jalvarado-it · August 13, 2025 00:45
diff --git a/create_zap_service.sh b/create_zap_service.sh
 #!/bin/bash

 # Script to create OWASP ZAP service
 # Run with root privileges: sudo bash create_zap_service.sh

 echo "=== Configuring OWASP ZAP Service ==="

 # 1. Create system user for ZAP (for security)
 echo "1. Creating 'zapproxy' user..."
 useradd -r -s /bin/false -d /opt/zaproxy -c "OWASP ZAP Service" zapproxy 2>/dev/null || echo "zapproxy user already exists"

 # 2. Create configuration directories
 echo "2. Creating necessary directories..."
 mkdir -p /opt/zaproxy
 mkdir -p /var/log/zaproxy
 mkdir -p /etc/zaproxy

 # 3. Set permissions
 echo "3. Setting permissions..."
 chown -R zapproxy:zapproxy /opt/zaproxy
 chown -R zapproxy:zapproxy /var/log/zaproxy
 chown -R zapproxy:zapproxy /etc/zaproxy

 # 4. Create configuration file
 echo "4. Creating configuration file..."
 cat > /etc/zaproxy/zap.conf << 'EOF'
 # OWASP ZAP Service Configuration
 ZAP_HOST=0.0.0.0
 ZAP_PORT=8080
 ZAP_API_KEY=ZAP-API-KEY-$(date +%Y%m%d)-$(openssl rand -hex 16) # Keep or change 
 ZAP_HOME=/opt/zaproxy
 ZAP_LOG_LEVEL=INFO
 ZAP_MAX_MEMORY=2048m

 # Security configuration for remote API
 ZAP_API_DISABLE_KEY=false
 ZAP_API_SECURE=false
 ZAP_ALLOWED_IPS="127.0.0.1,192.168.0.0/16,10.0.0.0/8,172.16.0.0/12" # Modify this !!!
 EOF

 # 5. Create startup script
 echo "5. Creating startup script..."
 cat > /opt/zaproxy/start-zap.sh << 'EOF'
 #!/bin/bash

 # Load configuration
 source /etc/zaproxy/zap.conf

 # Default variables if not defined
 ZAP_HOST=${ZAP_HOST:-0.0.0.0}
 ZAP_PORT=${ZAP_PORT:-8080}
 ZAP_HOME=${ZAP_HOME:-/opt/zaproxy}
 ZAP_LOG_LEVEL=${ZAP_LOG_LEVEL:-INFO}
 ZAP_MAX_MEMORY=${ZAP_MAX_MEMORY:-2048m}
 ZAP_ALLOWED_IPS=${ZAP_ALLOWED_IPS:-"127.0.0.1"}

 # Create session directory if it doesn't exist 
 mkdir -p "$ZAP_HOME/sessions" 
 mkdir -p "$ZAP_HOME/config"

 # Clean previous sessions on startup
 rm -f "$ZAP_HOME"/*.session
 rm -f "$ZAP_HOME"/*.lck
 rm -f "$ZAP_HOME"/sessions/*.session
 rm -f "$ZAP_HOME"/sessions/*.lck

 # Generate unique session name
 SESSION_NAME="zap_session_$(date +%Y%m%d_%H%M%S)"

 # Startup log with configuration
 echo "$(date): Starting ZAP with configuration:" >> /var/log/zaproxy/zap.log
 echo "  Host: $ZAP_HOST" >> /var/log/zaproxy/zap.log
 echo "  Port: $ZAP_PORT" >> /var/log/zaproxy/zap.log
 echo "  Session: $SESSION_NAME" >> /var/log/zaproxy/zap.log
 echo "  API Key: $([ -n "$ZAP_API_KEY" ] && echo "Configured" || echo "Not configured")" >> /var/log/zaproxy/zap.log
 echo "  Max memory: $ZAP_MAX_MEMORY" >> /var/log/zaproxy/zap.log

