ZAP Command Line

ZAP is mostly executed from the GUI, but ZAP can also be executed from the command line. This is great if you want to run a quick scan on your target or want to automate it. If you haven’t read How to use OWASP ZAP – Open Source Vulnerability Scanner, I suggest you read it first to have a better understanding of ZAP before moving on to the command line.

ZAP Command Line (CLI)

Executing ZAP from the command line is limited as you will not be able to specify anything using the command line arguments alone. This means you may not be able to use other scanning features such as fuzzing, ajax spidering, brute force, etc.

You can specify some variables by using the -autorun command with an automation file from the automation framework. You can read more about that in How to Automate OWASP ZAP – Automation Framework.

Some of the more relevant ZAP arguments running from the command line are:

  • -daemon
    • Starts Zap without the user interface (in the background)
  • -cmd
    • Runs inline and exits when the command is complete

Without these arguments, ZAP will open a GUI. Both of these arguments may be similar as they can run a ZAP scan from the command line, but the difference is that the -cmd command will close the ZAP application immediately after completing the scan while the -daemon command will keep it running in the background.

  • -quickurl <URL>
    • Points to the URL to attack
  • -quickout <filename.extention>
    • Specify the file to write the results to (in formats: html/json/xml/md)
  • -quickprogress
    • Displays a progress bar of the scan

-quickurl is the main argument to run the quick scan for ZAP. The -quickout and -quickprogress are optional, but I’m sure you would want to save your results somewhere and watch the progress of the scan.

Going on a tangent, there is support for using ZAP with OpenAPI but we will not be covering this. You can learn more about the ZAP OpenAPI support here.

How to Run ZAP from the CLI?

The command format to run the ZAP CLI is:

zaproxy -cmd -quickurl <target URL> [options]

In the example below, the command used is:

zaproxy -cmd -quickurl -quickout /homekali/Downloads/zaptest2.xml -quickprogress

This is the command used to run zap on the command line and scan a webpage from the Mutillidae web application and save the results to an XML file called “zaptest2.xml”. -quickprogess is also used to produce a progress bar so that we can monitor the completion of the scan.

If you are wondering what the Mutillidae web application is, it is a vulnerable web application made for penetration testing. It is set up locally on a virtual machine.

This is the output file and its contents the XML file:

For your reference, here is the help menu of the command line:


ZAP is a tool that can be executed from both a GUI and CLI. Running ZAP from the CLI is best for a quick scan of your target or for automation. However, the CLI is limited to certain features. So depending on your situation, you may want to still want to stick to the ZAP GUI for more control.

Related Articles

How to use OWASP ZAP – Open Source Vulnerability Scanner 

Optimizing ZAP Scan 

How to Automate OWASP ZAP – Automation Framework

5 Popular Open Source Tools for Reconnaissance

Leave a Reply

Your email address will not be published. Required fields are marked *