zap-hud
zap-hud copied to clipboard
zaproxy
Tool to show security.txt file
Add a tool which detects a security.txt file (as per https://securitytxt.org/). This could be a standard side tool which is enabled when the file is present on a site (with suitable icon change) and when clicked shows the relevant info, providing clickable links. This will make it easier for researchers to find the relevant bug bounty program that they should submit any issues with the site to.
While this could use a ZAP ascan rule I think in this case it would be better if the tool just tried to access the security.txt file directly (if enabled) so that users wouldnt need to run the ZAP spider/active scanner in order to detect it.
Should probably be a bit more generic, eg to also support https://www.contributejson.org/ and any other similar schemes