memory: 7947 MB Using JVM args: -Xmx1986m Usage: zap.sh [Options] Core options: -version Reports the ZAP version -cmd Run inline (exits when command line options complete) -daemon Starts ZAP in daemon mode, i.e. without a UI -config Overrides the specified key=value pair in the configuration file -configfile Overrides the key=value pairs with those in the specified properties file -dir Uses the specified directory instead of the default one -installdir Overrides the code that detects where ZAP has been installed with the specified directory -h Shows all of the command line options available, including those added by add-ons -help The same as -h -newsession Creates a new session at the given location -session Opens the given session after starting ZAP -lowmem Use the database instead of memory as much as possible - this is still experimental -experimentaldb Use the experimental generic database code, which is not surprisingly also still experimental -nostdout Disables the default logging through standard output -loglevel Sets the log level, overriding the values specified in the log4j2.properties file in the home directory -sbomzip Creates a zip file containing all of the available SBOMs -suppinfo Reports support info to the command line and exits -silent Ensures ZAP does not make any unsolicited requests, including check for updates Add-on options: -openapifile Imports an OpenAPI definition from the specified file name -openapiurl Imports an OpenAPI definition from the specified URL -openapitargeturl The Target URL, to override the server URL present in the OpenAPI definition. Refer to the help for supported format. -certload Loads the Root CA certificate from the specified file name -certpubdump Dumps the Root CA public certificate into the specified file name, this is suitable for importing into browsers -certfulldump Dumps the Root CA full certificate (including the private key) into the specified file name, this is suitable for importing into ZAP -host Overrides the host of the main proxy, specified in the configuration file -port Overrides the port of the main proxy, specified in the configuration file -postmanfile Imports a Postman collection from the specified file name. -postmanurl Imports a Postman collection from the specified URL. -postmanendpointurl The endpoint URL, to override the base URLs present in the Postman collection. -quickurl The URL to attack, e.g. http://www.example.com -quickout The file to write the HTML/JSON/MD/XML results to (based on the file extension) -quickprogress: Display progress bars while scanning -zapit The URL to perform a quick 'reconnaissance' scan on, e.g. http://www.example.com The -cmd option must be specified -script