 # Create API configuration file 
 cat > "$ZAP_HOME/config/config.xml" << CONFIGEOF 
 <?xml version="1.0" encoding="UTF-8" standalone="no"?> 
 <config> 
  <api> 
    <key>$ZAP_API_KEY</key> 
    <disablekey>false</disablekey> 
    <incerrordetails>false</incerrordetails> 
    <secure>false</secure> 
    <nohttpresponsecodemsg>false</nohttpresponsecodemsg> 
  </api> 
  <proxy> 
    <ip>$ZAP_HOST</ip> 
    <port>$ZAP_PORT</port> 
    <behindnat>false</behindnat> 
    <removeacceptencoding>true</removeacceptencoding>  
    <removeproxyconnectionheader>true</removeproxyconnectionheader>  
    <usehttpstate>true</usehttpstate> 
  </proxy> 
  <spider>
    <maxduration>60</maxduration>
    <maxdepth>5</maxdepth>
    <maxchildren>0</maxchildren>
    <acceptcookies>true</acceptcookies>
    <handleparameters>use_all</handleparameters>
  </spider>
 </config> 
 CONFIGEOF

 # Configure Java environment variables
 export JAVA_OPTS="-Xmx$ZAP_MAX_MEMORY -Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom"

 # Start ZAP in daemon mode
 exec /usr/bin/zaproxy \
    -daemon \
    -silent \
    -host "$ZAP_HOST" \
    -port "$ZAP_PORT" \
    -dir "$ZAP_HOME" \
    -installdir /usr/share/zaproxy \
    -config api.key="$ZAP_API_KEY" \
    -config api.disablekey=false \
    -config api.secure=false \
    -config api.addrs.addr.name=".*" \
    -config api.addrs.addr.regex=true \
    -config connection.timeoutInSecs=60 \
    -config proxy.chainedProxies.enabled=false \
    -config proxy.ip="$ZAP_HOST" \
    -config proxy.port="$ZAP_PORT" \
    -config start.checkForUpdates=false \
    -config start.addonUpdateCheckOnStart=false \
    -newsession "$ZAP_HOME/sessions/$SESSION_NAME" \
    >> /var/log/zaproxy/zap.log 2>&1 
 EOF

 # 6. Make script executable
 echo "Making script executable..."
 chmod +x /opt/zaproxy/start-zap.sh
 chown zapproxy:zapproxy /opt/zaproxy/start-zap.sh
 chown -R zapproxy:zapproxy /opt/zaproxy

 # 7. Configure firewall (if active) 
 echo "7. Configuring firewall..." 
 if systemctl is-active --quiet ufw; then 
    ufw allow 8080/tcp 
    echo "UFW rule added for port 8080" 
 elif systemctl is-active --quiet firewalld; then 
    firewall-cmd --permanent --add-port=8080/tcp 
    firewall-cmd --reload 
    echo "Firewalld rule added for port 8080" 
 fi

 # 8. Create API management utilities script
 echo "8. Creating API management utils..."
 cat > /usr/local/bin/zap-api-utils << 'EOF'
 #!/bin/bash

 # Utilities to manage ZAP API

 # Load configuration
 if [ -f /etc/zaproxy/zap.conf ]; then
    source /etc/zaproxy/zap.conf
 else
    echo "Error: Configuration file not found"
    exit 1
 fi

 case "$1" in
    "show-key")
        echo "Current API Key: $ZAP_API_KEY"
        ;;
    "test-api")
        IP=${2:-127.0.0.1}
        echo "Testing API from IP: $IP"
        response=$(curl -s -w "\nHTTP_CODE:%{http_code}" "http://$IP:$ZAP_PORT/JSON/core/view/version/?apikey=$ZAP_API_KEY")
        http_code=$(echo "$response" | grep "HTTP_CODE:" | cut -d: -f2)
        json_response=$(echo "$response" | grep -v "HTTP_CODE:")
        
