2.14.0
D-2021-10-18
https://github.com/zaproxy/zaproxy/releases/download/w2021-10-18/ZAP_WEEKLY_D-2021-10-18.zip
ZAP_WEEKLY_D-2021-10-18.zip
SHA-256:9d4bcb12e47293f3cbc4c32285b8469e620f092bb2519e65e12e5e528a25a8ad
188556676
https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2_14_0_windows-x32.exe
ZAP_2_14_0_windows-x32.exe
SHA-256:5dae52e27da12fba5115e40ebc0cd2da24f6d9ba91608a7b0b7b254984a0b798
220967424
https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2_14_0_windows.exe
ZAP_2_14_0_windows.exe
SHA-256:df49ffbd14cf82cde5ac06902615e40cbfce1576f866436366708c0845eb9ec6
221097472
https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2.14.0_Linux.tar.gz
ZAP_2.14.0_Linux.tar.gz
SHA-256:219d7f25bbe25247713805ab02cc12279898c870743c1aae3c2b0b1882191960
215142045
https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2.14.0.dmg
ZAP_2.14.0.dmg
SHA-256:3b9862a647b1c5c26d6917f2316113dfaceac06bdb79ad3f2c96e0cbd73861f7
244671708
Bug fix and enhancement release.
https://www.zaproxy.org/docs/desktop/releases/2.14.0/
accessControl
Access Control Testing
Adds a set of tools for testing access control in web applications.
ZAP Dev Team
7
accessControl-alpha-7.zap
alpha
<h3>Changed</h3>
<ul>
<li>Don't set the font color for inherited entries (Issue 6397).</li>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Maintenance changes (some changes impact the visibility of variables and add getters/setters, which may impact third party add-ons or scripts).</li>
<li>Change to no longer rely on core report classes, which are going to be deleted.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/accessControl-v7/accessControl-alpha-7.zap
SHA-256:5bfa0e14cf227bc402c58bd35c19c474b781e519585f3d62c2b174e8c6ac55a0
https://www.zaproxy.org/docs/desktop/addons/access-control-testing/
https://github.com/zaproxy/zap-extensions/
2021-10-07
591286
2.11.0
alertFilters
Alert Filters
Allows you to automate the changing of alert risk levels.
ZAP Dev Team
13
alertFilters-release-13.zap
release
<h3>Added</h3>
<ul>
<li>Stats for alerts changed</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Dialogs being shown under the owning dialog / frame.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/alertFilters-v13/alertFilters-release-13.zap
SHA-256:71ecbe94847cf1ade03ed81d57831d806317b65c72d468521fb43f280dd710a9
https://www.zaproxy.org/docs/desktop/addons/alert-filters/
https://github.com/zaproxy/zap-extensions/
2021-10-06
523886
2.11.0
allinonenotes
All In One Notes
A simple extension to view all notes in one pane.
David Vassallo
2
allinonenotes-alpha-2.zap
alpha
<h3>Added</h3>
<ul>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Update link to repository.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/allinonenotes-v2/allinonenotes-alpha-2.zap
SHA-256:9e70d6e76b72692e9c0cb64002a692b710710e688ea2d8834818086300632d2a
https://www.zaproxy.org/docs/desktop/addons/all-in-one-notes/
https://github.com/zaproxy/zap-extensions/
2021-10-07
249532
2.11.0
amf
AMF Support
Adds support for AMF messages
ZAP Dev Team
3
amf-alpha-3.zap
alpha
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/amf-v3/amf-alpha-3.zap
SHA-256:01345ea00a6623d794753a3210f4e3e2b50a8c4ce2bfa6ea57324f0ff01ad7e3
https://www.zaproxy.org/docs/desktop/addons/amf-support/
https://github.com/zaproxy/zap-extensions/
2021-10-07
911943
2.11.0
ascanrules
Active scanner rules
The release status Active Scanner rules
ZAP Dev Team
48
ascanrules-release-48.zap
release
<h3>Changed</h3>
<ul>
<li>Command Injection Scan Rule: Decode HTML entities in HTML responses before attempting to search for attack validation patterns.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v48/ascanrules-release-48.zap
SHA-256:5f777623d2f4ec74c16d84ccf00c6751e45a8c3b65398405dd53d4f9e65f3d5b
https://www.zaproxy.org/docs/desktop/addons/active-scan-rules/
https://github.com/zaproxy/zap-extensions/
2022-09-22
2517902
2.11.1
commonlib
>= 1.9.0 & < 2.0.0
ascanrulesAlpha
Active scanner rules (alpha)
The alpha status Active Scanner rules
ZAP Dev Team
40
ascanrulesAlpha-alpha-40.zap
alpha
<h3>Added</h3>
<ul>
<li>Text4shell (CVE-2022-42889) Scan Rule.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix an exception in Bypassing 403 scan rule when creating example alerts.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesAlpha-v40/ascanrulesAlpha-alpha-40.zap
SHA-256:ea323b1481524ac1a1034682c5a371cfee6256a69e54d4f12ef5a3f4654a5ae3
https://www.zaproxy.org/docs/desktop/addons/active-scan-rules-alpha/
https://github.com/zaproxy/zap-extensions/
2022-10-19
605953
2.11.1
commonlib
>= 1.9.0 & < 2.0.0
oast
>= 0.7.0
ascanrulesBeta
Active scanner rules (beta)
The beta status Active Scanner rules
ZAP Dev Team
42
ascanrulesBeta-beta-42.zap
beta
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Improved description, solution, and references for the Integer Overflow scan rule.</li>
<li>Added new Custom Payloads alert tag to the example alerts of the Hidden File Finder and User Agent scan rules.</li>
</ul>
<h3>Added</h3>
<ul>
<li>New User Agent strings to the User Agent fuzz scan rule.</li>
<li>Additional source control paths for the Hidden Files finder scan rule.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v42/ascanrulesBeta-beta-42.zap
SHA-256:0ad211cf28d253c68c7055d022b500588e153f523fa2d1464b3a922c43a51400
https://www.zaproxy.org/docs/desktop/addons/active-scan-rules-beta/
https://github.com/zaproxy/zap-extensions/
2022-09-22
2083667
2.11.1
commonlib
>= 1.10.0 & < 2.0.0
network
>= 0.1.0
oast
>= 0.7.0
attacksurfacedetector
Attack Surface Detector
The Attack Surface Detector analyzes web application source code to generate endpoints that can be used for penetration testing.
Secure Decisions (Matthew DeLetto)
1.1.4
attacksurfacedetector-alpha-1.1.4.zap
alpha
Various incremental changes (see https://github.com/secdec/attack-surface-detector-zap/releases)<br>
Fix un-handled exception when target unavailable & address various "house keeping" tasks.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/attacksurfacedetector-alpha-1.1.4.zap
SHA1:e21758c2cdcbc7806f44cc986a88360457eff82e
https://github.com/secdec/attack-surface-detector-zap/wiki
https://github.com/secdec/attack-surface-detector-zap/
2019-03-07
15604948
2.7.0
authstats
Authentication Statistics
Records logged in/out statistics for all contexts in scope.
ZAP Dev Team
2
authstats-alpha-2.zap
alpha
<h3>Added</h3>
<ul>
<li>Add repo URL.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Dynamically unload the add-on.</li>
<li>Change info URL to link to the site.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/authstats-v2/authstats-alpha-2.zap
SHA-256:cfb604c27f3a7a58e7b5aa55fe9f19a9ce5561fab3ef7d3f6c72845671fb5dcf
https://www.zaproxy.org/docs/desktop/addons/authentication-statistics/
https://github.com/zaproxy/zap-extensions/
2021-10-07
247499
2.11.0
automation
Automation Framework
Automation Framework.
