Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ Once your target is set up:

## Step 3: Select Your API Source Type

ZeroThreat offers many options for importing your API collection:
ZeroThreat offers multiple methods to create or import your API collection. In Step 3, choose any one method based on how your APIs are available, such as uploading an existing collection, importing from a cloud source, or recording API requests using ZeroThreat API Recorder.

| Source Type | Description |
| ---------------------- | ----------------------------------------------------------------------------- |
Expand Down Expand Up @@ -131,15 +131,23 @@ If your APIs are managed in **MuleSoft Anypoint Platform**, you can connect Zero
::fiqure-img{source="/Images/image (385).png"}
::

2. **Set Up Integration**
2. **Required MuleSoft Scope**

Before connecting MuleSoft with ZeroThreat, make sure your MuleSoft connected app has the required access scope.\
In MuleSoft Anypoint Platform, go to **Access Management > Connected Apps**, open your connected app, then click **Add Scopes** and assign the **Exchange Viewer** scope.

::fiqure-img{source="/Images/image (506).png"}
::

3. **Set Up Integration**
* Enter a **Connection Name**.
* Provide your **Client ID** and **Client Secret** from your MuleSoft Anypoint account.
* ZeroThreat will validate the credentials before proceeding.

::fiqure-img{source="/Images/image (386).png"}
::

3. **Fetch APIs**
4. **Fetch APIs**

* Once validated, ZeroThreat fetches your available organizations and API assets.
* Choose the **Connection** (newly created or previously saved).
Expand Down Expand Up @@ -295,6 +303,62 @@ Your Postman Cloud APIs will be added as a Collection in ZeroThreat. You can opt

</details>

#### ZeroThreat API Recorder

ZeroThreat API Recorder lets you create an API collection by browsing your web application and capturing the API requests triggered during normal user actions. This is useful when you do not already have an API collection ready, when API inventory is missing, or when new APIs have been added and need to be discovered through frontend workflows. Instead of manually uploading a specification file, you can let ZeroThreat collect in-scope API requests as you interact with the application.

**Prerequisite:** You must have the ZeroThreat Chrome Extension installed.

<details>

<summary>Steps to create a collection using ZeroThreat API Recorder</summary>

1. Click **ZeroThreat API Recorder**.

::fiqure-img{source="/Images/image (501).png"}
::

2. Enter a **Collection Name** and the **Web Application URL**.

::fiqure-img{source="/Images/image (502).png"}
::

The Web Application URL is the frontend application where the recorder will open. As you browse the application, ZeroThreat captures API requests that belong to the target scope.

::hint{ style="background-color:#f7fcff; border:1px solid #07405a33; color:#1e6995;" icon="circle-info" iconClass="text-sky-600"}
###### If your frontend and APIs use the same domain or subdomain, you can use that application URL directly.

###### If your frontend and APIs use different subdomains, create the ZeroThreat target using the API domain, then enter the frontend URL as the Web Application URL.

###### For example, if your API is hosted on `api.example.com` and your frontend is hosted on `app.example.com`, create the target for `api.example.com` and enter `app.example.com` as the Web Application URL. The recorder will open the frontend, and API requests made to the target API domain will be collected.
::

::hint{ style="background-color:#fff4e6; color:#f97316; border:1px solid #f6d2b0;" icon="triangle-exclamation" iconClass="text-[#f97316]"}
###### **Note:** API requests outside the configured target scope will not be included in the collection.
::

3. Click **Open Extension to Record API Requests**. This opens the web application in a new tab and launches the ZeroThreat Chrome Extension on that page.
4. In the extension, click **Start Recording**.

::fiqure-img{source="/Images/image (503).png"}
::

5. Browse the application and perform the user actions that trigger the APIs you want to include in the collection.
6. When you are done, click **Stop Recording** in the extension and click **Save** to store the API collection.&#x20;

::fiqure-img{source="/Images/image (504).png"}
::

7. Return to the ZeroThreat portal and click **Next**.

::fiqure-img{source="/Images/image (505).png"}
::

The captured APIs will be added to the collection and can be used for scanning.

</details>



## Step 4: Review and Configure API Endpoints

Expand Down
14 changes: 14 additions & 0 deletions content/docs/2.manage-targets/4.target-configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,20 @@ description: Target Configuration helps define how ZeroThreat should interact wi
seo.description : Fine-tune your scan targets by configuring headers, authentication, and server options. Optimize each target setup for accurate and effective scanning.
---

## Accessing Target Configuration

To open Target Configuration, go to the **Dashboard** and click **Targets.**

::fiqure-img{source="/Images/image (77).png"}
::

The Targets page lists all Web and API targets that you have. From here, click the target URL or the gear icon next to the target you want to configure.

