2.10.0 D-2021-07-26 https://github.com/zaproxy/zaproxy/releases/download/w2021-07-26/ZAP_WEEKLY_D-2021-07-26.zip ZAP_WEEKLY_D-2021-07-26.zip SHA-256:8c402b6453e28cf46ebb454c8d9091ed96b221a81830e36539f6f0cafb321381 182798894 https://github.com/zaproxy/zaproxy/releases/download/v2.10.0/ZAP_2_10_0_windows.exe ZAP_2_10_0_windows.exe SHA-256:cff6885a98abfec9c33224cba65ddead6b6dd4e61eff8140c59d1a4f396250eb 139219968 https://github.com/zaproxy/zaproxy/releases/download/v2.10.0/ZAP_2.10.0_Linux.tar.gz ZAP_2.10.0_Linux.tar.gz SHA-256:10ff2f6263b97b6367d97273de74a431b92b8d47b486662f79c2e8754dd1e9d7 137786743 https://github.com/zaproxy/zaproxy/releases/download/v2.10.0/ZAP_2.10.0.dmg ZAP_2.10.0.dmg SHA-256:bc25ff4fbd21fc36449c15ef66e109b72802ad9eedfc1ae122569cbf91ab9829 208837055 10th Anniversary bug fix and enhancement release. https://www.zaproxy.org/docs/desktop/releases/2.10.0/ accessControl Access Control Testing Adds a set of tools for testing access control in web applications. ZAP Dev Team 6 accessControl-alpha-6.zap alpha <h3>Added</h3> <ul> <li>Add API support.</li> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.9.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/accessControl-v6/accessControl-alpha-6.zap SHA-256:34143426d045bff319138d9012b50383e84989a36e17d15e145ed77fb3931165 https://www.zaproxy.org/docs/desktop/addons/access-control-testing/ https://github.com/zaproxy/zap-extensions/ 2020-10-06 545530 2.9.0 alertFilters Alert Filters Allows you to automate the changing of alert risk levels. ZAP Dev Team 11 alertFilters-release-11.zap release <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> <li>Maintenance changes.</li> </ul> <h3>Added</h3> <ul> <li>API endpoints &quot;applyAll&quot;, &quot;applyContext&quot;, and &quot;applyGlobal&quot; to apply enabled Alert Filters to existing alerts (Issue 5966).</li> <li>API endpoints &quot;testAll&quot;, &quot;testContext&quot;, and &quot;testGlobal&quot; to test enabled Alert Filters against existing alerts.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/alertFilters-v11/alertFilters-release-11.zap SHA-256:2573f6f4aeec19899057cbd4e9543abaaf6fe8cc6406bc1143662dce3a29bedf https://www.zaproxy.org/docs/desktop/addons/alert-filters/ https://github.com/zaproxy/zap-extensions/ 2021-07-29 317767 2.10.0 alertReport Report alert generator Allows you to generate reports for alerts you specify in pdf or odt format Talsoft SRL 14 alertReport-beta-14.zap beta Fix an exception while generating the report (Issue 1612).<br> Include Alert's evidence in report of ODT format. https://github.com/zaproxy/zap-extensions/releases/download/2.7/alertReport-beta-14.zap SHA1:4e9456325fd921f7b403fa780f703c91cdf61bdd https://www.zaproxy.org/docs/desktop/addons/report-alert-generator/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 9722880 2.4.0 allinonenotes All In One Notes A simple extension to view all notes in one pane. David Vassallo 1 allinonenotes-alpha-1.zap alpha <ul> <li>First version.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/allinonenotes-v1/allinonenotes-alpha-1.zap SHA-256:3862c6b56214092fa1e50b408addcf21fddb88bcbaf756c6d08e5118c12c9ba4 https://www.zaproxy.org/docs/desktop/addons/all-in-one-notes/ https://github.com/zaproxy/zap-extensions/ 2019-06-18 19614 2.8.0 amf AMF Adds support for AMF messages ZAP Dev Team 2 amf-alpha-2.zap alpha Deserialise the AMF request. https://github.com/zaproxy/zap-extensions/releases/download/2.7/amf-alpha-2.zap SHA1:d73da69a1a8c40a881f545aea7bcfc28ee125467 https://www.zaproxy.org/docs/desktop/addons/amf-support/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 813490 2.4.0 ascanrules Active scanner rules The release quality Active Scanner rules ZAP Dev Team 40 ascanrules-release-40.zap release <h3>Changed</h3> <ul> <li>The SQL Injection scan rule will raise alerts with the URI field in encoded form.</li> <li>Update links to repository.</li> </ul> <h3>Fixed</h3> <ul> <li>Correct Context check in SQL Injection scan rule.</li> <li>&quot;Source Code Disclosure - /WEB-INF folder&quot; is no longer skipped on Java 9+ (Issue 4038).</li> <li>Fix ascan rules not enforcing MaxRuleDuration when getting IOExceptions (Issue 6647).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v40/ascanrules-release-40.zap SHA-256:c8dbc5952d016d2f12c65a8e334a26d5ac5f111c80b1d43abe5941489057de73 https://www.zaproxy.org/docs/desktop/addons/active-scan-rules/ https://github.com/zaproxy/zap-extensions/ 2021-06-17 2402850 2.10.0 commonlib >= 1.3.0 & < 2.0.0 ascanrulesAlpha Active scanner rules (alpha) The alpha quality Active Scanner rules ZAP Dev Team 31 ascanrulesAlpha-alpha-31.zap alpha <h3>Changed</h3> <ul> <li>Update links to zaproxy and zap-extensions repos.</li> <li>Target 2.10 core and use new logging infrastructure (Log4j 2.x).</li> <li>The LDAP Injection scan rule was modified to use: <ul> <li>The Dice algorithm for calculating the match percentage, thus improving its performance.</li> <li>The URI in encoded form in alerts' other info field.</li> </ul> </li> <li>Maintenance changes.</li> </ul> <h3>Added</h3> <ul> <li>CORS active scan rule.</li> <li>Forbidden (403) Bypass scan rule.</li> <li>Web Cache Deception scan rule.</li> </ul> <h3>Removed</h3> <ul> <li>Unused file, it was used by promoted scan rule.</li> </ul> <h3>Fixed</h3> <ul> <li>Correct Context check in NoSQL Injection - MongoDB scan rule.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesAlpha-v31/ascanrulesAlpha-alpha-31.zap SHA-256:9681556641c565bf05ae3342d704044a70b3a1af4f6a5fcbcdc271c5296da284 https://www.zaproxy.org/docs/desktop/addons/active-scan-rules-alpha/ https://github.com/zaproxy/zap-extensions/ 2021-06-17 1217478 2.10.0 commonlib >= 1.3.0 & < 2.0.0 ascanrulesBeta Active scanner rules (beta) The beta quality Active Scanner rules ZAP Dev Team 35 ascanrulesBeta-beta-35.zap beta <h3>Fixed</h3> <ul> <li>Correct dependency requirements.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v35/ascanrulesBeta-beta-35.zap SHA-256:5041361a34a6b91b6f8415dac153893dbe070e635f916475efa8d923fa503974 https://www.zaproxy.org/docs/desktop/addons/active-scan-rules-beta/ https://github.com/zaproxy/zap-extensions/ 2021-07-06 1554763 2.10.0 commonlib >= 1.4.0 & < 2.0.0 attacksurfacedetector Attack Surface Detector The Attack Surface Detector analyzes web application source code to generate endpoints that can be used for penetration testing. Secure Decisions (Matthew DeLetto) 1.1.4 attacksurfacedetector-alpha-1.1.4.zap alpha Various incremental changes (see https://github.com/secdec/attack-surface-detector-zap/releases)<br> Fix un-handled exception when target unavailable & address various "house keeping" tasks.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/attacksurfacedetector-alpha-1.1.4.zap SHA1:e21758c2cdcbc7806f44cc986a88360457eff82e https://github.com/secdec/attack-surface-detector-zap/wiki https://github.com/secdec/attack-surface-detector-zap/ 2019-03-07 15604948 2.7.0 authstats Authentication Statistics Records logged in/out statistics for all contexts in scope. ZAP Core Team 1 authstats-alpha-1.zap alpha First version<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/authstats-alpha-1.zap SHA1:7191fd7491564eed5186df3567ee4002ce42b25a https://www.zaproxy.org/docs/desktop/addons/authentication-statistics/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 238686 2.5.0 automation Automation Framework Automation Framework. ZAP Dev Team 0.3.0 automation-alpha-0.3.0.zap alpha <h3>Added</h3> <ul> <li>Support for using variables in the config.