ZAP Dev Team
0.18.0
automation-beta-0.18.0.zap
beta
<h3>Added</h3>
<ul>
<li>Add support for headers in the requestor job (Issue 6917).</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Allow spider to run if no OK response (Issue 7510).</li>
<li>Bug in passive scan reporting code which prevented specified alerts from being read.</li>
<li>NPE when adding users to more than one context.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/automation-v0.18.0/automation-beta-0.18.0.zap
SHA-256:85776818b38d49577fb8c45fe399d028b4634438f5771fe8fd6aa7a74117b4f7
https://www.zaproxy.org/docs/desktop/addons/automation-framework/
https://github.com/zaproxy/zap-extensions/
2022-10-12
4333826
2.11.1
beanshell
BeanShell Console
Provides a BeanShell Console
ZAP Dev Team
7
beanshell-beta-7.zap
beta
<h3>Added</h3>
<ul>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Maintenance changes.</li>
<li>Improve permissions and space handling when saving.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/beanshell-v7/beanshell-beta-7.zap
SHA-256:0a83cb7d0369ccef50768ccbda1e6c6d82b9f4e3bd9372b38fd32cc21f6a30fb
https://www.zaproxy.org/docs/desktop/addons/bean-shell/
https://github.com/zaproxy/zap-extensions/
2021-10-07
577838
2.11.0
browserView
Browser View
Adds an option to render HTML responses like a browser
ZAP Dev Team
5
browserView-alpha-5.zap
alpha
Allow to properly scroll the rendered page.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/browserView-alpha-5.zap
SHA1:0aaf81863ad1011136416b49a05eba3d8b262a02
https://www.zaproxy.org/docs/desktop/addons/browser-view/
https://github.com/zaproxy/zap-extensions/
2017-11-28
193880
2.4.0
bruteforce
Forced Browse
Forced browsing of files and directories using code from the OWASP DirBuster tool
ZAP Dev Team
11
bruteforce-beta-11.zap
beta
<h3>Changed</h3>
<ul>
<li>Send HTTP messages with ZAP, making use of all its features (e.g. user authentication, custom user-agent, HTTP Sender scripts) (Issues 173 and 3060).</li>
<li>Now using 2.10 logging infrastructure (Log4j 2.x).</li>
<li>Maintenance changes.</li>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/bruteforce-v11/bruteforce-beta-11.zap
SHA-256:b0713b47c7e16a33d46002382b83ebcdd18bfdf852bf021574378dde49f347fc
https://www.zaproxy.org/docs/desktop/addons/forced-browse/
https://github.com/zaproxy/zap-extensions/
2021-10-06
548895
2.11.0
bugtracker
Bug Tracker
Bug Tracker extension.
ZAP Dev Team
4
bugtracker-alpha-4.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.1.</li>
<li>Dependency updates.</li>
<li>Maintenance changes.</li>
<li>Updated to use PAT not password (https://github.blog/changelog/2021-08-12-git-password-authentication-is-shutting-down/).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/bugtracker-v4/bugtracker-alpha-4.zap
SHA-256:37c57f8e7f4a1608500527ac1831f8b078427f804ea04ad5790a2970e3e1b722
https://www.zaproxy.org/docs/desktop/addons/bug-tracker/
https://github.com/zaproxy/zap-extensions/
2022-09-23
3707425
2.11.1
callgraph
Call Graph
Allows the user to view a call graph of the selected resources
Colm O'Flaherty
5
callgraph-alpha-5.zap
alpha
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/callgraph-v5/callgraph-alpha-5.zap
SHA-256:0874ce5aad0c4bbf28f72627a4940759d328396e12b7d6a5596f2e41bf24dc4e
https://www.zaproxy.org/docs/desktop/addons/call-graph/
https://github.com/zaproxy/zap-extensions/
2021-10-07
925930
2.11.0
callhome
Call Home
Handles all of the calls to ZAP services.
ZAP Dev Team
0.4.0
callhome-alpha-0.4.0.zap
alpha
<h3>Changed</h3>
<ul>
<li>Show a more user friendly log and Output tab message when Java's truststore may not contain the CA certificate(s) for intermediate proxy(ies) (Issue 1623).</li>
<li>Maintenance changes.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>HTTP Sender listeners could modify CFU and telemetry requests.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/callhome-v0.4.0/callhome-alpha-0.4.0.zap
SHA-256:38faabf191d3653c3b3f7c14ea3991409fdd997fc8f5534a32ce813dc6d6f92e
https://www.zaproxy.org/docs/desktop/addons/call-home/
https://github.com/zaproxy/zap-extensions/
2022-07-18
318509
2.11.1
codedx
Code Dx Extension
Includes request and response data in XML reports and provides the ability to upload reports directly to a Code Dx server
Code Dx, Inc.
9
codedx-alpha-9.zap
alpha
<h3>Added</h3>
<ul>
<li>Add repo URL.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Change info URL to link to the site.</li>
<li>Maintenance changes.</li>
<li>Change to no longer rely on core report classes, which are going to be deleted.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/codedx-v9/codedx-alpha-9.zap
SHA-256:767e0a098de281f0bc880b036a5192f26fe0bb014b81227b385a0b63ca570428
https://www.zaproxy.org/docs/desktop/addons/code-dx/
https://github.com/zaproxy/zap-extensions/
2021-10-07
1769797
2.11.0
commonlib
Common Library
A common library, for use by other add-ons.
ZAP Dev Team
1.10.0
commonlib-release-1.10.0.zap
release
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.10.0/commonlib-release-1.10.0.zap
SHA-256:0e5dd83df042ee08a5dad17c00233bad09123e52df3bbc5579fd96aeb008babf
https://github.com/zaproxy/zap-extensions/
2022-09-15
4081774
2.11.1
communityScripts
Community Scripts
Useful ZAP scripts written by the ZAP community.
