ENNAENNA

OWASP ZAP

Apache-2.0

๐Ÿ•ธ Web Scanning ยท Java

OWASP ZAP (Zed Attack Proxy) is the world's most widely-used open-source web application security scanner. It acts as a man-in-the-middle proxy between your browser and the target application, allowing you to intercept, inspect, and modify HTTP/HTTPS traffic. ZAP provides automated active and passive scanning, spidering, fuzzing, WebSocket support, and an extensive marketplace of add-ons. It integrates into CI/CD pipelines for automated DAST and supports full API testing via OpenAPI/Swagger import. Maintained by a dedicated OWASP team with frequent releases.

15.1kstars
2.5kforks
856issues
Updated today
+I use this
View on GitHubOfficial Website

Installation

$ brew install --cask zap

Use Cases

  • Automated web application vulnerability scanning
  • Manual penetration testing with intercepting proxy
  • CI/CD integrated DAST pipeline scanning
  • API security testing via OpenAPI import
  • Session hijacking and token analysis

Tags

proxydastweb-securityintercepting-proxyautomated-scanningowaspappsechacktoberfestopensourcesecuritysecurity-scannerzapzap-developmentzaproxy

Details

Category
๐Ÿ•ธ Web Scanning
Language
Java
Repository
zaproxy/zaproxy
License
Apache-2.0
Platforms
๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows

Links

GitHub Repository

github.com/zaproxy/zaproxy

Official Website

www.zaproxy.org

Releases

github.com/zaproxy/zaproxy/releases

Issues

github.com/zaproxy/zaproxy/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

Nikto

Perl

Classic web server scanner. Tests for dangerous files, outdated server software, and version-specific problems.

Compare OWASP ZAP vs Nikto

Burp Suite Community

Java

Web vulnerability scanner and proxy. Intercept, modify, and replay HTTP/S traffic for web app testing.

Compare OWASP ZAP vs Burp Suite Community

Caido

Rust

Lightweight and modern web security testing toolkit built in Rust, designed as a fast alternative to Burp Suite.

Compare OWASP ZAP vs Caido

Wapiti

Python

Black-box web application vulnerability scanner with built-in fuzzer modules.

Compare OWASP ZAP vs Wapiti

More in Web Scanning

httpx

Go

Fast multi-purpose HTTP toolkit. Probes for running HTTP servers with retries and fallbacks.

http-probetech-detectionprojectdiscovery

Nikto

Perl

Classic web server scanner. Tests for dangerous files, outdated server software, and version-specific problems.

web-serverclassiccgi-scan

Gobuster

Go

Directory/file, DNS, and vhost busting tool. Brute-forces URIs, DNS subdomains, virtual host names, and S3 buckets.

directory-brutedns-brutevhost

Feroxbuster

Rust

Fast, recursive content discovery tool written in Rust. Like gobuster on steroids with auto-recursion.

directory-bruterecursiverust

Burp Suite Community

Java

Web vulnerability scanner and proxy. Intercept, modify, and replay HTTP/S traffic for web app testing.

proxyweb-appinterceptor

ffuf

Go

Fast web fuzzer written in Go. Fuzz anything - URLs, headers, POST data - with blazing speed.

fuzzingdirectory-brutefast