zap.get_sites
Retrieve discovered websites from OWASP ZAP for security testing and vulnerability assessment in bug bounty hunting workflows.
Instructions
Get list of discovered sites from ZAP
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Implementation Reference
- src/tools/zap.ts:382-399 (registration)Registers the 'zap.get_sites' MCP tool with empty input schema and a handler that checks the ZAP client and calls its getSites method, formatting the result.server.tool( 'zap.get_sites', { description: 'Get list of discovered sites from ZAP', inputSchema: { type: 'object', properties: {}, }, }, async (): Promise<ToolResult> => { const client = getZAPClient(); if (!client) { return formatToolResult(false, null, 'ZAP client not initialized'); } const result = await client.getSites(); return formatToolResult(result.success, result.data, result.error); } );
- src/integrations/zap.ts:412-427 (handler)Core handler logic for retrieving discovered sites from ZAP via the REST API endpoint '/core/view/sites/', wrapped in ZAPScanResult format.async getSites(): Promise<ZAPScanResult> { try { const response = await this.client.get('/core/view/sites/'); return { success: true, data: { sites: response.data.sites || [], }, }; } catch (error: any) { return { success: false, error: error.message || 'Failed to get sites', }; } }
- src/integrations/zap.ts:3-7 (schema)Type definition for the output result of ZAP tool calls, including success flag, data, and error, used by getSites().export interface ZAPScanResult { success: boolean; data?: any; error?: string; }
- src/integrations/zap.ts:504-506 (helper)Singleton accessor for the ZAPClient instance, used in the tool handler to retrieve the client.export function getZAPClient(): ZAPClient | null { return zapClient; }