v19

Added

• extender/arpSyndicateSubdomainDiscovery.js - uses the API of ARPSyndicate's Subdomain Center
  to find and add subdomains to the Sites Tree.
• passive/JavaDisclosure.js - Passive scan for Java error messages leaks
• httpsender/RsaEncryptPayloadForZap.py - A script that encrypts requests using RSA
• selenium/FillOTPInMFA.js - A script that fills the OTP in MFA
• authentication/KratosApiAuthentication.js - A script to authenticate with Kratos using the API flow
• authentication/KratosBrowserAuthentication.js - A script to authenticate with Kratos using the browser flow

Changed

• Update minimum ZAP version to 2.15.0.
• Use Prettier to format all JavaScript scripts.
• Update the following scripts to implement the getMetadata() function with revised metadata:
  • active/Cross Site WebSocket Hijacking.js
  • active/cve-2019-5418.js
  • active/gof_lite.js
  • active/JWT None Exploit.js
  • active/SSTI.js
  • passive/clacks.js
  • passive/CookieHTTPOnly.js
  • passive/detect_csp_notif_and_reportonly.js
  • passive/detect_samesite_protection.js
  • passive/f5_bigip_cookie_internal_ip.js
  • passive/find base64 strings.js
  • passive/Find Credit Cards.js
  • passive/Find Emails.js
  • passive/Find Hashes.js
  • passive/Find HTML Comments.js
  • passive/Find IBANs.js
  • passive/Find Internal IPs.js
  • passive/find_reflected_params.py
  • passive/HUNT.py
  • passive/Mutliple Security Header Check.js
  • passive/google_api_keys_finder.js
  • passive/JavaDisclosure.js
  • passive/Report non static sites.js
  • passive/RPO.js
  • passive/s3.js
  • passive/Server Header Disclosure.js
  • passive/SQL injection detection.js
  • passive/Telerik Using Poor Crypto.js
  • passive/Upload form discovery.js
  • passive/X-Powered-By_header_checker.js
• httpsender/Alert on Unexpected Content Types.js now checks for common content-types (json, xml, and yaml) more consistently.
• targeted/request_to_xml.js no longer uses deprecated method to show the message in the editor dialogue.