</li> <li>Support for data jobs.</li> <li>Support for multiple top level URLs in a context.</li> <li>Passive scan config enableTags parameter</li> <li>Support for include/exclude regexes.</li> <li>Support for param data job</li> <li>Support for job tests.</li> </ul> <h3>Changed</h3> <ul> <li>Update links to repository.</li> <li>Maintenance changes.</li> </ul> <h3>Fixed</h3> <ul> <li>NPE in pscan config job when rule specified with no id (as per template).</li> </ul> <h3>Deprecated</h3> <ul> <li>Spider job parameters <code>failIfFoundUrlsLessThan</code> and <code>warnIfFoundUrlsLessThan</code> in favour of the <code>automation.spider.urls.added</code> statistic test.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/automation-v0.3.0/automation-alpha-0.3.0.zap SHA-256:d2cac7fb9ebabc4047721fe2623dad9dd6877709c17daf80ba19f0572b2aa2c1 https://www.zaproxy.org/docs/desktop/addons/automation-framework/ https://github.com/zaproxy/zap-extensions/ 2021-06-28 2618447 2.10.0 beanshell BeanShell Console Provides a BeanShell Console ZAP Dev Team 6 beanshell-beta-6.zap beta Minor code changes. https://github.com/zaproxy/zap-extensions/releases/download/2.7/beanshell-beta-6.zap SHA1:9546aad4694ef047822bc17d3d9f532d3aa162b8 https://www.zaproxy.org/docs/desktop/addons/bean-shell/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 574028 2.4.0 browserView Browser View Adds an option to render HTML responses like a browser ZAP Dev Team 5 browserView-alpha-5.zap alpha Allow to properly scroll the rendered page. https://github.com/zaproxy/zap-extensions/releases/download/2.7/browserView-alpha-5.zap SHA1:0aaf81863ad1011136416b49a05eba3d8b262a02 https://www.zaproxy.org/docs/desktop/addons/browser-view/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 193880 2.4.0 bruteforce Forced Browse Forced browsing of files and directories using code from the OWASP DirBuster tool ZAP Dev Team 10 bruteforce-beta-10.zap beta <h3>Added</h3> <ul> <li>Added option and functionality to find files without extension. (Issue 5883)</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> <li>Ensure requests are counted and progress updated (Issue 5437).</li> <li>Updated owasp.org references (Issue 5962).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/bruteforce-v10/bruteforce-beta-10.zap SHA-256:eb466993d97db676a422a459bdef85793da0910b1a0f830fd2e711c64fa162cc https://www.zaproxy.org/docs/desktop/addons/forced-browse/ https://github.com/zaproxy/zap-extensions/ 2020-12-15 519374 2.10.0 bugtracker Bug Tracker Bug Tracker extension. ZAP Dev Team 2 bugtracker-alpha-2.zap alpha Added help for the add-on https://github.com/zaproxy/zap-extensions/releases/download/2.7/bugtracker-alpha-2.zap SHA1:8990bb1dec45749982a9cad93a7437a9281b40aa https://www.zaproxy.org/docs/desktop/addons/bug-tracker/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 2002624 2.5.0 callgraph Call Graph Allows the user to view a call graph of the selected resources Colm O'Flaherty 4 callgraph-alpha-4.zap alpha Finish internationalisation.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/callgraph-alpha-4.zap SHA1:4edaa3f624517ebf6a52b9f84e2209d8839429bb https://www.zaproxy.org/docs/desktop/addons/call-graph/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 1160586 2.4.0 codedx Code Dx Extension Includes request and response data in XML reports and provides the ability to upload reports directly to a Code Dx server Code Dx, Inc. 8 codedx-alpha-8.zap alpha <ul> <li>Make fixes to the report generation process to handle encoding the same as other ZAP reports</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/codedx-v8/codedx-alpha-8.zap SHA-256:a0f90a41eb1e9fc50c87a00d78e19957e083c933ec35a84f4f9be062b1d510ae https://www.zaproxy.org/docs/desktop/addons/code-dx/ https://github.com/zaproxy/zap-extensions/ https://www.codedx.com/ 2019-08-23 1740991 2.5.0 commonlib Common Library A common library, for use by other add-ons. ZAP Dev Team 1.4.0 commonlib-release-1.4.0.zap release <h3>Added</h3> <ul> <li>An HTTP date parser/formatter.</li> </ul> <h3>Fixed</h3> <ul> <li>Take into account the timezone when checking if a cookie is expired (Issue 6550).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.4.0/commonlib-release-1.4.0.zap SHA-256:17ca02e1326bb82c1f498cf77a0d058089c29875bd0c93b8c0c0bb9d0e5afedc https://github.com/zaproxy/zap-extensions/ 2021-06-23 3824224 2.10.0 communityScripts Community Scripts Useful ZAP scripts written by the ZAP community. ZAP Community 10 communityScripts-alpha-10.zap alpha <h3>Added</h3> <ul> <li>standalone/load_context_from_burp -&gt; import context from burp config file</li> <li>Passive scan script for finding potential s3 Bucket URLs</li> <li>payloadprocessor/to-hex.js &gt; string to hex payload script.</li> <li>selenium and session scripts.</li> <li>httpfuzzerprocessor/random_x_forwarded_for_ip.js &gt; Set 'X-Forwarded-For' to a random IP value.</li> <li>httpfuzzerprocessor/randomUserAgent.js &gt; Set 'User-Agent' to a random user-agent.</li> <li>Add the following Payload Processor scripts ported from SQLMap: <ul> <li>apostrophemask</li> <li>apostrophenullencode</li> <li>chardoubleencode</li> <li>charencode</li> <li>charunicodeencode</li> <li>equaltolike</li> <li>lowercase</li> <li>percentage</li> <li>randomcase</li> <li>space2comments</li> </ul> </li> <li>Add Google API keys finder script</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> <li>Rename reliability to confidence.</li> <li>standalone/enableDebugLogging.js &gt; use new Log4j 2 APIs.</li> <li>standalone/window_creation_template.js &gt; no longer extend <code>AbstractFrame</code>.</li> <li>httpsender/Alert on HTTP Response Code Errors.js and Alert on Unexpected Content Types.js: <ul> <li>Check if messages being analyzed are globally excluded or not;</li> <li>Ignore check for update messages;</li> <li>Include more expected content types.</li> </ul> </li> <li>httpsender/aws-signing-for-owasp-zap.py &gt; read AWS environment variables for default values.</li> <li>active/TestInsecureHTTPVerbs.py and passive/HUNT.py &gt; correct links to OWASP site.</li> </ul> <h3>Removed</h3> <ul> <li>standalone/loadListInGlobalVariable.js &gt; superseded by core functionality, <code>ScriptVars.setGlobalCustomVar(...)</code> and <code>getGlobalCustomVar(...)</code>.</li> </ul> <h3>Fixed</h3> <ul> <li>extender/HTTP Message Logger.js &gt; fix typo in Integer constant.</li> </ul> https://github.com/zaproxy/community-scripts/releases/download/v10/communityScripts-alpha-10.zap SHA-256:4660137ed039ee197ab76d0376be3c467a4f3e6d8ea3eb41bd28b2825bb63b7e https://www.zaproxy.org/docs/desktop/addons/community-scripts/ https://github.com/zaproxy/community-scripts/ 2021-06-11 425509 2.10.0 custompayloads Custom Payloads Ability to add, edit or remove payloads that are used i.e. by active scanners ZAP Dev Team 0.10.0 custompayloads-alpha-0.10.0.zap alpha <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> <li>Add functionality to add multiple payloads from a file.