::fiqure-img{source="/Images/image (507).png"}
::

This opens the Target Configuration drawer for that specific target, where you can manage scan behavior, scope, authentication-related settings, schedules, scan profiles, integrations, and other target-level options.

## Configuration

The Configuration section contains core settings that affect how the scanner runs against your target.
Expand Down
2 changes: 1 addition & 1 deletion content/docs/6.plans/01.zerothreat-plans.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ description: ZeroThreat offers plans for individuals, security teams, enterprise

## Unified Plan Comparison

<div id="plan-comparison-table">
<div id="plan-comparison-table" class="table_scroll">
<table><thead><tr><th width="151">Plan</th><th width="223">Pricing</th><th width="130.5">Hosts</th><th>Parallel Scans</th><th>Re-Tests</th><th>CI/CD Integration</th><th>Issue Tracking Integration</th><th width="133.4544677734375">Notification Integration</th><th>Static IP</th><th>Production-Safe Testing</th><th>Agentic AI Pentesting</th><th>Complex UI Flow Automation (Playwright)</th><th width="189.111083984375">Custom Attack Templates</th><th width="140">White-Label Reports</th><th width="165.727294921875">CVE Based Attack Coverage (Scan Profile)</th><th width="168.9090576171875">Open Attack Coverage (Scan Profile)</th><th width="146.1817626953125">Popular CVE's (Scan Profile)</th><th width="126.181884765625">Quick Test</th><th width="150">Delay Days for latest CVE's</th></tr></thead><tbody><tr><td><strong>Free Plan</strong></td><td>$0/month – 5 scans on signup with limited report view, then 1 scan/month with limited report view</td><td>Unlimited</td><td>1 per host</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>Preview</td><td>Preview</td><td>No</td><td>No</td><td>Not Applicable</td></tr><tr><td><strong>Professional Cloud</strong></td><td>$100/month for the first host, $75/month for each additional host up to 10. 20% off annual upfront payment</td><td>1–10</td><td>1 per host</td><td>Unlimited</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>Preview</td><td>No</td><td>Yes</td><td>30</td></tr><tr><td><strong>Professional Pay-Per-Scan</strong></td><td>$25 per scan. Minimum purchase: $125 for 5 credits</td><td>Unlimited</td><td>Usage-based</td><td>Free 1-week Re-Rest</td><td>No</td><td>No</td><td>No</td><td>No</td><td>No</td><td>Yes</td><td>No</td><td>No</td><td>No</td><td>Preview</td><td>Preview</td><td>Yes</td><td>No</td><td>30</td></tr><tr><td><strong>Enterprise Cloud</strong></td><td>Contact Sales</td><td>10+</td><td>3 per host</td><td>Unlimited</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes – Extra</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes – Nuclei + Burp + Faster Updates</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>Yes</td><td>0</td></tr><tr><td><strong>Enterprise Pay-Per-Scan</strong></td><td>Contact Sales</td><td>Unlimited</td><td>Usage-based</td><td>Free 1-week Re-Test</td><td>No</td><td>No</td><td>Yes</td><td>Yes – Extra</td><td>No</td><td>Yes</td><td>No</td><td>Yes – Nuclei + Burp + Faster Updates</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>No</td><td>0</td></tr><tr><td><strong>Enterprise On-Prem</strong></td><td>Contact Sales</td><td>Unlimited</td><td>2 per instance</td><td>Unlimited</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Not Applicable</td><td>Yes</td><td>Yes</td><td>Yes</td><td>Yes – Nuclei + Burp + Faster Updates</td><td>Yes</td><td>Yes</td><td>Yes</td><td>No</td><td>Yes</td><td>0</td></tr></tbody></table>
</div>

Expand Down
19 changes: 19 additions & 0 deletions main.css
Original file line number Diff line number Diff line change
Expand Up @@ -411,3 +411,22 @@ table tr td:first-child {
max-width: 220px;
width: 220px;
}

.table_scroll::-webkit-scrollbar {
width: 5px;
height: 8px;
}

.table_scroll::-webkit-scrollbar-track {
background: rgba(216, 214, 214, 0.658);
border-radius: 9999px;
}

.table_scroll::-webkit-scrollbar-thumb {
background: rgba(161, 160, 160, 0.603);
border-radius: 9999px;
}

.table_scroll::-webkit-scrollbar-thumb:hover {
background: rgba(140, 140, 140, 0.8);
}
Binary file added public/Images/image (501).png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added public/Images/image (502).png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added public/Images/image (503).png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added public/Images/image (504).png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added public/Images/image (505).png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added public/Images/image (506).png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added public/Images/image (507).png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file removed public/Images/image copy.png
Binary file not shown.
Loading