        if [ "$http_code" = "200" ]; then
            echo "✅ Successful connection"
            echo "$json_response" | python3 -m json.tool 2>/dev/null || echo "$json_response"
        else
            echo "❌ HTTP Error: $http_code"
            echo "$json_response"
        fi
        ;;
    "regenerate-key")
        NEW_KEY="ZAP-API-KEY-$(date +%Y%m%d)-$(openssl rand -hex 16)"
        sed -i "s/ZAP_API_KEY=.*/ZAP_API_KEY=$NEW_KEY/" /etc/zaproxy/zap.conf
        echo "New API Key generated: $NEW_KEY"
        echo "Restart the service: sudo systemctl restart zaproxy"
        ;;
    "spider")
        TARGET_URL="$2"
        if [ -z "$TARGET_URL" ]; then
            echo "Usage: zap-api-utils spider <URL>"
            exit 1
        fi
        echo "Starting spider on: $TARGET_URL"
        encoded_url=$(python3 -c "import urllib.parse; print(urllib.parse.quote('$TARGET_URL', safe=''))")
        response=$(curl -s "http://127.0.0.1:$ZAP_PORT/JSON/spider/action/scan/?url=$encoded_url&apikey=$ZAP_API_KEY")
        echo "$response" | python3 -m json.tool 2>/dev/null || echo "$response"
        ;;
    "status")
        echo "ZAP Status:"
        curl -s "http://127.0.0.1:$ZAP_PORT/JSON/core/view/version/?apikey=$ZAP_API_KEY" | python3 -m json.tool 2>/dev/null || echo "Error: Cannot connect to ZAP"
        ;;
    "logs")
        echo "Last 20 log lines:"
        tail -20 /var/log/zaproxy/zap.log
        ;;
    *)
        echo "Usage: zap-api-utils {show-key|test-api [IP]|regenerate-key|spider <URL>|status|logs}"
        echo ""
        echo "Available commands:"
        echo "  show-key        - Show current API key"
        echo "  test-api [IP]   - Test API from IP (default: 127.0.0.1)"
        echo "  regenerate-key  - Generate new API key"
        echo "  spider <URL>    - Start spider on URL"
        echo "  status          - View ZAP status"
        echo "  logs            - View last log lines"
        ;;
 esac
 EOF

 chmod +x /usr/local/bin/zap-api-utils

 # 9. Create systemd service file
 echo "9. Creating systemd service..."
 cat > /etc/systemd/system/zaproxy.service << 'EOF'
 [Unit]
 Description=OWASP ZAP Proxy Service
 Documentation=https://www.zaproxy.org/docs/
 After=network.target
 Wants=network.target

 [Service]
 Type=simple
 User=zapproxy
 Group=zapproxy
 ExecStart=/opt/zaproxy/start-zap.sh
 ExecStop=/bin/kill -TERM $MAINPID
 Restart=on-failure
 RestartSec=10
 StandardOutput=journal
 StandardError=journal
 SyslogIdentifier=zaproxy
 KillMode=mixed
 TimeoutStopSec=30

 # Configuración de seguridad
 NoNewPrivileges=true
 PrivateTmp=true
 ProtectSystem=strict
 ProtectHome=true
 ReadWritePaths=/opt/zaproxy /var/log/zaproxy /tmp
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE

 # Variables de entorno
 Environment=JAVA_OPTS="-Xmx2048m -Djava.awt.headless=true"
 Environment=ZAP_SILENT=true

 [Install]
 WantedBy=multi-user.target
 EOF

 # 10. Create logrotate configuration
 echo "10. Configuring log rotation..."
 cat > /etc/logrotate.d/zaproxy << 'EOF'
 /var/log/zaproxy/*.log {
    daily
    missingok
    rotate 7
    compress
    delaycompress
    notifempty
    copytruncate
    su zapproxy zapproxy
 }
 EOF

 # 11. Create enhanced diagnostics script
 echo "11. Creating enhanced diagnostics script"
 cat > /usr/local/bin/zap-diagnostics << 'EOF'
 #!/bin/bash

 echo "=== Complete ZAP Diagnostics ==="
 echo ""

 # 1. Service status
 echo "1. Systemd service status:"
 if systemctl is-active --quiet zaproxy; then
    echo "   ✅ Service active"
    systemctl status zaproxy --no-pager | grep -E "(Active|Main PID|Memory|CPU)"
 else
    echo "   ❌ Service inactive"
    systemctl status zaproxy --no-pager | grep "Active"
 fi
 echo ""

 # 2. ZAP processes
 echo "2. ZAP processes:"
 zap_processes=$(ps aux | grep -v grep | grep zaproxy)
 if [ -n "$zap_processes" ]; then
    echo "   ✅ Processes found:"
    echo "$zap_processes"
 else
    echo "   ❌ No ZAP processes running"
 fi
 echo ""