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> <li>Maintenance changes.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/custompayloads-v0.10.0/custompayloads-alpha-0.10.0.zap SHA-256:5aa57020e937e7366e1ecc380d23804428714d020cf7aca81debe53a4cb6f6b3 https://www.zaproxy.org/docs/desktop/addons/custom-payloads/ https://github.com/zaproxy/zap-extensions/ 2021-06-17 45780 2.10.0 customreport CustomReport New HTML report module allows users to customize report content. Chienli Ma 6 customreport-alpha-6.zap alpha <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> <li>Maintenance changes.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> <li>Add Evidence to report (Issue 6151).</li> <li>Make Parameter and Attack fields optional.</li> <li>Fix bug to allow writing reports with file path containing '#' (Issue 6267).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/customreport-v6/customreport-alpha-6.zap SHA-256:bcda4c64076e554be555b2154e5b446249c213d40bdc81d6d90593889c464e69 https://www.zaproxy.org/docs/desktop/addons/custom-report/ https://github.com/zaproxy/zap-extensions/ 2020-12-15 262637 2.10.0 diff Diff Displays a dialog showing the differences between 2 requests or responses. It uses diffutils and diff_match_patch ZAP Dev Team 10 diff-beta-10.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/diff-v10/diff-beta-10.zap SHA-256:49f3637cc752b588be6dea182ecf362007e37d70976fd0dadff61925ae0dfd7b https://www.zaproxy.org/docs/desktop/addons/diff/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 280367 2.7.0 directorylistv1 Directory List v1.0 List of directory names to be used with Forced Browse or Fuzzer add-on. ZAP Dev Team 4 directorylistv1-release-4.zap release <h3>Added</h3> <ul> <li>Add help.</li> <li>Add repo URL.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.5.0.</li> <li>Change info URL to link to the site.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/directorylistv1-v4/directorylistv1-release-4.zap SHA-256:37581b311526009a8c7f070c1b843c6798c81a90856b04e9b63fb35001ef1317 https://www.zaproxy.org/docs/desktop/addons/directory-list-v1.0/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 850997 2.5.0 directorylistv2_3 Directory List v2.3 Lists of directory names to be used with "Forced Browse" add-on. ZAP Dev Team 3 directorylistv2_3-release-3.zap release Removed repeated files.<br> Added strings for version control directories of Git, Mercurial, SVN, Bazaar.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/directorylistv2_3-release-3.zap SHA1:e3b9cb6a9bae87a0dbcf73ff52f7b4406486d5c0 https://www.zaproxy.org/docs/desktop/addons/directory-list-v2.3/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 8608734 2.4.0 directorylistv2_3_lc Directory List v2.3 LC Lists of lower case directory names to be used with "Forced Browse" add-on. ZAP Dev Team 3 directorylistv2_3_lc-release-3.zap release Added strings for version control directories of Git, Mercurial, SVN, Bazaar.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/directorylistv2_3_lc-release-3.zap SHA1:03a5ec11530203be6625633821ab3c05754b2daa https://www.zaproxy.org/docs/desktop/addons/directory-list-v2.3-lc/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 7454767 2.4.0 domxss DOM XSS Active scanner rule DOM XSS Active scanner rule Aabha Biyani, ZAP Dev Team 10 domxss-beta-10.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> <li>Add link to the code in the help.</li> <li>Performance improvements</li> <li>Support for Chrome</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> <li>Maintenance changes.</li> <li>Promote to beta</li> <li>Now clicking on different buttons throughout the page to see if it triggers XSS.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/domxss-v10/domxss-beta-10.zap SHA-256:12002f1582abf8d8be521d2ceec7c44846dde2916e16a29a11d92c86588f663e https://www.zaproxy.org/docs/desktop/addons/dom-xss-active-scan-rule/ https://github.com/zaproxy/zap-extensions/ 2020-12-15 214982 2.10.0 selenium 15.* encoder Encoder Adds encode/decode/hash dialog and support for scripted processors as well ZAP Dev Team 0.5.0 encoder-beta-0.5.0.zap beta <h3>Changed</h3> <ul> <li>Remove &quot;Advanced&quot; in help page.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/encoder-v0.5.0/encoder-beta-0.5.0.zap SHA-256:f620f8cf668b54fac0b5e1180b9c62d6f7e43d2eb64d3d9b4d595f90f7af696e https://www.zaproxy.org/docs/desktop/addons/encode-decode-hash/ https://github.com/zaproxy/zap-extensions/ 2021-02-09 79635 2.10.0 exportreport Export Report Report Export module that allows users to customize content and export in a desired format. Goran Sarenkapa - JordanGS 7 exportreport-alpha-7.zap alpha <h3>Added</h3> <ul> <li>Completed PDF Output support (Issue 5535)</li> <li>Added option to specify active scan id in API.</li> <li>Added option to specify inclusion of passive alerts in API and command line.</li> <li>Add info and repo URLs.</li> <li>Maintenance changes.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/exportreport-v7/exportreport-alpha-7.zap SHA-256:2872f45ec25c0d7a30659a8a23ca9155c931a0aabb52bf386f20aa7819631d40 https://www.zaproxy.org/docs/desktop/addons/export-report/ https://github.com/zaproxy/zap-extensions/ 2020-12-15 12510634 2.10.0 formhandler Form Handler This Form Handler Add-on allows a user to define field names and values to be used in a form's fields. Fields can be added, modified, enabled, and deleted for use in form fields. ZAP Dev Team 3 formhandler-beta-3.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> <li>Promote to beta</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/formhandler-v3/formhandler-beta-3.zap SHA-256:4d6dcd6ae856e277f5b342dcdad178c1ce8643a7efce41cc3b963e806abf267d https://www.zaproxy.org/docs/desktop/addons/form-handler/ https://github.com/zaproxy/zap-extensions/ 2020-12-15 2200844 2.10.0 fuzz Fuzzer Advanced fuzzer for manual testing ZAP Dev Team 13.2.0 fuzz-beta-13.2.0.zap beta <h3>Changed</h3> <ul> <li>Now using 2.10 logging infrastructure (Log4j 2.x).</li> <li>Maintenance changes.</li> <li>Update dependency (Issue 4751).</li> </ul> <h3>Fixed</h3> <ul> <li>Update results panels when Look and Feel changes (Issue 6479).</li> <li>Correct payload count from file.</li> <li>Show Add Payload dialogue above the Payloads dialogue.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/fuzz-v13.2.0/fuzz-beta-13.2.0.zap SHA-256:48bfb825f72b64d28ed15df17ae4ffab0f0acf10378f53f48a647ce59ed1e584 https://www.zaproxy.org/docs/desktop/addons/fuzzer/ https://github.com/zaproxy/zap-extensions/ 2021-06-01 1921264 2.10.0 fuzzdb FuzzDB Files FuzzDB files which can be used with the ZAP fuzzer ZAP Dev Team 7 fuzzdb-release-7.zap release <h3>Removed</h3> <ul> <li>Removed 'attack' sub-folder and content, all of which is being migrated to the 'FuzzDB Offensive' add-on due to AV triggers (Issue 5972).