ZAP Community
15
communityScripts-alpha-15.zap
alpha
<h3>Added</h3>
<ul>
<li>active/RCE.py</li>
<li>active/SSTI.py</li>
<li>active/SSTI.js - An active scan script to check for SSTI in 14 different template engines.</li>
<li>httpfuzzerprocessor/addCacheBusting.js - Fuzzing with cache busting.</li>
<li>encode-decode
<ul>
<li>README.md - Summary of the script type.</li>
<li>double-spacer.js - A script that inserts a space after every character in a string.</li>
</ul>
</li>
<li>standalone/SecurityCrawlMazeScore.js</li>
<li>scan-hooks/LogMessagesHook.py and httpsender/LogMessages.js to help debugging, especially in docker.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>standalone/enableDebugLogging.js > Updated for more recent logging funtionality.</li>
<li>Update JS scripts to use passed singleton variables (control, model, view) if available (>= ZAP 2.12.0).</li>
<li>passive/Server Header Disclosure.js > Updated to check that the Server Header contains something that looks like a semantic version component.</li>
</ul>
https://github.com/zaproxy/community-scripts/releases/download/v15/communityScripts-alpha-15.zap
SHA-256:df178cb433864303dd9670fc4c66303db2ee88ee55e72621009f4d68d5bcec96
https://www.zaproxy.org/docs/desktop/addons/community-scripts/
https://github.com/zaproxy/community-scripts/
2022-10-02
459421
2.11.0
coreLang
Core Language Files
Translations of the core language files
ZAP Dev Team
15
coreLang-release-15.zap
release
<h3>Changed</h3>
<ul>
<li>Update the languages files from Crowdin.</li>
<li>Update minimum ZAP version to 2.11.1.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/coreLang-v15/coreLang-release-15.zap
SHA-256:d8258b914ffc95820dd045acf56677668a8cbbfc759290f72e30210056dfb88c
https://crowdin.com/project/zaproxy
https://github.com/zaproxy/zap-extensions/
2022-02-14
4616009
2.11.1
custompayloads
Custom Payloads
Ability to add, edit or remove payloads that are used i.e. by active scanners
ZAP Dev Team
0.12.0
custompayloads-alpha-0.12.0.zap
alpha
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Update minimum ZAP version to 2.11.1.</li>
<li>Add help content linking to the Scan Rules which support Custom Payloads.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/custompayloads-v0.12.0/custompayloads-alpha-0.12.0.zap
SHA-256:8e31acafdc1e2246e25953d8ccb87efa189a3fdadc596331feabeccc99dece65
https://www.zaproxy.org/docs/desktop/addons/custom-payloads/
https://github.com/zaproxy/zap-extensions/
2022-09-23
236404
2.11.1
diff
Diff
Displays a dialog showing the differences between 2 requests or responses. It uses diffutils and diff_match_patch
ZAP Dev Team
11
diff-beta-11.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Maintenance changes.</li>
<li>Updated menu items to use title caps (Issue 2000).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/diff-v11/diff-beta-11.zap
SHA-256:a3ae6f59d98e28112f4a5e2616bfaca48823af746affa1729f32eaa1d7398aaa
https://www.zaproxy.org/docs/desktop/addons/diff/
https://github.com/zaproxy/zap-extensions/
2021-10-06
282304
2.11.0
directorylistv1
Directory List v1.0
List of directory names to be used with Forced Browse or Fuzzer add-on.
ZAP Dev Team
5
directorylistv1-release-5.zap
release
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/directorylistv1-v5/directorylistv1-release-5.zap
SHA-256:c1c0e14aac2ce203bdfd3a038f9b9dcf0b498f404936c3ff96e5a4614f611b9f
https://www.zaproxy.org/docs/desktop/addons/directory-list-v1.0/
https://github.com/zaproxy/zap-extensions/
2021-10-06
960428
2.11.0
directorylistv2_3
Directory List v2.3
Lists of directory names to be used with Forced Browse or Fuzzer add-on.
ZAP Dev Team
4
directorylistv2_3-release-4.zap
release
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add repo URL.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Change info URL to link to the site.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/directorylistv2_3-v4/directorylistv2_3-release-4.zap
SHA-256:3a8b04b9363b57acd9cf8cd67abce4c630f986e2b492a1ebd01eaa9587a0a199
https://www.zaproxy.org/docs/desktop/addons/directory-list-v2.3/
https://github.com/zaproxy/zap-extensions/
2021-10-07
8722229
2.11.0
directorylistv2_3_lc
Directory List v2.3 LC
Lists of lower case directory names to be used with Forced Browse or Fuzzer add-on.
ZAP Dev Team
4
directorylistv2_3_lc-release-4.zap
release
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add repo URL.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Change info URL to link to the site.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/directorylistv2_3_lc-v4/directorylistv2_3_lc-release-4.zap
SHA-256:2603580ba53673c31800ef7373e7cc09de759369b6f8fb43cc9e5024ad5d9af4
https://www.zaproxy.org/docs/desktop/addons/directory-list-v2.3-lc/
https://github.com/zaproxy/zap-extensions/
2021-10-07
7569974
2.11.0
domxss
DOM XSS Active scanner rule
DOM XSS Active scanner rule
Aabha Biyani, ZAP Dev Team
13
domxss-beta-13.zap
beta
<h3>Added</h3>
<ul>
<li>OWASP Web Security Testing Guide v4.2 mappings.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.1.</li>
<li>Use Network add-on to proxy browser requests.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Stop the proxy when ZAP shuts down.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/domxss-v13/domxss-beta-13.zap
SHA-256:9fe5a3f5c404e750767ba72ba6ac4784cc78bdb3233b3e551f1715717a3d48df
https://www.zaproxy.org/docs/desktop/addons/dom-xss-active-scan-rule/
https://github.com/zaproxy/zap-extensions/
2022-08-02
271106
2.11.1
commonlib
>= 1.6.0 & < 2.0.0
network
>=0.1.0
selenium
15.*
encoder
Encoder
Adds encode/decode/hash dialog and support for scripted processors as well
ZAP Dev Team
0.6.0
encoder-beta-0.6.0.zap
beta
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
<h3>Removed</h3>
<ul>
<li>Groovy default template moved to Groovy add-on.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/encoder-v0.6.0/encoder-beta-0.6.0.zap
SHA-256:1615f183c89245b187b729a3e33ccc16dd43a39fa3fb0b0b94f719b649930eb4
https://www.zaproxy.org/docs/desktop/addons/encode-decode-hash/
https://github.com/zaproxy/zap-extensions/
2021-10-06
388487
2.11.0
evalvillain
Eval Villain
Adds the Eval Villain extension to Firefox when launched from ZAP.
Dennis Goodlett and the ZAP Dev Team
0.1.1
evalvillain-alpha-0.1.1.zap
alpha
<h3>Fixed</h3>
<ul>
<li>Fix the downloaded version of the Eval Villain Firefox extension.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/evalvillain-v0.1.1/evalvillain-alpha-0.1.1.zap
SHA-256:b0932f4f8fec19bf0dfae1dbe3668bbdadc6092707ea360216e37fdc8ae457cd
https://www.zaproxy.org/docs/desktop/addons/eval-villain/
https://github.com/zaproxy/zap-extensions/
2022-02-15
4943171
2.11.1
selenium
>=15.5.0
exim
Import/Export
Import and Export functionality
ZAP Dev Team & thatsn0tmysite
0.2.0
exim-beta-0.2.0.zap
beta
<h3>Fixed</h3>
<ul>
<li>Tweaked import functionality to mark import progress components completed when an exception occurs during import (thus allowing them to be cleared properly).</li>
<li>HAR imports will now use an indeterminate progress bar if the count of entries cannot be determined.</li>
<li>Correct import of HAR responses to allow them to be passively scanned.</li>
</ul>
<h3>Added</h3>
<ul>
<li>Copy URLs, Export Context URLs, Export Selected URLs, Export Messages, and Export Responses functionality similar to what was previously offered via core functionality.</li>
<li>Stats for migrated core components.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Save RAW functionality now includes an All option which saves the entire HTTP message.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/exim-v0.2.0/exim-beta-0.2.0.zap
SHA-256:fd05904344b9a605bb1e336c2f584993d7b98c988ce8d4d425d791110df5a824
https://www.zaproxy.org/docs/desktop/addons/import-export/
https://github.com/zaproxy/zap-extensions/
2022-07-20
405753
2.11.1
commonlib
>= 1.8.0 & < 2.0.0
fileupload
FileUpload
Detect File upload requests and scan them to find related vulnerabilities
KSASAN preetkaran20@gmail.com
1.1.0
fileupload-alpha-1.1.0.zap
alpha
https://github.com/zaproxy/zap-extensions/releases/download/2.7/fileupload-alpha-1.1.0.zap
SHA-256:47f2d93c6a53c55983056af282ebef09e80d27c0980517a73347778ad9e47932
https://github.com/SasanLabs/owasp-zap-fileupload-addon/
2021-09-17
77520
2.11.0
formhandler
Form Handler
This Form Handler Add-on allows a user to define field names and values to be used in a form's fields. Fields can be added, modified, enabled, and deleted for use in form fields.
