Run Owasp Zap in a Docker container

April 28, 2025 note-to-self docker

Run as daemon mode:

docker run -d -p 8090:8090 --rm -it zaproxy/zap-stable zap.sh -daemon -port 8090 -host 0.0.0.0

Desktop UI:

docker run -u zap --rm -it -p 8080:8080 -p 8090:8090 -i ghcr.io/zaproxy/zaproxy:stable zap-webswing.sh

Then go to http://localhost:8080/zap. Use https://host.docker.internal to hit https://local..com

Baseline scan:

docker run -v $(pwd):/zap/wrk/:rw -t zaproxy/zap-stable zap-baseline.py -t <target_url>

Full scan:

docker run -v $(pwd):/zap/wrk/:rw -t zaproxy/zap-stable zap-full-scan.py -t <target_url>

Find container's IP:

docker inspect <container_id> | grep IPAddress

Use container's API:

http://<container_ip>:8090/

Check if I can connect to the zaproxy:

nc -vz 0.0.0.0 8090

Build an image with chrome and zap:

docker build -f ./docker/Dockerfile -t zap-chrome .

Run chrome/zap image:

docker run -d -p 8090:8090 zap-chrome zap.sh -daemon -port 8090 -host 0.0.0.0

#

docker run -v $(pwd):/zap/wrk/:rw --network="host" zaproxy/zap-stable zap-baseline.py -t https://local.<website>.com -r scan-report.html

These posts are for my own understanding. Reader beware. Info may be wrong but it reflects my current understanding.