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/fuzzdb-v7/fuzzdb-release-7.zap SHA-256:7396a6f5db1e535d1fadf6bc2e88bf29240ceeacad9c7324c561ab0a7dcd9242 https://www.zaproxy.org/docs/desktop/addons/fuzzdb-files/ https://github.com/zaproxy/zap-extensions/ 2020-06-30 5923666 2.9.0 fuzzdboffensive FuzzDB Offensive FuzzDB web backdoors and attack files which can be used with the ZAP fuzzer or for manual penetration testing ZAP Dev Team 4 fuzzdboffensive-release-4.zap release <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> </ul> https://github.com/zaproxy/fuzzdb-offensive/releases/download/v4/fuzzdboffensive-release-4.zap SHA-256:06bf75d2745c8f6e9a861597a31bab2d3f96058a3c497539a3ba234c687e796a https://www.zaproxy.org/docs/desktop/addons/fuzzdb-offensive/ https://github.com/zaproxy/fuzzdb-offensive/ 2021-06-11 414373 2.10.0 gettingStarted Getting Started with ZAP Guide A short Getting Started with ZAP Guide ZAP Dev Team 12 gettingStarted-release-12.zap release <h3>Changed</h3> <ul> <li>Update link to OWASP ZAP homepage.</li> <li>Updated for 2.10.0</li> <li>Update minimum ZAP version to 2.10.0.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.9.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/gettingStarted-v12/gettingStarted-release-12.zap SHA-256:b4cd18320db2484acaa0b619eb9583ab02a0f9e0a02a2a8f875dc5c5b677631d https://www.zaproxy.org/docs/desktop/addons/getting-started-guide/ https://github.com/zaproxy/zap-extensions/ 2020-12-15 711269 2.10.0 graaljs GraalVM JavaScript Provides the GraalVM JavaScript engine for ZAP scripting. ZAP Dev Team 0.1.0 graaljs-alpha-0.1.0.zap alpha <p>First version.</p> https://github.com/zaproxy/zap-extensions/releases/download/graaljs-v0.1.0/graaljs-alpha-0.1.0.zap SHA-256:0c4f7dd20388e4008e978ec25307dda57b3685dffae8e7288d8364d26a93ab7f https://github.com/zaproxy/zap-extensions/ 2020-11-17 19632933 2.9.0 graphql GraphQL Support Inspect and attack GraphQL endpoints. ZAP Dev Team 0.3.0 graphql-alpha-0.3.0.zap alpha <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> <li>Add two new options that allow enforcing maximum query depth leniently for fields with no leaf types.</li> <li>Add support for the automation framework.</li> <li>Maintenance changes.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix invalid query generation when query depth was reached and the deepest fields had no leaf types (Issue 6316).</li> <li>Cope with missing Nashorn engine (Issue 6501).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/graphql-v0.3.0/graphql-alpha-0.3.0.zap SHA-256:e5175d17cfd2d279ba8604cb3dd047d7b525dafebda4457bb61335cfc2794aaf https://www.zaproxy.org/docs/desktop/addons/graphql-support/ https://github.com/zaproxy/zap-extensions/ 2021-03-30 2218576 2.10.0 groovy Groovy Support Adds Groovy support to ZAP ZAP Dev Team 3.0.0 groovy-beta-3.0.0.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> <li>Promote to beta status.</li> <li>Change add-on name/description and update help.</li> <li>Start using Semantic Versioning.</li> <li>Update Groovy from 2.4.14 to 3.0.2.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix links in script templates.</li> <li>Fix missing parameter functions in template</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/groovy-v3.0.0/groovy-beta-3.0.0.zap SHA-256:0499c6e5d43b674b9c29a770ee8dcccadf72c188827593fbe2d9137ae2f4b8e9 https://www.zaproxy.org/docs/desktop/addons/groovy-support/ https://github.com/zaproxy/zap-extensions/ 2020-12-15 18987590 2.10.0 help Help - English English version of the ZAP help file. ZAP Crowdin Team 11 help-release-11.zap release <ul> <li>Update for 2.10.0 release.</li> </ul> https://github.com/zaproxy/zap-core-help/releases/download/help-v11/help-release-11.zap SHA-256:bfcfb2a6970f1337feaaa71412bc1dff096d217056f213d86684d1854428bca2 https://www.zaproxy.org/docs/desktop/ https://github.com/zaproxy/zap-core-help/ 2020-12-16 788440 2.10.0 help_bs_BA Help - Bosnian Bosnian version of the ZAP help file. ZAP Crowdin Team 9 help_bs_BA-alpha-9.zap alpha Updated with the latest files from crowdin https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_bs_BA-alpha-9.zap SHA1:d33a3277e877da4734e6bf9c911c61c4e6ce2f3f 2018-02-08 747536 2.7.0 help_es_ES Help - Spanish Spanish version of the ZAP help file. ZAP Crowdin Team 9 help_es_ES-release-9.zap release Updated with the latest files from crowdin, promoted to release https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_es_ES-release-9.zap SHA1:c17a1d63de54a99feb5344ea3f07e66dcbd7d4d1 2018-02-08 810573 2.7.0 help_fil_PH Help Filipino Filipino version of the ZAP help file. ZAP Crowdin Team 2 help_fil_PH-alpha-2.zap alpha Updated with the latest files from crowdin https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_fil_PH-alpha-2.zap SHA1:76ae4fe9931d187aac7e5c4a4dd7bfbc13d262e4 2018-02-08 818996 2.7.0 help_fr_FR Help - French French version of the ZAP help file. ZAP Crowdin Team 9 help_fr_FR-alpha-9.zap alpha Updated with the latest files from crowdin https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_fr_FR-alpha-9.zap SHA1:05aa37ec86966990fa33190c65a53d1c5a6dc955 2018-02-08 752466 2.7.0 help_id_ID Help Indonesian Indonesian version of the ZAP help file. ZAP Crowdin Team 2 help_id_ID-beta-2.zap beta Updated with the latest files from crowdin https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_id_ID-beta-2.zap SHA1:7b7ba465a1eecac23781582a1f1d7dfbaef2d347 2018-02-08 775452 2.7.0 help_ja_JP Help - Japanese Japanese version of the ZAP help file. ZAP Crowdin Team 9 help_ja_JP-beta-9.zap beta Updated with the latest files from crowdin https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_ja_JP-beta-9.zap SHA1:d91450eef7e4f3ce19fa9ad9f318fb80cc337ec1 2018-02-08 774034 2.7.0 help_pt_BR Help - Portuguese, Brazilian Portuguese, Brazilian version of the ZAP help file. ZAP Crowdin Team 10 help_pt_BR-release-10.zap release Updated with the latest files from crowdin https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_pt_BR-release-10.zap SHA1:43ef048b4faff32e6ed59dfbd07174ceec71bbdb 2018-02-08 793044 2.7.0 help_tr_TR Help - Turkish Turkish version of the ZAP help file. ZAP Crowdin Team 1 help_tr_TR-release-1.zap release First version https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_tr_TR-release-1.zap SHA1:2d4c3c115e0f401c37049dd1802f413b42f88e5e 2018-02-08 815439 2.7.0 help_zh_CN Help Chinese Simplified Chinese Simplified version of the ZAP help file. ZAP Crowdin Team 2 help_zh_CN-beta-2.zap beta Updated with the latest files from crowdin https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_zh_CN-beta-2.zap SHA1:bf58e29e3813b20df90e1691e81119e4a1a2e4f2 2018-02-08 761680 2.7.0 highlighter Highlighter Allows you to highlight strings in the request and response tabs. ZAP Dev Team 7 highlighter-alpha-7.zap alpha Fix help related exception in the Highlighter panel.<br> Correct resizing of Highlighter panel.<br> Update minimum ZAP version to 2.5.0.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/highlighter-alpha-7.zap SHA1:6b3cbf8939c2dfc5eb0c6e74e407d3674048fe93 https://www.zaproxy.org/docs/desktop/addons/highlighter/ https://github.com/zaproxy/zap-extensions/ 2018-05-30 9210 2.5.0 httpsInfo HttpsInfo Displays HTTPS configuration information. ZAP Dev Team 12 httpsInfo-alpha-12.zap alpha <ul> <li>New tabbed UI.