 # 3. Open ports
 echo "3. Network ports:"
 port_info=$(netstat -tlnp 2>/dev/null | grep 8080)
 if [ -n "$port_info" ]; then
    echo "   ✅ Port 8080 open:"
    echo "   $port_info"
 else
    echo "   ❌ Port 8080 not open"
 fi
 echo ""

 # 4. Local connectivity
 echo "4. Connectivity test:"
 if timeout 5 curl -s http://127.0.0.1:8080 >/dev/null 2>&1; then
    echo "   ✅ ZAP responds on local port"
 else
    echo "   ❌ ZAP not responding on local port"
 fi
 echo ""

 # 5. Configuration
 echo "5. Current configuration:"
 if [ -f /etc/zaproxy/zap.conf ]; then
    echo "   ✅ Configuration file found:"
    grep -E "ZAP_(HOST|PORT|API_KEY)" /etc/zaproxy/zap.conf | sed 's/^/   /'
 else
    echo "   ❌ Configuration file not found"
 fi
 echo ""

 # 6. Session files
 echo "6. Session files:"
 session_files=$(find /opt/zaproxy -name "*.session" -o -name "*.lck" 2>/dev/null)
 if [ -n "$session_files" ]; then
    echo "   ⚠️  Existing session files:"
    echo "$session_files" | sed 's/^/   /'
 else
    echo "   ✅ No conflicting session files"
 fi
 echo ""

 # 7. Recent logs
 echo "7. Last 5 log lines:"
 if [ -f /var/log/zaproxy/zap.log ]; then
    tail -5 /var/log/zaproxy/zap.log | sed 's/^/   /'
 else
    echo "   ❌ No logs found"
 fi
 echo ""

 # 8. API test (if service is running)
 echo "8. API test:"
 if systemctl is-active --quiet zaproxy; then
    sleep 2  # Give ZAP time to fully start
    zap-api-utils test-api 2>/dev/null | head -3 | sed 's/^/   /'
 else
    echo "   ⏸️  Service not running, skipping API test"
 fi

 echo ""
 echo "=== End of diagnostics ==="
 EOF

 chmod +x /usr/local/bin/zap-diagnostics

 # 12. Reload systemd
 echo "12. Reloading systemd configuration..."
 systemctl daemon-reload

 # 13. Enable service
 echo "13. Enabling zaproxy service..."
 systemctl enable zaproxy.service

 # 14. Generate unique API key in configuration file
 echo "14. Generating unique API key..."
 API_KEY="ZAP-API-KEY-$(date +%Y%m%d)-$(openssl rand -hex 16)"
 sed -i "s/ZAP_API_KEY=.*/ZAP_API_KEY=$API_KEY/" /etc/zaproxy/zap.conf

 echo ""
 echo "=== OWASP ZAP Service configured successfully ==="
 echo ""
 echo "✅ Applied fixes:"
 echo "   - Configuration file syntax corrected"
 echo "   - API configured as non-secure for remote access"
 echo "   - Added -silent option to prevent popups"
 echo "   - Consistent memory configuration"
 echo "   - Unique API key generated"
 echo "   - Enhanced utilities with better error handling"
 echo ""
 echo "Available commands:"
 echo "  sudo systemctl start zaproxy    # Start service"
 echo "  sudo systemctl stop zaproxy     # Stop service"
 echo "  sudo systemctl restart zaproxy  # Restart service"
 echo "  sudo systemctl status zaproxy   # View status"
 echo "  zap-api-utils status            # API test"
 echo "  zap-diagnostics                 # Complete diagnostics"
 echo ""
 echo "Important files:"
 echo "  Configuration: /etc/zaproxy/zap.conf"
 echo "  Logs: /var/log/zaproxy/zap.log"
 echo "  Data: /opt/zaproxy/"
 echo ""
 echo "Generated API Key: $API_KEY"
 echo "Proxy will be available at: http://0.0.0.0:8080"
 echo ""