ZAP Dev Team
6.0.0
formhandler-beta-6.0.0.zap
beta
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Expose value generator for other add-ons (Related to Issue 3113).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/formhandler-v6.0.0/formhandler-beta-6.0.0.zap
SHA-256:0df12b952c8fb949e24cdd74e7ebf01de7ac3be11ba0e1ddfe389411c7a82a3e
https://www.zaproxy.org/docs/desktop/addons/form-handler/
https://github.com/zaproxy/zap-extensions/
2022-09-21
2201958
2.11.1
fuzz
Fuzzer
Advanced fuzzer for manual testing
ZAP Dev Team
13.7.0
fuzz-beta-13.7.0.zap
beta
<h3>Changed</h3>
<ul>
<li>Allow circular redirects always.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/fuzz-v13.7.0/fuzz-beta-13.7.0.zap
SHA-256:aa60042375750eabaaa779706caef2679f314fdd1a06c65b4199c58333cf3723
https://www.zaproxy.org/docs/desktop/addons/fuzzer/
https://github.com/zaproxy/zap-extensions/
2022-09-23
2002848
2.11.1
fuzzdb
FuzzDB Files
FuzzDB files which can be used with the ZAP fuzzer
ZAP Dev Team
9
fuzzdb-release-9.zap
release
<h3>Changed</h3>
<ul>
<li>Updated RAFT lists based on more recent SecLists contributions</li>
<li>Update minimum ZAP version to 2.11.1.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/fuzzdb-v9/fuzzdb-release-9.zap
SHA-256:c79537362cd6b383f447359685e3bd51795600b97ca0c1fadc4ba74828a7d4f4
https://www.zaproxy.org/docs/desktop/addons/fuzzdb-files/
https://github.com/zaproxy/zap-extensions/
2022-09-23
6167205
2.11.1
fuzzdboffensive
FuzzDB Offensive
FuzzDB web backdoors and attack files which can be used with the ZAP fuzzer or for manual penetration testing
ZAP Dev Team
4
fuzzdboffensive-release-4.zap
release
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.10.0.</li>
</ul>
https://github.com/zaproxy/fuzzdb-offensive/releases/download/v4/fuzzdboffensive-release-4.zap
SHA-256:06bf75d2745c8f6e9a861597a31bab2d3f96058a3c497539a3ba234c687e796a
https://www.zaproxy.org/docs/desktop/addons/fuzzdb-offensive/
https://github.com/zaproxy/fuzzdb-offensive/
2021-06-11
414373
2.10.0
gettingStarted
Getting Started with ZAP Guide
A short Getting Started with ZAP Guide
ZAP Dev Team
13
gettingStarted-release-13.zap
release
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Updated for 2.11.0</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/gettingStarted-v13/gettingStarted-release-13.zap
SHA-256:3eea769ec19f28c2ac7e924f5c77dbd1c3c59f40f409a1fcd3bf97cebdfd36ad
https://www.zaproxy.org/docs/desktop/addons/getting-started-guide/
https://github.com/zaproxy/zap-extensions/
2021-10-06
707048
2.11.0
graaljs
GraalVM JavaScript
Provides the GraalVM JavaScript engine for ZAP scripting.
ZAP Dev Team
0.2.0
graaljs-alpha-0.2.0.zap
alpha
<h3>Added</h3>
<ul>
<li>encode-decode Default and rot13 templates.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Update links to zaproxy repo.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/graaljs-v0.2.0/graaljs-alpha-0.2.0.zap
SHA-256:6201ffc802a1d4922a4f2b5ea38f58a7332a5638e3719f4796efba375aa15045
https://github.com/zaproxy/zap-extensions/
2021-10-06
20440785
2.11.0
graphql
GraphQL Support
Inspect and attack GraphQL endpoints.
ZAP Dev Team
0.10.0
graphql-alpha-0.10.0.zap
alpha
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Update dependency, which reduces add-on file size (Issue 7322).</li>
<li>Use Spider add-on (Issue 3113).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/graphql-v0.10.0/graphql-alpha-0.10.0.zap
SHA-256:d6b3db0ec9340e2d3ef942f39933d6882ec36eff093f1944381dbbcd67cb196b
https://www.zaproxy.org/docs/desktop/addons/graphql-support/
https://github.com/zaproxy/zap-extensions/
2022-09-23
5117751
2.11.1
groovy
Groovy Support
Adds Groovy support to ZAP
ZAP Dev Team
3.1.0
groovy-beta-3.1.0.zap
beta
<h3>Added</h3>
<ul>
<li>encode-decode default template.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update links to zaproxy and zap-extensions repos.</li>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/groovy-v3.1.0/groovy-beta-3.1.0.zap
SHA-256:ee208309c6b9619f6527a05f48949e38e1476f2b3fa7c6e32fbd1111f4bdac58
https://www.zaproxy.org/docs/desktop/addons/groovy-support/
https://github.com/zaproxy/zap-extensions/
2021-10-07
19006812
2.11.0
help
Help - English
English version of the ZAP help file.
ZAP Crowdin Team
14
help-release-14.zap
release
<h3>Changed</h3>
<ul>
<li>Updated 2.11.1 release notes.</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help-v14/help-release-14.zap
SHA-256:b9a0927ce7a80df42b28b40beafad0ecfa34e45d628b302cf93e0bc825d93ee8
https://www.zaproxy.org/docs/desktop/
https://github.com/zaproxy/zap-core-help/
2021-12-10
875420
2.10.0
help_ar_SA
Help - Arabic
Arabic version of the ZAP help file.
ZAP Crowdin Team
1
help_ar_SA-alpha-1.zap
alpha
<ul>
<li>First version.</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_ar_SA-v1/help_ar_SA-alpha-1.zap
SHA-256:8208b0c788d5e29a2bb34f3c44c07db613faefb17d8d9cfb60adc02629c2b3f1
https://github.com/zaproxy/zap-core-help/
2022-01-18
649333
2.11.0
help_bs_BA
Help - Bosnian
Bosnian version of the ZAP help file.
ZAP Crowdin Team
9
help_bs_BA-alpha-9.zap
alpha
Updated with the latest files from crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_bs_BA-alpha-9.zap
SHA1:d33a3277e877da4734e6bf9c911c61c4e6ce2f3f
2018-02-08
747536
2.7.0
help_es_ES
Help - Spanish
Spanish version of the ZAP help file.
ZAP Crowdin Team
10
help_es_ES-release-10.zap
release
<h3>Changed</h3>
<ul>
<li>Updated with the latest files from crowdin</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_es_ES-v10/help_es_ES-release-10.zap
SHA-256:63cc24e180374cf038d6aefe31b3f62e170437958ad61d2d3e65d2722fbedc1a
https://github.com/zaproxy/zap-core-help/
2022-01-18
697066
2.11.0
help_fil_PH
Help - Filipino
Filipino version of the ZAP help file.
ZAP Crowdin Team
3
help_fil_PH-alpha-3.zap
alpha
<h3>Changed</h3>
<ul>
<li>Updated with the latest files from crowdin</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_fil_PH-v3/help_fil_PH-alpha-3.zap
SHA-256:64bbeb0f9404b70c0d49e9fd5da789b8d3902a20f518c7305eb412242831a180
https://github.com/zaproxy/zap-core-help/
2022-01-18
710027
2.11.0
help_fr_FR
Help - French
French version of the ZAP help file.