</li> <li>Update to DeepViolet 5.1.16.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/httpsInfo-v12/httpsInfo-alpha-12.zap SHA1:c9c44e815522b32f3870bae898ed4e76e9011207 https://www.zaproxy.org/docs/desktop/addons/https-info/ https://github.com/zaproxy/zap-extensions/ 2019-04-26 7690429 2.7.0 hud HUD - Heads Up Display Display information from ZAP in browser. ZAP Dev Team 0.12.0 hud-beta-0.12.0.zap beta <h3>Fixed</h3> <ul> <li>Problems with Firefox 81 due to referer header not being set cross domain. <a href="https://github.com/zaproxy/zap-hud/issues/815">#815</a></li> </ul> https://github.com/zaproxy/zap-hud/releases/download/v0.12.0/hud-beta-0.12.0.zap SHA-256:a72ba697769a4cf3232cb7e312950f16635fa9489abb7cd4faf1b39d53ff7d96 https://www.zaproxy.org/docs/desktop/addons/hud/ https://github.com/zaproxy/zap-hud/ 2020-10-15 907643 2.9.0 websocket imagelocationscanner Image Location and Privacy Scanner Image Location and Privacy Passive Scanner Jay Ball (veggiespam) and the ZAP Dev Team 2 imagelocationscanner-beta-2.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> <li>Updated to Image Location and Privacy Scanner version 1.1; merged from <a href="https://github.com/veggiespam/ImageLocationScanner">source</a></li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.9.0.</li> <li>Maintenance changes.</li> <li>Correct repository URL in about help page.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/imagelocationscanner-v2/imagelocationscanner-beta-2.zap SHA-256:80c3f7c71854fc573f376a3bb2b38f8a4ce2ee57ae1adc7bac0ebf0e75645adc https://www.zaproxy.org/docs/desktop/addons/image-location-and-privacy-scanner/ https://github.com/zaproxy/zap-extensions/ 2020-07-03 891854 2.9.0 importLogFiles Log File Importer Allows you to import log files from ModSecurity and files previously exported from ZAP ZAP Dev Team 4 importLogFiles-alpha-4.zap alpha Use API actions when importing files. https://github.com/zaproxy/zap-extensions/releases/download/2.7/importLogFiles-alpha-4.zap SHA1:81d9d50c879301d8ce40b8b39d5e1953f95ba9ab https://www.zaproxy.org/docs/desktop/addons/log-file-importer/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 152736 2.4.0 importurls Import files containing URLs Adds an option to import a file of URLs. The file must be plain text with one URL per line. ZAP Dev Team 7 importurls-beta-7.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.8.0.</li> <li>Add import menu to (new) top level Import menu instead of Tools menu.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/importurls-v7/importurls-beta-7.zap SHA-256:5f21011e2b91ccc1503a6fbec67464d597c6026893624bc52a3d1bc7c31afbf8 https://www.zaproxy.org/docs/desktop/addons/import-urls/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 235133 2.8.0 invoke Invoke Applications Invoke external applications passing context related information such as URLs and parameters ZAP Dev Team 10 invoke-beta-10.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Maintenance changes.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/invoke-v10/invoke-beta-10.zap SHA-256:67b8817a8ebd224eba16ab24f1190602b57cae328f2d051c7c8ad0fd5a3effca https://www.zaproxy.org/docs/desktop/addons/invoke-applications/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 315904 2.7.0 jruby Ruby Scripting Allows Ruby to be used for ZAP scripting - templates included ZAP Dev Team 7 jruby-beta-7.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update the help to mention the bundled JRuby version.</li> <li>Update minimum ZAP version to 2.10.0.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix link in a script template.</li> <li>Fix exception while uninstalling the add-on with newer Java versions.</li> <li>Fix passive template.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/jruby-v7/jruby-beta-7.zap SHA-256:13d7259fbe2eea83af1c03eca17b95031ace925189a554bd1d36fee927267d93 https://www.zaproxy.org/docs/desktop/addons/ruby-scripting/ https://github.com/zaproxy/zap-extensions/ 2020-12-15 21955502 2.10.0 jsonview Json view Adds a view that shows JSON messages nicely formatted Juha Kivekäs 1 jsonview-alpha-1.zap alpha Initial release https://github.com/zaproxy/zap-extensions/releases/download/2.7/jsonview-alpha-1.zap SHA1:be9a95e39722ff42af1160a195a56c9af9e285c1 https://www.zaproxy.org/docs/desktop/addons/json-view/ https://github.com/zaproxy/zap-extensions/ 2018-02-08 10796 2.6.0 jwt JWT Support Detect JWT requests and scan them to find related vulnerabilities KSASAN preetkaran20@gmail.com 1.0.1 jwt-alpha-1.0.1.zap alpha <h3>Added</h3> <ul> <li>Increased the number of requests for High threshold to 18 from 12.</li> <li>Client side configuration alerts will not stop the scanner from scanning server side configurations.</li> <li>Support for validating usage of publicly well known HMac secrets for signing JWT.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/2.7/jwt-alpha-1.0.1.zap SHA-256:1ff8936817f26049192f41ef152a798ff43bf4402925e6462888b47a38b5e3ad https://github.com/SasanLabs/owasp-zap-jwt-addon/ 2020-12-22 748996 2.9.0 commonlib fuzz 13.* jython Python Scripting Allows Python to be used for ZAP scripting - templates included ZAP Dev Team 11 jython-beta-11.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> <li>Update Jython from 2.7.1 to 2.7.2.</li> <li>Update the help to mention the bundled Jython version.</li> <li>Jython templates now includes an extender script (getInputsFromuser.py) for setting global script variables based on user input.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix link in a script template.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/jython-v11/jython-beta-11.zap SHA-256:5e6103473dbcc63ef937a8dd07313daa2210862c482d6ed31c7d0e285d792344 https://www.zaproxy.org/docs/desktop/addons/python-scripting/ https://github.com/zaproxy/zap-extensions/ 2020-12-15 43263624 2.10.0 kotlin Kotlin Support Allows Kotlin to be used for ZAP scripting StackHawk Engineering 1.0.0 kotlin-alpha-1.0.0.zap alpha <ul> <li>Kotlin scripting for the JVM</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/kotlin-v1.0.0/kotlin-alpha-1.0.0.zap SHA-256:0e86e69a41110b2f6bd901fce73cd1e0b8be81b2848f51f2e1123b73fc931f65 https://www.zaproxy.org/docs/desktop/addons/kotlin-support/ https://github.com/zaproxy/zap-extensions/ 2020-09-14 48700873 2.9.0 neonmarker Neonmarker Colors history table items based on tags Juha Kivekäs, Kingthorin 1.3.0 neonmarker-alpha-1.3.0.zap alpha <h3>Fixed</h3> <ul> <li>Fixed an exception which was occurring when the tab was shown during install.</li> <li>Fixed an exception when ZAP is used in CLI mode.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/2.7/neonmarker-alpha-1.3.0.zap SHA-256:e5b3862035342062feef8d0c906a5f0d758df0d1ad4b162c71a01d0c1357ffe4 https://www.zaproxy.org/docs/desktop/addons/neonmarker/ https://github.com/kingthorin/neonmarker 2020-09-30 26825 2.8.0 onlineMenu Online menus ZAP Online menu items ZAP Dev Team 8 onlineMenu-release-8.zap release <h3>Added</h3> <ul> <li>Video page link.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> <li>ZAP Homepage to ZAP Website.</li> <li>ZAP Extensions to ZAP Marketplace</li> </ul> <h3>Removed</h3> <ul> <li>Newsletter link.