 # Iniciar el servicio automáticamente
 echo "Iniciando servicio..."
 systemctl start zaproxy

 # Esperar y mostrar estado
 sleep 5
 echo "Estado actual del servicio:"
 /usr/local/bin/zap-diagnostics
	#!/bin/bash

	# Script to create OWASP ZAP service
	# Run with root privileges: sudo bash create_zap_service.sh

	echo "=== Configuring OWASP ZAP Service ==="

	# 1. Create system user for ZAP (for security)
	echo "1. Creating 'zapproxy' user..."
	useradd -r -s /bin/false -d /opt/zaproxy -c "OWASP ZAP Service" zapproxy 2>/dev/null \|\| echo "zapproxy user already exists"

	# 2. Create configuration directories
	echo "2. Creating necessary directories..."
	mkdir -p /opt/zaproxy
	mkdir -p /var/log/zaproxy
	mkdir -p /etc/zaproxy

	# 3. Set permissions
	echo "3. Setting permissions..."
	chown -R zapproxy:zapproxy /opt/zaproxy
	chown -R zapproxy:zapproxy /var/log/zaproxy
	chown -R zapproxy:zapproxy /etc/zaproxy

	# 4. Create configuration file
	echo "4. Creating configuration file..."
	cat > /etc/zaproxy/zap.conf << 'EOF'
	# OWASP ZAP Service Configuration
	ZAP_HOST=0.0.0.0
	ZAP_PORT=8080
	ZAP_API_KEY=ZAP-API-KEY-$(date +%Y%m%d)-$(openssl rand -hex 16) # Keep or change
	ZAP_HOME=/opt/zaproxy
	ZAP_LOG_LEVEL=INFO
	ZAP_MAX_MEMORY=2048m

	# Security configuration for remote API
	ZAP_API_DISABLE_KEY=false
	ZAP_API_SECURE=false
	ZAP_ALLOWED_IPS="127.0.0.1,192.168.0.0/16,10.0.0.0/8,172.16.0.0/12" # Modify this !!!
	EOF

	# 5. Create startup script
	echo "5. Creating startup script..."
	cat > /opt/zaproxy/start-zap.sh << 'EOF'
	#!/bin/bash

	# Load configuration
	source /etc/zaproxy/zap.conf

	# Default variables if not defined
	ZAP_HOST=${ZAP_HOST:-0.0.0.0}
	ZAP_PORT=${ZAP_PORT:-8080}
	ZAP_HOME=${ZAP_HOME:-/opt/zaproxy}
	ZAP_LOG_LEVEL=${ZAP_LOG_LEVEL:-INFO}
	ZAP_MAX_MEMORY=${ZAP_MAX_MEMORY:-2048m}
	ZAP_ALLOWED_IPS=${ZAP_ALLOWED_IPS:-"127.0.0.1"}

	# Create session directory if it doesn't exist
	mkdir -p "$ZAP_HOME/sessions"
	mkdir -p "$ZAP_HOME/config"

	# Clean previous sessions on startup
	rm -f "$ZAP_HOME"/*.session
	rm -f "$ZAP_HOME"/*.lck
	rm -f "$ZAP_HOME"/sessions/*.session
	rm -f "$ZAP_HOME"/sessions/*.lck

	# Generate unique session name
	SESSION_NAME="zap_session_$(date +%Y%m%d_%H%M%S)"

	# Startup log with configuration
	echo "$(date): Starting ZAP with configuration:" >> /var/log/zaproxy/zap.log
	echo " Host: $ZAP_HOST" >> /var/log/zaproxy/zap.log
	echo " Port: $ZAP_PORT" >> /var/log/zaproxy/zap.log
	echo " Session: $SESSION_NAME" >> /var/log/zaproxy/zap.log
	echo " API Key: $([ -n "$ZAP_API_KEY" ] && echo "Configured" \|\| echo "Not configured")" >> /var/log/zaproxy/zap.log
	echo " Max memory: $ZAP_MAX_MEMORY" >> /var/log/zaproxy/zap.log