ZAP Crowdin Team
10
help_fr_FR-alpha-10.zap
alpha
<h3>Changed</h3>
<ul>
<li>Updated with the latest files from crowdin</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_fr_FR-v10/help_fr_FR-alpha-10.zap
SHA-256:f1ede9441e5de48170fdef598eb543ef6ad0813eed2e838d2c4803ea114fcb1a
https://github.com/zaproxy/zap-core-help/
2022-01-18
646717
2.11.0
help_id_ID
Help - Indonesian
Indonesian version of the ZAP help file.
ZAP Crowdin Team
3
help_id_ID-beta-3.zap
beta
<h3>Changed</h3>
<ul>
<li>Updated with the latest files from crowdin</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_id_ID-v3/help_id_ID-beta-3.zap
SHA-256:ef50363872d783c3c49417bc821b28256cf35d8390004c48f6d4e030ceb8a7c5
https://github.com/zaproxy/zap-core-help/
2022-01-18
671009
2.11.0
help_ja_JP
Help - Japanese
Japanese version of the ZAP help file.
ZAP Crowdin Team
10
help_ja_JP-beta-10.zap
beta
<h3>Changed</h3>
<ul>
<li>Updated with the latest files from crowdin</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_ja_JP-v10/help_ja_JP-beta-10.zap
SHA-256:11d310352e8719fe50587c5b97dd5eeb3a2e2ab23e450a7c1d0fad013d003536
https://github.com/zaproxy/zap-core-help/
2022-01-18
661964
2.11.0
help_ms_MY
Help - Malay
Malay version of the ZAP help file.
ZAP Crowdin Team
1
help_ms_MY-alpha-1.zap
alpha
<ul>
<li>First version.</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_ms_MY-v1/help_ms_MY-alpha-1.zap
SHA-256:6407990b8ebaa2e401c3addc47081c742ab7fce25cec107ef49b4e627ad3ceae
https://github.com/zaproxy/zap-core-help/
2022-01-18
636908
2.11.0
help_pt_BR
Help - Portuguese, Brazilian
Portuguese, Brazilian version of the ZAP help file.
ZAP Crowdin Team
11
help_pt_BR-release-11.zap
release
<h3>Changed</h3>
<ul>
<li>Updated with the latest files from crowdin</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_pt_BR-v11/help_pt_BR-release-11.zap
SHA-256:3fdf92763c1c851848df6b3588c97bbeb22837002351fd00c8208d8ab01ff710
https://github.com/zaproxy/zap-core-help/
2022-01-18
682092
2.11.0
help_ru_RU
Help - Russian
Russian version of the ZAP help file.
ZAP Crowdin Team
2
help_ru_RU-release-2.zap
release
<h3>Changed</h3>
<ul>
<li>Promote to Release</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_ru_RU-v2/help_ru_RU-release-2.zap
SHA-256:3fd5d8e6af7453a3a16e7c38a19ec941a330d0fd050f562ecebdc4638ae52c80
https://github.com/zaproxy/zap-core-help/
2022-02-24
779171
2.11.0
help_tr_TR
Help - Turkish
Turkish version of the ZAP help file.
ZAP Crowdin Team
2
help_tr_TR-release-2.zap
release
<h3>Changed</h3>
<ul>
<li>Updated with the latest files from crowdin</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_tr_TR-v2/help_tr_TR-release-2.zap
SHA-256:a92b43beab5e196341d8ddf40d594f1596c225c74f0f5b9280e223acc9a8535c
https://github.com/zaproxy/zap-core-help/
2022-01-18
710766
2.11.0
help_zh_CN
Help - Chinese Simplified
Chinese Simplified version of the ZAP help file.
ZAP Crowdin Team
3
help_zh_CN-beta-3.zap
beta
<h3>Changed</h3>
<ul>
<li>Updated with the latest files from crowdin</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_zh_CN-v3/help_zh_CN-beta-3.zap
SHA-256:959b718a307ca32c7807c0d327533765eeb6a0a799b9bc98a2a1e22b3b47bc5a
https://github.com/zaproxy/zap-core-help/
2022-01-18
656718
2.11.0
highlighter
Highlighter
Allows you to highlight strings in the request and response tabs.
ZAP Dev Team
8
highlighter-alpha-8.zap
alpha
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/highlighter-v8/highlighter-alpha-8.zap
SHA-256:4c4852bb2f42eb20dbe19a091e9025667947c73967a65770658333bedd01fccf
https://www.zaproxy.org/docs/desktop/addons/highlighter/
https://github.com/zaproxy/zap-extensions/
2021-10-07
115527
2.11.0
hud
HUD - Heads Up Display
Display information from ZAP in browser.
ZAP Dev Team
0.14.0
hud-beta-0.14.0.zap
beta
<h3>Added</h3>
<ul>
<li>Added accessibility fixes for rapid navigation between panels.</li>
<li>Added semantic roles and better labelling for screen reader users.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.1.</li>
<li>Depend on Network add-on for the tutorial server.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Problems with Firefox 103+</li>
<li>Spider status post 2.11.1</li>
</ul>
https://github.com/zaproxy/zap-hud/releases/download/v0.14.0/hud-beta-0.14.0.zap
SHA-256:26bed90b59b68b11220aff6c5c343d5f42291d950eda1752f2d1609f50896719
https://www.zaproxy.org/docs/desktop/addons/hud/
https://github.com/zaproxy/zap-hud/
2022-09-22
1385048
2.11.1
network
>= 0.1.0
websocket
imagelocationscanner
Image Location and Privacy Scanner
Image Location and Privacy Passive Scanner
Jay Ball (veggiespam) and the ZAP Dev Team
4
imagelocationscanner-beta-4.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.1.</li>
<li>Maintenance changes.</li>
</ul>
<h3>Added</h3>
<ul>
<li>OWASP Web Security Testing Guide v4.2 mappings.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/imagelocationscanner-v4/imagelocationscanner-beta-4.zap
SHA-256:6d168e4d156335a0544619011b742e47e6dc1d492a2d63a0e8f787b28796b2c9
https://www.zaproxy.org/docs/desktop/addons/image-location-and-privacy-scanner/
https://github.com/zaproxy/zap-extensions/
2022-09-23
1138093
2.11.1
commonlib
>= 1.6.0 & < 2.0.0
importLogFiles
Log File Importer
Allows you to import log files from ModSecurity and files previously exported from ZAP
Joseph Kirwin, ZAP Dev Team
6
importLogFiles-alpha-6.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.1.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/importLogFiles-v6/importLogFiles-alpha-6.zap
SHA-256:8e9383c3c8f13abbb98e4726cff2d0843e350e9214dd89c74778a46d679711a2
https://www.zaproxy.org/docs/desktop/addons/log-file-importer/
https://github.com/zaproxy/zap-extensions/
2021-12-22
156767
2.11.1
exim
importurls
Import files containing URLs
Adds an option to import a file of URLs. The file must be plain text with one URL per line.