</li> <li>Wiki link.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/onlineMenu-v8/onlineMenu-release-8.zap SHA-256:8e340ed2dd8a610be9a30b03ed7841a8508d333b17cce41f1d16bf14f9710319 https://www.zaproxy.org/docs/desktop/addons/online-menu/ https://github.com/zaproxy/zap-extensions/ 2020-12-15 214208 2.10.0 openapi OpenAPI Support Imports and spiders OpenAPI definitions. ZAP Dev Team plus Joanna Bona, Nathalie Bouchahine, Artur Grzesica, Mohammad Kamar, Markus Kiss, Michal Materniak, Marcin Spiewak, and SDA SE Open Industry Solutions 19 openapi-beta-19.zap beta <h3>Added</h3> <ul> <li>Added support for Multipart form-data (Issue 6418).</li> </ul> <h3>Changed</h3> <ul> <li>Always use enum values when defined (Issue 6489).</li> <li>Now using 2.10 logging infrastructure (Log4j 2.x).</li> <li>Automation parameters are now in camelCase. This is a breaking change, and older automation configurations containing all-lowercase openapi parameters will stop working.</li> <li>The import dialogs now show the values used in the previous import when reopened.</li> <li>Maintenance changes.</li> </ul> <h3>Fixed</h3> <ul> <li>NPE if form has no schema element.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/openapi-v19/openapi-beta-19.zap SHA-256:1bb4d39d0d009e9d212552da9e8c9ea9e4af492b20215a90f260d63bf67a3f6c https://www.zaproxy.org/docs/desktop/addons/openapi-support/ https://github.com/zaproxy/zap-extensions/ 2021-06-29 11813383 2.10.0 plugnhack Plug-n-Hack Configuration Supports the Mozilla Plug-n-Hack standard: https://developer.mozilla.org/en-US/docs/Plug-n-Hack. ZAP Dev Team 11 plugnhack-beta-11.zap beta Code changes for Java 9 (Issue 2602).<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/plugnhack-beta-11.zap SHA1:e3243495919a8d1a7f4bd69e60b7147690bb9836 https://www.zaproxy.org/docs/desktop/addons/plug-n-hack/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 722977 2.4.0 portscan Port Scanner Allows to port scan a target server ZAP Dev Team 8 portscan-beta-8.zap beta Code changes for Java 9 (Issue 2602).<br> Issue 3513: Options panel UI fixes.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/portscan-beta-8.zap SHA1:85b7377c65778d22a4c78fe1ff79b82245abc4c9 https://www.zaproxy.org/docs/desktop/addons/port-scan/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 632994 2.4.0 pscanrules Passive scanner rules The release quality Passive Scanner rules ZAP Dev Team 35 pscanrules-release-35.zap release <h3>Changed</h3> <ul> <li>Maintenance changes.</li> </ul> <h3>Fixed</h3> <ul> <li>Correct dependency requirements.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v35/pscanrules-release-35.zap SHA-256:886e52f9756e6c22abef9705a99a9e69c0f620164962412b05841d7173434391 https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules/ https://github.com/zaproxy/zap-extensions/ 2021-07-06 719393 2.10.0 commonlib pscanrulesAlpha Passive scanner rules (alpha) The alpha quality Passive Scanner rules ZAP Dev Team 33 pscanrulesAlpha-alpha-33.zap alpha <h3>Fixed</h3> <ul> <li>Correct dependency declaration on Common Library add-on (Issue 6674).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesAlpha-v33/pscanrulesAlpha-alpha-33.zap SHA-256:0d253632a551b7aafdc647c1ecf530bb803f0e4a6a31c0eb7a80a738ec8921d1 https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules-alpha/ https://github.com/zaproxy/zap-extensions/ 2021-07-07 1039470 2.10.0 commonlib >= 1.4.0 & < 2.0.0 pscanrulesBeta Passive scanner rules (beta) The beta quality Passive Scanner rules ZAP Dev Team 26 pscanrulesBeta-beta-26.zap beta <h3>Fixed</h3> <ul> <li>PII Disclosure scan rule now ignores images (Issue 6697).</li> <li>PII Disclosure scan rule will now ignore seeming decimal numbers unless at Low threshold (Issue 6639).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesBeta-v26/pscanrulesBeta-beta-26.zap SHA-256:b3a856ed1170508c5033ffc3a38f5b84822b601ab4811fafeb3c9e806016d323 https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules-beta/ https://github.com/zaproxy/zap-extensions/ 2021-07-29 733722 2.10.0 commonlib quickstart Quick Start Provides a tab which allows you to quickly test a target application ZAP Dev Team 29 quickstart-release-29.zap release <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> <li>Maintenance changes.</li> <li>Use appropriate colour in dark mode (Issue 5542).</li> </ul> <h3>Fixed</h3> <ul> <li>Use AJAX Spider options in Automated Scan (Issue 5981).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/quickstart-v29/quickstart-release-29.zap SHA-256:20b97134d7ac2272e2ccbb3ce644c8b4d2c62d3760101afffdc67299eab1f420 https://www.zaproxy.org/docs/desktop/addons/quick-start/ https://github.com/zaproxy/zap-extensions/ 2020-12-15 536792 2.10.0 reflect Reflect Finds reflected parameters Caleb Kinney 0.0.11 reflect-alpha-0.0.11.zap alpha https://github.com/zaproxy/zap-extensions/releases/download/2.7/reflect-alpha-0.0.11.zap SHA-256:c45307037042e4079546a5fcb17d1165475e5cdd5ba7e8abc0d2cf0a14866466 2021-02-19 1780219 2.9.0 regextester Regular Expression Tester Allows to test Regular Expressions ZAP Dev Team 1 regextester-alpha-1.zap alpha <ul> <li>Initial Release.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/regextester-v1/regextester-alpha-1.zap SHA-256:433618046ca07eb3d45ee87f065790c1617921f5997943bafa4c8939a85e784f https://www.zaproxy.org/docs/desktop/addons/regular-expression-tester/ https://github.com/zaproxy/zap-extensions/ 2019-06-20 21420 2.8.0 replacer Replacer Easy way to replace strings in requests and responses. ZAP Dev Team 8 replacer-beta-8.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> <li>Allow byte replacement using hexadecimal escapes (Issue 5328).</li> </ul> <h3>Fixed</h3> <ul> <li>Fix link in API endpoint description.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/replacer-v8/replacer-beta-8.zap SHA-256:eac8033705419ec939f2ed1ac50874f50f2cdabd12d7941b0c73389168bfd2a7 https://www.zaproxy.org/docs/desktop/addons/replacer/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 332794 2.7.0 reports Report Generation Official ZAP Reports. ZAP Dev Team 0.4.0 reports-beta-0.4.0.zap beta <h3>Added</h3> <ul> <li>Wappalyzer data to the traditional-html-plus report, if it is available.</li> <li>Traditional JSON report</li> <li>Automation job: outputSummary, aimed at mimicking the output of the packaged scans.</li> <li>Modern template - submitted via the ZAP Reporting Competition</li> <li>Parameter data to the traditional-html-plus report</li> <li>Methods to make it easier to generate reports from other add-ons</li> </ul> <h3>Changed</h3> <ul> <li>Maintenance changes.</li> <li>Handle multiple context URLs in automation.</li> <li>Traditional plus report - link to zaproxy.org pages for passing scan rules.</li> <li>Update links to repository.</li> </ul> <h3>Fixed</h3> <ul> <li>Include all relevant alerts in XML report templates (Issue 6627).</li> <li>Made XML reports more backwards compatible and fixed issue with generating it via the API.