	# Create API configuration file
	cat > "$ZAP_HOME/config/config.xml" << CONFIGEOF
	<?xml version="1.0" encoding="UTF-8" standalone="no"?>
	<config>
	<api>
	<key>$ZAP_API_KEY</key>
	<disablekey>false</disablekey>
	<incerrordetails>false</incerrordetails>
	<secure>false</secure>
	<nohttpresponsecodemsg>false</nohttpresponsecodemsg>
	</api>
	<proxy>
	<ip>$ZAP_HOST</ip>
	<port>$ZAP_PORT</port>
	<behindnat>false</behindnat>
	<removeacceptencoding>true</removeacceptencoding>
	<removeproxyconnectionheader>true</removeproxyconnectionheader>
	<usehttpstate>true</usehttpstate>
	</proxy>
	<spider>
	<maxduration>60</maxduration>
	<maxdepth>5</maxdepth>
	<maxchildren>0</maxchildren>
	<acceptcookies>true</acceptcookies>
	<handleparameters>use_all</handleparameters>
	</spider>
	</config>
	CONFIGEOF

	# Configure Java environment variables
	export JAVA_OPTS="-Xmx$ZAP_MAX_MEMORY -Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom"

	# Start ZAP in daemon mode
	exec /usr/bin/zaproxy \
	-daemon \
	-silent \
	-host "$ZAP_HOST" \
	-port "$ZAP_PORT" \
	-dir "$ZAP_HOME" \
	-installdir /usr/share/zaproxy \
	-config api.key="$ZAP_API_KEY" \
	-config api.disablekey=false \
	-config api.secure=false \
	-config api.addrs.addr.name=".*" \
	-config api.addrs.addr.regex=true \
	-config connection.timeoutInSecs=60 \
	-config proxy.chainedProxies.enabled=false \
	-config proxy.ip="$ZAP_HOST" \
	-config proxy.port="$ZAP_PORT" \
	-config start.checkForUpdates=false \
	-config start.addonUpdateCheckOnStart=false \
	-newsession "$ZAP_HOME/sessions/$SESSION_NAME" \
	>> /var/log/zaproxy/zap.log 2>&1
	EOF

	# 6. Make script executable
	echo "Making script executable..."
	chmod +x /opt/zaproxy/start-zap.sh
	chown zapproxy:zapproxy /opt/zaproxy/start-zap.sh
	chown -R zapproxy:zapproxy /opt/zaproxy

	# 7. Configure firewall (if active)
	echo "7. Configuring firewall..."
	if systemctl is-active --quiet ufw; then
	ufw allow 8080/tcp
	echo "UFW rule added for port 8080"
	elif systemctl is-active --quiet firewalld; then
	firewall-cmd --permanent --add-port=8080/tcp
	firewall-cmd --reload
	echo "Firewalld rule added for port 8080"
	fi

	# 8. Create API management utilities script
	echo "8. Creating API management utils..."
	cat > /usr/local/bin/zap-api-utils << 'EOF'
	#!/bin/bash

	# Utilities to manage ZAP API

	# Load configuration
	if [ -f /etc/zaproxy/zap.conf ]; then
	source /etc/zaproxy/zap.conf
	else
	echo "Error: Configuration file not found"
	exit 1
	fi

	case "$1" in
	"show-key")
	echo "Current API Key: $ZAP_API_KEY"
	;;
	"test-api")
	IP=${2:-127.0.0.1}
	echo "Testing API from IP: $IP"
	response=$(curl -s -w "\nHTTP_CODE:%{http_code}" "http://$IP:$ZAP_PORT/JSON/core/view/version/?apikey=$ZAP_API_KEY")
	http_code=$(echo "$response" \| grep "HTTP_CODE:" \| cut -d: -f2)
	json_response=$(echo "$response" \| grep -v "HTTP_CODE:")