ZAP Dev Team
9
importurls-beta-9.zap
beta
<h3>Retired</h3>
<ul>
<li>This add-on has been retired, and its functionality has been replaced by the Import/Export Add-on.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.1.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/importurls-v9/importurls-beta-9.zap
SHA-256:1dd3602a9fa88ff2834643556226fd2129561abf217d8b4ac0d7281e55be06ee
https://www.zaproxy.org/docs/desktop/addons/import-urls/
https://github.com/zaproxy/zap-extensions/
2021-12-22
231139
2.11.1
exim
invoke
Invoke Applications
Invoke external applications passing context related information such as URLs and parameters
ZAP Dev Team
11
invoke-beta-11.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/invoke-v11/invoke-beta-11.zap
SHA-256:088ed335a7dbe1ad1569fc249e1a395f1957e39598c6d4d648cdc49780cb71fc
https://www.zaproxy.org/docs/desktop/addons/invoke-applications/
https://github.com/zaproxy/zap-extensions/
2021-10-06
322829
2.11.0
jruby
Ruby Scripting
Allows Ruby to be used for ZAP scripting - templates included
ZAP Dev Team
8
jruby-beta-8.zap
beta
<h3>Changed</h3>
<ul>
<li>Update links to zaproxy repo.</li>
<li>Rename reliability to confidence in active/passive templates.</li>
<li>Maintenance changes.</li>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/jruby-v8/jruby-beta-8.zap
SHA-256:f5bb450a165f6c407b8d24f7b2776bdc7a2edb0b4b42aea385f8a6ad1ae605ca
https://www.zaproxy.org/docs/desktop/addons/ruby-scripting/
https://github.com/zaproxy/zap-extensions/
2021-10-07
21968128
2.11.0
jsonview
JSON View
Adds a view that shows JSON messages nicely formatted
Juha Kivekäs
2
jsonview-alpha-2.zap
alpha
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add the main context menu to the JSON view.</li>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Capitalize the view dropdown menu entry (related to Issue 2000).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/jsonview-v2/jsonview-alpha-2.zap
SHA-256:49fd8995eac7724e5a60f7b6d7f10cfb617f3f083b6f23406075631ba23c7ebc
https://www.zaproxy.org/docs/desktop/addons/json-view/
https://github.com/zaproxy/zap-extensions/
2021-10-07
119886
2.11.0
jwt
JWT Support
Detect JWT requests and scan them to find related vulnerabilities
KSASAN preetkaran20@gmail.com
1.0.2
jwt-alpha-1.0.2.zap
alpha
<ul>
<li>First version of JWT Support.
<ul>
<li>Contains scanning rules for basic JWT related vulnerabilities.</li>
<li>Contains JWT Fuzzer for fuzzing the JWT's present in the request.</li>
</ul>
</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/jwt-alpha-1.0.2.zap
SHA-256:f35af7bb3fbb88ae3da5ab0ac7a5c562463dfab521f3e54c7194b44358f793b3
https://github.com/SasanLabs/owasp-zap-jwt-addon/
2022-01-22
751195
2.11.1
commonlib
fuzz
13.*
jython
Python Scripting
Allows Python to be used for ZAP scripting - templates included
ZAP Dev Team
12
jython-beta-12.zap
beta
<h3>Added</h3>
<ul>
<li>encode-decode default and rot13 templates.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update links to zaproxy repo.</li>
<li>Rename reliability to confidence in active/passive templates.</li>
<li>Maintenance changes.</li>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/jython-v12/jython-beta-12.zap
SHA-256:4519b862edf8f006c429c86b0152ade561b660ae6f74cfce684b272f4fe28ef1
https://www.zaproxy.org/docs/desktop/addons/python-scripting/
https://github.com/zaproxy/zap-extensions/
2021-10-07
43312397
2.11.0
kotlin
Kotlin Support
Allows Kotlin to be used for ZAP scripting
StackHawk Engineering
1.1.0
kotlin-alpha-1.1.0.zap
alpha
<h3>Changed</h3>
<ul>
<li>Use appropriate syntax style for highlighting of code.</li>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/kotlin-v1.1.0/kotlin-alpha-1.1.0.zap
SHA-256:85a47ea7199b77cfb09081302c277de2ba5e2102ef79907573ebcfa6425302e9
https://www.zaproxy.org/docs/desktop/addons/kotlin-support/
https://github.com/zaproxy/zap-extensions/
2021-10-07
48865539
2.11.0
neonmarker
Neonmarker
Colors history table items based on tags
Juha Kivekäs, Kingthorin
1.5.0
neonmarker-alpha-1.5.0.zap
alpha
<h3>Added</h3>
<ul>
<li>A right-click context menu is now available in the History tab in order to Select/Set a color for arbitrary messages.</li>
</ul>
https://github.com/kingthorin/neonmarker/releases/download/v1.5.0/neonmarker-alpha-1.5.0.zap
SHA-256:0b888612670e66712001d0bd3cb990d7b34f88b7b6339aed2734083b8a5fe5c5
https://www.zaproxy.org/docs/desktop/addons/neonmarker/
https://github.com/kingthorin/neonmarker
2022-07-11
35903
2.10.0
network
Network
Provides core networking capabilities.
ZAP Dev Team
0.2.0
network-alpha-0.2.0.zap
alpha
<h3>Added</h3>
<ul>
<li>On weekly releases and versions after 2.11:
<ul>
<li>Management of local servers/proxies, supersedes core functionality;</li>
<li>Configuration of aliases for the servers/proxies (<a href="https://github.com/zaproxy/zaproxy/issues/3594">Issue 3594</a>);</li>
<li>Pass-through connections (<a href="https://github.com/zaproxy/zaproxy/issues/6832">Issue 6832</a>).</li>
</ul>
</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/network-v0.2.0/network-alpha-0.2.0.zap
SHA-256:9684a67a6bdf2d221f85fb86ff7cb3c1a4aefda4f7fda4a715f5dfa182fcbbd9
https://www.zaproxy.org/docs/desktop/addons/network/
https://github.com/zaproxy/zap-extensions/
2022-04-06
17892519
2.11.1
oast
OAST Support
Allows you to exploit out-of-band vulnerabilities
ZAP Dev Team
0.12.0
oast-beta-0.12.0.zap
beta
<h3>Fixed</h3>
<ul>
<li>Deregister the Interactsh service even in case of error (Issue 7504).</li>
<li>Clear Interactsh payloads from the GUI when the service is deregistered.</li>
<li>Error logged when interactsh server returns null data.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/oast-v0.12.0/oast-beta-0.12.0.zap
SHA-256:734e816567d733d9ae87f03340ae8d4af99c96974addd92bcf5a76fa3cee6449
https://www.zaproxy.org/docs/desktop/addons/oast-support/
https://github.com/zaproxy/zap-extensions/
2022-10-19
778402
2.11.1
network
>= 0.1.0
onlineMenu
Online menus
ZAP Online menu items
ZAP Dev Team
9
onlineMenu-release-9.zap
release
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/onlineMenu-v9/onlineMenu-release-9.zap
SHA-256:14d46e64178caf551462eb77478002ba08946ff639a1a52007527c41fd85bbee
https://www.zaproxy.org/docs/desktop/addons/online-menu/
https://github.com/zaproxy/zap-extensions/
2021-10-06
208120
2.11.0
openapi
OpenAPI Support
Imports and spiders OpenAPI definitions.