</li> <li>Issue with reports for sites with trailing slashes</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/reports-v0.4.0/reports-beta-0.4.0.zap SHA-256:c97162799d3154f4777965e5e49e357b0417e623dfc8ab8e3bb89d43a10d3a6e https://www.zaproxy.org/docs/desktop/addons/report-generation/ https://github.com/zaproxy/zap-extensions/ 2021-06-28 13329492 2.10.0 requester Requester Request numbered panel. Surikato 4 requester-alpha-4.zap alpha <h3>Added</h3> <ul> <li>Add help.</li> <li>Add info and repo URLs.</li> <li>Allow to disable cookies (Issue 4934).</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.9.0.</li> </ul> <h3>Fixed</h3> <ul> <li>Add the requests to the Sites tree to be able to active scan them (Issue 5778).</li> <li>Enforce the mode when sending the request and following redirections.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/requester-v4/requester-alpha-4.zap SHA-256:5d6ef302b4b80cb9142e124d42bb1c890c3fc7801e89f7a3a24841311950d930 https://www.zaproxy.org/docs/desktop/addons/requester/ https://github.com/zaproxy/zap-extensions/ 2020-07-15 65198 2.9.0 retire Retire.js Retire.js Nikita Mundhada and the ZAP Dev Team 0.7.0 retire-release-0.7.0.zap release <h3>Changed</h3> <ul> <li>Updated with upstream retire.js pattern changes.</li> <li>Maintenance changes.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.7.0/retire-release-0.7.0.zap SHA-256:c304c50ab1481316c576acb2c97309c2c4167a290d2bfa67fb8d8468356e4add https://www.zaproxy.org/docs/desktop/addons/retire.js/ https://github.com/zaproxy/zap-extensions/ 2021-03-24 298250 2.10.0 reveal Reveal Show hidden fields and enable disabled fields ZAP Dev Team 3 reveal-release-3.zap release <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Maintenance changes.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/reveal-v3/reveal-release-3.zap SHA-256:00007169079c8f62c29e7b879cb6162b0737d41e85607fa4541c601854cfe78a https://www.zaproxy.org/docs/desktop/addons/reveal/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 239480 2.7.0 revisit Revisit Revisit a site at any time in the past using the session history ZAP Dev Team 3 revisit-alpha-3.zap alpha Code changes for Java 9 (Issue 2602).<br> Updated for 2.7.0.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/revisit-alpha-3.zap SHA1:23655efe51113e48b8e2ff8bbe7e41a33235ff55 https://www.zaproxy.org/docs/desktop/addons/revisit/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 289297 2.7.0 saml SAML Extension Detect, Show, Edit, Fuzz SAML requests ZAP Dev Team 8 saml-alpha-8.zap alpha <ul> <li>Update minimum ZAP version to 2.5.0.</li> <li>Compressed SAMLMessage is not required</li> <li>Possibility to disable compression when sending</li> <li>Added SAML Passive Scanner</li> <li>Dynamically unload the add-on.</li> <li>Fix exception with Java 9+ (Issue 5032).</li> <li>Replaced joda.time.datetime with java.time.localtime (Java8).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/saml-v8/saml-alpha-8.zap SHA-256:5ac0f8d19ab7b4b7399496a3f7250177e2183c1fc3f622655ea9191c3f697dc7 https://www.zaproxy.org/docs/desktop/addons/saml-support/ https://github.com/zaproxy/zap-extensions/ 2019-08-30 1720102 2.5.0 saverawmessage Save Raw Message Allows to save content of HTTP messages as binary ZAP Dev Team 5 saverawmessage-release-5.zap release <h3>Added</h3> <ul> <li>Add help.</li> <li>Add info and repo URLs.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/saverawmessage-v5/saverawmessage-release-5.zap SHA-256:8e53f74fe5f4273c93eb2b63738590c0bef11d0d1f9b7b6366f333c1f6817b84 https://www.zaproxy.org/docs/desktop/addons/save-raw-message/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 33019 2.7.0 savexmlmessage Save XML Message Allows to save content of HTTP messages as XML thatsn0tmysite 0.1.0 savexmlmessage-alpha-0.1.0.zap alpha <h3>Added</h3> <ul> <li>Add help.</li> <li>Add info and repo URLs.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/savexmlmessage-v0.1.0/savexmlmessage-alpha-0.1.0.zap SHA-256:8d522e94426e6106f3d3e0e8a492f9f536590c3ce371b45b08be90362a91322c https://www.zaproxy.org/docs/desktop/addons/save-xml-message/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 16143 2.7.0 scripts Script Console Supports all JSR 223 scripting languages ZAP Dev Team 28 scripts-beta-28.zap beta <h3>Fixed</h3> <ul> <li>GUI could hang when lots of print statements are used.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/scripts-v28/scripts-beta-28.zap SHA-256:8848fc3a9a68f27de350d92adcc89eb5b592a50921ba323f97739d8ae6c8b7c9 https://www.zaproxy.org/docs/desktop/addons/script-console/ https://github.com/zaproxy/zap-extensions/ 2020-12-18 659061 2.10.0 selenium Selenium WebDriver provider and includes HtmlUnit browser ZAP Dev Team 15.3.0 selenium-release-15.3.0.zap release <h3>Changed</h3> <ul> <li>Invoke Selenium scripts synchronously for AJAX Spider's browsers, to prevent interferences with the crawler.</li> <li>Update minimum ZAP version to 2.10.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.3.0/selenium-release-15.3.0.zap SHA-256:4b988d147f01f74ad7143b2edf23c6e61af94327001bb015f80a6deefb18953a https://www.zaproxy.org/docs/desktop/addons/selenium/ https://github.com/zaproxy/zap-extensions/ 2020-12-15 24408467 2.10.0 sequence Sequence Gives the possibility of defining a sequence of requests to be scanned. ZAP Dev Team 5 sequence-alpha-5.zap alpha Updated for 2.7.0.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/sequence-alpha-5.zap SHA1:24c62a7d59bec5035acc649bb0970de09fa05a4b https://www.zaproxy.org/docs/desktop/addons/sequence-scanner/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 1511222 2.7.0 zest soap SOAP Support Imports and scans WSDL files containing SOAP endpoints. Alberto (albertov91) + ZAP Dev Team 7 soap-alpha-7.zap alpha <h3>Changed</h3> <ul> <li>Now using 2.10 logging infrastructure (Log4j 2.x).</li> <li>Import WSDL documents synchronously when not using the UI.</li> <li>Maintenance changes.</li> </ul> <h3>Fixed</h3> <ul> <li>Warnings generated by add-on dependencies.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/soap-v7/soap-alpha-7.zap SHA-256:ba62e77c692409b003315d9ac18f07f50031356a3f42c209c73213cb304055c9 https://www.zaproxy.org/docs/desktop/addons/soap-support/ https://github.com/zaproxy/zap-extensions/ 2021-06-23 12527862 2.10.0 spiderAjax Ajax Spider Allows you to spider sites that make heavy use of JavaScript using Crawljax ZAP Dev Team 23.3.0 spiderAjax-release-23.3.0.zap release <h3>Added</h3> <ul> <li>Initial support for the automation framework</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/spiderAjax-v23.3.0/spiderAjax-release-23.3.0.zap SHA-256:c66f0fd445787237a08ded14b25ce751fd6f99b3973e2fc35976ae784e49406f https://www.zaproxy.org/docs/desktop/addons/ajax-spider/ https://github.com/zaproxy/zap-extensions/ 2021-03-09 2521566 2.10.0 selenium 15.* sqliplugin Advanced SQLInjection Scanner An advanced active injection bundle for SQLi (derived by SQLMap) Andrea Pompili (Yhawke) 13 sqliplugin-beta-13.zap beta <ul> <li>Update minimum ZAP version to 2.5.0.</li> <li>Bundle JDOM library instead of relying on core.