	if [ "$http_code" = "200" ]; then
	echo "✅ Successful connection"
	echo "$json_response" \| python3 -m json.tool 2>/dev/null \|\| echo "$json_response"
	else
	echo "❌ HTTP Error: $http_code"
	echo "$json_response"
	fi
	;;
	"regenerate-key")
	NEW_KEY="ZAP-API-KEY-$(date +%Y%m%d)-$(openssl rand -hex 16)"
	sed -i "s/ZAP_API_KEY=.*/ZAP_API_KEY=$NEW_KEY/" /etc/zaproxy/zap.conf
	echo "New API Key generated: $NEW_KEY"
	echo "Restart the service: sudo systemctl restart zaproxy"
	;;
	"spider")
	TARGET_URL="$2"
	if [ -z "$TARGET_URL" ]; then
	echo "Usage: zap-api-utils spider <URL>"
	exit 1
	fi
	echo "Starting spider on: $TARGET_URL"
	encoded_url=$(python3 -c "import urllib.parse; print(urllib.parse.quote('$TARGET_URL', safe=''))")
	response=$(curl -s "http://127.0.0.1:$ZAP_PORT/JSON/spider/action/scan/?url=$encoded_url&apikey=$ZAP_API_KEY")
	echo "$response" \| python3 -m json.tool 2>/dev/null \|\| echo "$response"
	;;
	"status")
	echo "ZAP Status:"
	curl -s "http://127.0.0.1:$ZAP_PORT/JSON/core/view/version/?apikey=$ZAP_API_KEY" \| python3 -m json.tool 2>/dev/null \|\| echo "Error: Cannot connect to ZAP"
	;;
	"logs")
	echo "Last 20 log lines:"
	tail -20 /var/log/zaproxy/zap.log
	;;
	*)
	echo "Usage: zap-api-utils {show-key\|test-api [IP]\|regenerate-key\|spider <URL>\|status\|logs}"
	echo ""
	echo "Available commands:"
	echo " show-key - Show current API key"
	echo " test-api [IP] - Test API from IP (default: 127.0.0.1)"
	echo " regenerate-key - Generate new API key"
	echo " spider <URL> - Start spider on URL"
	echo " status - View ZAP status"
	echo " logs - View last log lines"
	;;
	esac
	EOF

	chmod +x /usr/local/bin/zap-api-utils

	# 9. Create systemd service file
	echo "9. Creating systemd service..."
	cat > /etc/systemd/system/zaproxy.service << 'EOF'
	[Unit]
	Description=OWASP ZAP Proxy Service
	Documentation=https://www.zaproxy.org/docs/
	After=network.target
	Wants=network.target

	[Service]
	Type=simple
	User=zapproxy
	Group=zapproxy
	ExecStart=/opt/zaproxy/start-zap.sh
	ExecStop=/bin/kill -TERM $MAINPID
	Restart=on-failure
	RestartSec=10
	StandardOutput=journal
	StandardError=journal
	SyslogIdentifier=zaproxy
	KillMode=mixed
	TimeoutStopSec=30

	# Configuración de seguridad
	NoNewPrivileges=true
	PrivateTmp=true
	ProtectSystem=strict
	ProtectHome=true
	ReadWritePaths=/opt/zaproxy /var/log/zaproxy /tmp
	CapabilityBoundingSet=CAP_NET_BIND_SERVICE

	# Variables de entorno
	Environment=JAVA_OPTS="-Xmx2048m -Djava.awt.headless=true"
	Environment=ZAP_SILENT=true

	[Install]
	WantedBy=multi-user.target
	EOF

	# 10. Create logrotate configuration
	echo "10. Configuring log rotation..."
	cat > /etc/logrotate.d/zaproxy << 'EOF'
	/var/log/zaproxy/*.log {
	daily
	missingok
	rotate 7
	compress
	delaycompress
	notifempty
	copytruncate
	su zapproxy zapproxy
	}
	EOF

	# 11. Create enhanced diagnostics script
	echo "11. Creating enhanced diagnostics script"
	cat > /usr/local/bin/zap-diagnostics << 'EOF'
	#!/bin/bash

	echo "=== Complete ZAP Diagnostics ==="
	echo ""

	# 1. Service status
	echo "1. Systemd service status:"
	if systemctl is-active --quiet zaproxy; then
	echo " ✅ Service active"
	systemctl status zaproxy --no-pager \| grep -E "(Active\|Main PID\|Memory\|CPU)"
	else
	echo " ❌ Service inactive"
	systemctl status zaproxy --no-pager \| grep "Active"
	fi
	echo ""

	# 2. ZAP processes
	echo "2. ZAP processes:"
	zap_processes=$(ps aux \| grep -v grep \| grep zaproxy)
	if [ -n "$zap_processes" ]; then
	echo " ✅ Processes found:"
	echo "$zap_processes"
	else
	echo " ❌ No ZAP processes running"
	fi
	echo ""