ZAP Dev Team plus Joanna Bona, Nathalie Bouchahine, Artur Grzesica, Mohammad Kamar, Markus Kiss, Michal Materniak, Marcin Spiewak, and SDA SE Open Industry Solutions
28
openapi-beta-28.zap
beta
<h3>Added</h3>
<ul>
<li>Imported specs are now persisted to the session database. They are used by the new variant to mark path parameters as
Data Driven Nodes.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>JSON body examples specified under <code>schema</code> were being enclosed in quotes.</li>
<li>Error message when <code>apiFile</code> field is not accessible was outputting the <code>targetUrl</code> and not the incorrect filename (Issue 7370).</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Use Spider add-on (Issue 3113).</li>
<li>Use Form Handler add-on directly.</li>
<li>DDNs added as Structural Modifiers have been superseded by a custom variant. The variant supports nested DDNs and leaf
DDNs, prevents non-parameter URL paths from being merged with DDNs, and treats paths with different HTTP methods
uniquely. DDNs are named with the parameter name from the spec.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/openapi-v28/openapi-beta-28.zap
SHA-256:d3fc4cddcc74b4a8b3e9e707dc36327058ad2bd5c7763dde572f3ca389579656
https://www.zaproxy.org/docs/desktop/addons/openapi-support/
https://github.com/zaproxy/zap-extensions/
2022-09-21
12183573
2.11.1
commonlib
>= 1.8.0 & < 2.0.0
packpentester
Collection: Pentester Pack
A collection of add-ons ideal for pentesters
ZAP Dev Team
0.1.0
packpentester-alpha-0.1.0.zap
alpha
<h3>Fixed</h3>
<ul>
<li>Corrected fuzz add-on name</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/packpentester-v0.1.0/packpentester-alpha-0.1.0.zap
SHA-256:0b8e7e4ddffdcacf46fdf9793bf84217738e281cbd5ccac732788c4b768d069c
https://www.zaproxy.org/docs/desktop/addons/collection-pentester-pack/
https://github.com/zaproxy/zap-extensions/
2022-05-12
6792
2.11.1
accessControl
attacksurfacedetector
custompayloads
evalvillain
fileupload
fuzz
fuzzdb
jsonview
jwt
requester
viewstate
wappalyzer
packscanrules
Collection: Scan Rules Pack
All of the add-ons just containing release, beta and alpha status scan rules
ZAP Dev Team
0.0.1
packscanrules-alpha-0.0.1.zap
alpha
<p>First version.</p>
https://github.com/zaproxy/zap-extensions/releases/download/packscanrules-v0.0.1/packscanrules-alpha-0.0.1.zap
SHA-256:5ad68f153379bd96f36a7bead61e884cc42e1409cdd262dffc682b5f7bf92da4
https://www.zaproxy.org/docs/desktop/addons/collection-scan-rules-pack/
https://github.com/zaproxy/zap-extensions/
2022-05-13
9244
2.11.1
ascanrules
ascanrulesAlpha
ascanrulesBeta
domxss
pscanrules
pscanrulesAlpha
pscanrulesBeta
retire
paramdigger
Parameter Digger
Identify hidden, unlinked parameters. Useful for finding web cache poisoning vulnerabilities.
ZAP Dev Team and Arkaprabha Chakraborty
0.1.0
paramdigger-alpha-0.1.0.zap
alpha
<h3>Changed</h3>
<ul>
<li>Rename multiple options in GUI and documentation.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/paramdigger-v0.1.0/paramdigger-alpha-0.1.0.zap
SHA-256:29ab753e092b42a546fb83fefcb8d952af745e6ba98d647099c7d0185af13eee
https://www.zaproxy.org/docs/desktop/addons/parameter-digger/
https://github.com/zaproxy/zap-extensions/
2022-08-22
522848
2.11.1
commonlib
>= 1.9.0 & < 2.0.0
plugnhack
Plug-n-Hack Configuration
Supports the Mozilla Plug-n-Hack standard: https://developer.mozilla.org/en-US/docs/Plug-n-Hack.
ZAP Dev Team
12
plugnhack-beta-12.zap
beta
<h3>Added</h3>
<ul>
<li>Add repo URL.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Issue 2000 - Updated strings shown in context menu with title caps.</li>
<li>Change info URL to link to the site.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/plugnhack-v12/plugnhack-beta-12.zap
SHA-256:9a1cc0e664629e9f6aabdc1a2c13b800112bdc8b35b0cc4b375a011eb2430b49
https://www.zaproxy.org/docs/desktop/addons/plug-n-hack/
https://github.com/zaproxy/zap-extensions/
2021-10-07
729770
2.11.0
portscan
Port Scanner
Allows to port scan a target server
ZAP Dev Team
9
portscan-beta-9.zap
beta
<h3>Added</h3>
<ul>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Update default values in the options to match the ones in the default configuration file.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/portscan-v9/portscan-beta-9.zap
SHA-256:be85aac379e3415ccd771b983ac52d208e5ddeb5b5e591fab047e97a895b2dfb
https://www.zaproxy.org/docs/desktop/addons/port-scan/
https://github.com/zaproxy/zap-extensions/
2021-10-07
714392
2.11.0
pscanrules
Passive scanner rules
The release status Passive Scanner rules
ZAP Dev Team
43
pscanrules-release-43.zap
release
<h3>Changed</h3>
<ul>
<li>Reduce Cache Control scan rule confidence to Low, and add new reference (Issue 6446).</li>
<li>Added new Custom Payloads alert tag to the example alerts of the Username IDOR and Application Error scan rules.</li>
<li>Maintenance changes.</li>
<li>The Timestamp Disclosure scan rule is now scoped to a 10 year range with a cap at the Y2038 rollover point (Issue 6741).</li>
<li>THe Content Security Policy Header Set scan rule will no longer alert if CSP is specified via META tag (Issue 7303).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v43/pscanrules-release-43.zap
SHA-256:12c6baf7099189985d9a79d57b293923e8f0ce8d1c215334086a68ed417e25e2
https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules/
https://github.com/zaproxy/zap-extensions/
2022-09-15
1247607
2.11.1
commonlib
>= 1.10.0 & < 2.0.0
pscanrulesAlpha
Passive scanner rules (alpha)
The alpha status Passive Scanner rules
ZAP Dev Team
36
pscanrulesAlpha-alpha-36.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.1.</li>
<li>Maintenance changes.</li>
<li>Sub Resource Integrity Attribute Missing scan rule now supports Trusted Domains.</li>
<li>The Base64 Disclosure scan rule will now ignore headers which are known to contain irrelevant Base64 like strings or are covered by other rules (ETag, Authorization, X-ChromeLogger-Data, X-ChromePhp-Data) (Issue 6619).</li>
<li>Added new Custom Payloads alert tag to the example alerts of the Dangerous JS Function scan rule.</li>
<li>Permissions Policy scan rule updated for consistency and documentation purposes (Issue 7458).</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>False positive condition from Sub Resource Integrity Attribute Missing scan rule when rel=canonical is used (Issue 7040).</li>
<li>Threading issue in Dangerous JS Functions rule - only reproducible with currently unreleased core changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesAlpha-v36/pscanrulesAlpha-alpha-36.zap
SHA-256:aa3a153529f76fe4d0d95a2f251403dc50228292c6127876483500f55373fd8d
https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules-alpha/
https://github.com/zaproxy/zap-extensions/
2022-09-16
667839
2.11.1
commonlib
>= 1.10.0 & < 2.0.0
pscanrulesBeta
Passive scanner rules (beta)
The beta status Passive Scanner rules
ZAP Dev Team
30
pscanrulesBeta-beta-30.zap
beta
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Reverse Tabnabbing scan rule now leverages the Common Library Trusted Domains implementation.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesBeta-v30/pscanrulesBeta-beta-30.zap
SHA-256:27469df673d8072927ff89bbdf5d9ef9c59dd8070c6e2c996c42735fa7f2957d
https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules-beta/
https://github.com/zaproxy/zap-extensions/
2022-09-15
976693
2.11.1
commonlib
>= 1.10.0 & < 2.0.0
quickstart
Quick Start
Provides a tab which allows you to quickly test a target application
ZAP Dev Team
34
quickstart-release-34.zap
release
<h3>Changed</h3>
<ul>
<li>Spider checkboxes in Automated Scan will be disabled when scan is running. (Issue 7072)</li>
<li>Use Network add-on to obtain main proxy address/port.</li>
<li>Maintenance changes.</li>
<li>Use Spider add-on (Issue 3113).</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Accept any 2xx result code instead of just 200.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/quickstart-v34/quickstart-release-34.zap
SHA-256:332374c4d6fe5b17cd4f894cbfd06a5e8073f817fb675efadb3db0b5cb9c4ab4
https://www.zaproxy.org/docs/desktop/addons/quick-start/
https://github.com/zaproxy/zap-extensions/
2022-09-23
632885
2.11.1
callhome
>= 0.0.1
network
>= 0.2.0
reports
>= 0.4.0
reflect
Reflect
Finds reflected parameters
Caleb Kinney
0.0.11
reflect-alpha-0.0.11.zap
alpha
https://github.com/zaproxy/zap-extensions/releases/download/2.7/reflect-alpha-0.0.11.zap
SHA-256:c45307037042e4079546a5fcb17d1165475e5cdd5ba7e8abc0d2cf0a14866466
2021-02-19
1780219
2.9.0
regextester
Regular Expression Tester
Allows to test Regular Expressions
ZAP Dev Team
2
regextester-alpha-2.zap
alpha
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Close dialogues when the add-on is uninstalled.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/regextester-v2/regextester-alpha-2.zap
SHA-256:b4706709c16a45e8bedc0bd6f28dd09532d5dbf3f1fe2c2853e20dbf6160a584
https://www.zaproxy.org/docs/desktop/addons/regular-expression-tester/
https://github.com/zaproxy/zap-extensions/
2021-10-07
159441
2.11.0
replacer
Replacer
Easy way to replace strings in requests and responses.