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/sqliplugin-v13/sqliplugin-beta-13.zap SHA-256:caaf8a25330c4532f6d3ab33722b77e8389614876c721885382fb413802ee75f https://www.zaproxy.org/docs/desktop/addons/advanced-sqlinjection-scanner/ https://github.com/zaproxy/zap-extensions/ 2019-06-07 277848 2.5.0 sse Server-Sent Events Allows you to view Server-Sent Events (SSE) communication. ZAP Dev Team 9 sse-alpha-9.zap alpha https://github.com/zaproxy/zap-extensions/releases/download/2.7/sse-alpha-9.zap SHA1:d5cbc991befbf002b171b23419d26623ab93ef73 https://www.zaproxy.org/docs/desktop/addons/server-sent-events/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 333669 2.4.0 svndigger SVN Digger files SVN Digger files which can be used with ZAP forced browsing ZAP Dev Team 3 svndigger-beta-3.zap beta Updated for ZAP 2.4 https://github.com/zaproxy/zap-extensions/releases/download/2.7/svndigger-beta-3.zap SHA1:8c7187180ed48466d6829e39469cc3d0915b1cbf https://www.zaproxy.org/docs/desktop/addons/svn-digger-files/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 615459 2.4.0 tips Tips and Tricks Display ZAP Tips and Tricks ZAP Dev Team 8 tips-beta-8.zap beta <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> <li>Update docker refs to use zaproxy.org instead of GitHub wiki.</li> <li>Update IRC link to Libera Chat.</li> <li>Maintenance changes.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/tips-v8/tips-beta-8.zap SHA-256:775f859699c2f206a08fdd2d5b68710d333ed417d4fda8da13d8a4f9115b4c8a https://www.zaproxy.org/docs/desktop/addons/tips-and-tricks/ https://github.com/zaproxy/zap-extensions/ 2021-05-28 557321 2.10.0 tlsdebug TLS Debug Provides a tab which allows to quickly debug a TLS/SSL connection P.M.J. Roth 4 tlsdebug-alpha-4.zap alpha <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> <li>Use appropriate colour in dark mode (Issue 5542).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/tlsdebug-v4/tlsdebug-alpha-4.zap SHA-256:3e470b0db652f121212fc78e0406d07e3227eece599198c420fa75d90ec31e79 https://www.zaproxy.org/docs/desktop/addons/tls-debug/ https://github.com/zaproxy/zap-extensions/ 2020-12-15 244464 2.10.0 tokengen Token Generation and Analysis Allows you to generate and analyze pseudo random tokens, such as those used for session handling or CSRF protection ZAP Dev Team 14 tokengen-beta-14.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> <li>Improve permissions and space handling when saving.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/tokengen-v14/tokengen-beta-14.zap SHA-256:0eef2ed8a1fc410e43ba5b74f8d854166e5bc4d6be0b86c5ba4539d5a6618451 https://www.zaproxy.org/docs/desktop/addons/token-generator/ https://github.com/zaproxy/zap-extensions/ 2020-12-15 479116 2.10.0 treetools TreeTools Tools to add functionality to the tree view. Carl Sampson 7 treetools-beta-7.zap beta Code changes for Java 9 (Issue 2602) https://github.com/zaproxy/zap-extensions/releases/download/2.7/treetools-beta-7.zap SHA1:38fbc4d4e22c0da73a4048522d250fa4ac89bdab https://www.zaproxy.org/docs/desktop/addons/treetools/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 18821 2.4.0 viewstate ViewState ASP/JSF ViewState Decoder and Editor Calum Hutton 2 viewstate-alpha-2.zap alpha <h3>Added</h3> <ul> <li>Add help.</li> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.9.0.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix memory leak.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/viewstate-v2/viewstate-alpha-2.zap SHA-256:0bdc5322cd46bdd4c759b4dbd97981c5fff752e078811533f5cda08a5776f111 https://www.zaproxy.org/docs/desktop/addons/viewstate/ https://github.com/zaproxy/zap-extensions/ 2020-07-10 49072 2.9.0 wappalyzer Wappalyzer - Technology Detection Technology detection using Wappalyzer: wappalyzer.com ZAP Dev Team 21.2.0 wappalyzer-release-21.2.0.zap release <h3>Changed</h3> <ul> <li>Updated with upstream Wappalyzer icon and pattern changes.</li> <li>Update link to repository.</li> <li>Update RE2/J library to latest version (1.6).</li> <li>Maintenance changes.</li> <li>DOM patterns are now only attempted against HTML responses.</li> </ul> <h3>Added</h3> <ul> <li>Support for automation job data to make it available in reports.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/wappalyzer-v21.2.0/wappalyzer-release-21.2.0.zap SHA-256:e7cb7de2ffac1e5fa1449f6da9968fa6a5accc2d5119c543fe277b1116c1d9ea https://www.zaproxy.org/docs/desktop/addons/technology-detection/ https://github.com/zaproxy/zap-extensions/ 2021-06-17 12303306 2.10.0 webdriverlinux Linux WebDrivers Linux WebDrivers for Firefox and Chrome. ZAP Dev Team 29 webdriverlinux-release-29.zap release <h3>Changed</h3> <ul> <li>Update ChromeDriver to 91.0.4472.101.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/webdriverlinux-v29/webdriverlinux-release-29.zap SHA-256:9f60325703ff4031438a605c6ac5a74c23868292a8eacb61d654919e8a3b6e29 https://www.zaproxy.org/docs/desktop/addons/linux-webdrivers/ https://github.com/zaproxy/zap-extensions/ 2021-06-22 11562352 2.10.0 webdrivermacos MacOS WebDrivers MacOS WebDrivers for Firefox and Chrome. ZAP Dev Team 29 webdrivermacos-release-29.zap release <h3>Changed</h3> <ul> <li>Update ChromeDriver to 91.0.4472.101.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/webdrivermacos-v29/webdrivermacos-release-29.zap SHA-256:2e10eece0fc4c9b7a0d1c72fa4e12dd028d5a3fd4ac04a152337c3cd021b078a https://www.zaproxy.org/docs/desktop/addons/macos-webdrivers/ https://github.com/zaproxy/zap-extensions/ 2021-06-22 9997023 2.10.0 webdriverwindows Windows WebDrivers Windows WebDrivers for Firefox and Chrome. ZAP Dev Team 29 webdriverwindows-release-29.zap release <h3>Changed</h3> <ul> <li>Update ChromeDriver to 91.0.4472.101.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/webdriverwindows-v29/webdriverwindows-release-29.zap SHA-256:dfd46cb9a87c7c69b9c3f46d691b401fe4b07eedfb9866ff339f690e8edf3c3b https://www.zaproxy.org/docs/desktop/addons/windows-webdrivers/ https://github.com/zaproxy/zap-extensions/ 2021-06-22 8847021 2.10.0 websocket WebSockets Allows you to inspect WebSocket communication. ZAP Dev Team 23 websocket-release-23.zap release <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.10.0.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix exception when handling breakpoints with ZAP 2.10.0.</li> <li>Terminology</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/websocket-v23/websocket-release-23.zap SHA-256:062ba3c5e358ee304a20a545d02005357768112a1a8f8b20c3a6c8df2faa64cb https://www.zaproxy.org/docs/desktop/addons/websockets/ https://github.com/zaproxy/zap-extensions/ 2020-12-18 1031481 2.10.0 zest Zest - Graphical Security Scripting Language A graphical security scripting language, ZAPs macro language on steroids ZAP Dev Team 34 zest-beta-34.zap beta <h3>Changed</h3> <ul> <li>Depend on Script Console add-on, it's required to work with Zest scripts (Issue 2656).</li> <li>Clear Zest Results Panel when new script is added.</li> <li>Update minimum ZAP version to 2.10.0.</li> </ul> <h3>Fixed</h3> <ul> <li>Track modifications done to the scripts to refresh the cached ones (Issue 6558).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/zest-v34/zest-beta-34.zap SHA-256:1c98491c9dc5b0b2b7269d05278a43efe32acc3595a028f6bf009956c21c2163 https://www.zaproxy.org/docs/desktop/addons/zest/ https://github.com/zaproxy/zap-extensions/ 2021-04-22 13574340 2.10.0 scripts selenium 15.*