	# 3. Open ports
	echo "3. Network ports:"
	port_info=$(netstat -tlnp 2>/dev/null \| grep 8080)
	if [ -n "$port_info" ]; then
	echo " ✅ Port 8080 open:"
	echo " $port_info"
	else
	echo " ❌ Port 8080 not open"
	fi
	echo ""

	# 4. Local connectivity
	echo "4. Connectivity test:"
	if timeout 5 curl -s http://127.0.0.1:8080 >/dev/null 2>&1; then
	echo " ✅ ZAP responds on local port"
	else
	echo " ❌ ZAP not responding on local port"
	fi
	echo ""

	# 5. Configuration
	echo "5. Current configuration:"
	if [ -f /etc/zaproxy/zap.conf ]; then
	echo " ✅ Configuration file found:"
	grep -E "ZAP_(HOST\|PORT\|API_KEY)" /etc/zaproxy/zap.conf \| sed 's/^/ /'
	else
	echo " ❌ Configuration file not found"
	fi
	echo ""

	# 6. Session files
	echo "6. Session files:"
	session_files=$(find /opt/zaproxy -name ".session" -o -name ".lck" 2>/dev/null)
	if [ -n "$session_files" ]; then
	echo " ⚠️ Existing session files:"
	echo "$session_files" \| sed 's/^/ /'
	else
	echo " ✅ No conflicting session files"
	fi
	echo ""

	# 7. Recent logs
	echo "7. Last 5 log lines:"
	if [ -f /var/log/zaproxy/zap.log ]; then
	tail -5 /var/log/zaproxy/zap.log \| sed 's/^/ /'
	else
	echo " ❌ No logs found"
	fi
	echo ""

	# 8. API test (if service is running)
	echo "8. API test:"
	if systemctl is-active --quiet zaproxy; then
	sleep 2 # Give ZAP time to fully start
	zap-api-utils test-api 2>/dev/null \| head -3 \| sed 's/^/ /'
	else
	echo " ⏸️ Service not running, skipping API test"
	fi

	echo ""
	echo "=== End of diagnostics ==="
	EOF

	chmod +x /usr/local/bin/zap-diagnostics

	# 12. Reload systemd
	echo "12. Reloading systemd configuration..."
	systemctl daemon-reload

	# 13. Enable service
	echo "13. Enabling zaproxy service..."
	systemctl enable zaproxy.service

	# 14. Generate unique API key in configuration file
	echo "14. Generating unique API key..."
	API_KEY="ZAP-API-KEY-$(date +%Y%m%d)-$(openssl rand -hex 16)"
	sed -i "s/ZAP_API_KEY=.*/ZAP_API_KEY=$API_KEY/" /etc/zaproxy/zap.conf

	echo ""
	echo "=== OWASP ZAP Service configured successfully ==="
	echo ""
	echo "✅ Applied fixes:"
	echo " - Configuration file syntax corrected"
	echo " - API configured as non-secure for remote access"
	echo " - Added -silent option to prevent popups"
	echo " - Consistent memory configuration"
	echo " - Unique API key generated"
	echo " - Enhanced utilities with better error handling"
	echo ""
	echo "Available commands:"
	echo " sudo systemctl start zaproxy # Start service"
	echo " sudo systemctl stop zaproxy # Stop service"
	echo " sudo systemctl restart zaproxy # Restart service"
	echo " sudo systemctl status zaproxy # View status"
	echo " zap-api-utils status # API test"
	echo " zap-diagnostics # Complete diagnostics"
	echo ""
	echo "Important files:"
	echo " Configuration: /etc/zaproxy/zap.conf"
	echo " Logs: /var/log/zaproxy/zap.log"
	echo " Data: /opt/zaproxy/"
	echo ""
	echo "Generated API Key: $API_KEY"
	echo "Proxy will be available at: http://0.0.0.0:8080"
	echo ""


	# Iniciar el servicio automáticamente
	echo "Iniciando servicio..."
	systemctl start zaproxy

	# Esperar y mostrar estado
	sleep 5
	echo "Estado actual del servicio:"
	/usr/local/bin/zap-diagnostics