ZAP Dev Team
10
replacer-release-10.zap
release
<h3>Fixed</h3>
<ul>
<li>Allow the replacement type to be changed in existing rules (Issue 3840).</li>
</ul>
<h3>Added</h3>
<ul>
<li>Allow to manage the replacer rules programmatically, for example, through ZAP scripts.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.1.</li>
<li>Maintenance changes.</li>
<li>Promoted to Release status.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/replacer-v10/replacer-release-10.zap
SHA-256:8a221acb5386079cf163a9d3eb8830bd67afab82e6a6a27f011e7f541ef002ab
https://www.zaproxy.org/docs/desktop/addons/replacer/
https://github.com/zaproxy/zap-extensions/
2022-09-23
338300
2.11.1
reports
Report Generation
Official ZAP Reports.
ZAP Dev Team
0.15.0
reports-release-0.15.0.zap
release
<h3>Fixed</h3>
<ul>
<li>API problems:
<ul>
<li>Mixed case sections could not be referenced</li>
<li>Risk-confidence-html report failed if no context specified</li>
<li>No theme is used if one was not specified, breaking theme links</li>
</ul>
</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/reports-v0.15.0/reports-release-0.15.0.zap
SHA-256:e58e24935936ab294b85dae508861c7a14df2a26f440e881602821ee4e25b37e
https://www.zaproxy.org/docs/desktop/addons/report-generation/
https://github.com/zaproxy/zap-extensions/
2022-07-20
66963031
2.11.1
requester
Requester
Request numbered panel.
Surikato
6
requester-alpha-6.zap
alpha
<h3>Added</h3>
<ul>
<li>Support for renaming tabs.</li>
<li>More help.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.1.</li>
<li>Maintenance changes.</li>
<li>Moved Help button to the Response tab.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/requester-v6/requester-alpha-6.zap
SHA-256:3d3e1aff47fc1446c6e25b8c718e276ee4bff9627e85743379a95e194140c77f
https://www.zaproxy.org/docs/desktop/addons/requester/
https://github.com/zaproxy/zap-extensions/
2022-05-10
165379
2.11.1
retest
Retest
An add-on to retest for presence/absence of previously generated alerts.
ZAP Dev Team
0.3.0
retest-alpha-0.3.0.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.1.</li>
<li>Scan Rule ID values are no longer displayed with commas.</li>
<li>Maintenance changes.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>The Retest dialog now properly resets between ZAP sessions (Issue 7147).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/retest-v0.3.0/retest-alpha-0.3.0.zap
SHA-256:89a53b8b620a0b5cd81c58596c207882a7813f4e013d15f37dab8c10cfdcd254
https://www.zaproxy.org/docs/desktop/addons/retest/
https://github.com/zaproxy/zap-extensions/
2022-09-23
258291
2.11.1
automation
>=0.6.0
retire
Retire.js
Retire.js
Nikita Mundhada and the ZAP Dev Team
0.15.0
retire-release-0.15.0.zap
release
<h3>Changed</h3>
<ul>
<li>Updated with upstream retire.js pattern changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.15.0/retire-release-0.15.0.zap
SHA-256:b96b6f6c84223841160f5a3b5628fe97c28bdae7c9c81f8735c7ebb63a75370a
https://www.zaproxy.org/docs/desktop/addons/retire.js/
https://github.com/zaproxy/zap-extensions/
2022-09-22
1214200
2.11.1
commonlib
>= 1.7.0 & < 2.0.0
reveal
Reveal
Show hidden fields and enable disabled fields
ZAP Dev Team
4
reveal-release-4.zap
release
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/reveal-v4/reveal-release-4.zap
SHA-256:b8f1e971ae15df7aab3d896ad88a4f503971db24fcff86d92fb243c476fc4f01
https://www.zaproxy.org/docs/desktop/addons/reveal/
https://github.com/zaproxy/zap-extensions/
2021-10-06
237540
2.11.0
revisit
Revisit
Revisit a site at any time in the past using the session history
ZAP Dev Team
4
revisit-alpha-4.zap
alpha
<h3>Added</h3>
<ul>
<li>Add info and repo URLs.</li>
<li>Maintenance changes.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/revisit-v4/revisit-alpha-4.zap
SHA-256:445bb2a98e06d4ecc945c35c2777dae1b1e5b6ea20de78b920c8004bc3615195
https://www.zaproxy.org/docs/desktop/addons/revisit/
https://github.com/zaproxy/zap-extensions/
2021-10-07
299864
2.11.0
saml
SAML Support
Detect, Show, Edit, Fuzz SAML requests
ZAP Dev Team
9
saml-alpha-9.zap
alpha
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/saml-v9/saml-alpha-9.zap
SHA-256:37c167b76115a7a0710b1e8940591797da170961ca69f517c66a25b16712cb1a
https://www.zaproxy.org/docs/desktop/addons/saml-support/
https://github.com/zaproxy/zap-extensions/
2021-10-07
1809830
2.11.0
saverawmessage
Save Raw Message
Allows to save content of HTTP messages as binary
ZAP Dev Team
7
saverawmessage-release-7.zap
release
<h3>Retired</h3>
<ul>
<li>This add-on has been retired, and its functionality has been replaced by the Import/Export Add-on.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/saverawmessage-v7/saverawmessage-release-7.zap
SHA-256:530e0c46d30c9aeb0a6b4cc4fbb3d3083db0337cbb88ac0db96271076b9ec48b
https://www.zaproxy.org/docs/desktop/addons/save-raw-message/
https://github.com/zaproxy/zap-extensions/
2021-12-22
23464
2.11.1
exim
savexmlmessage
Save XML Message
Allows to save content of HTTP messages as XML
thatsn0tmysite
0.3.0
savexmlmessage-alpha-0.3.0.zap
alpha
<h3>Retired</h3>
<ul>
<li>This add-on has been retired, and its functionality has been replaced by the Import/Export Add-on.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/savexmlmessage-v0.3.0/savexmlmessage-alpha-0.3.0.zap
SHA-256:0a73d4d8f07a5e7c1e9140b22faa63fb3fbb51fb88d5e33ff297723564c0c79d
https://www.zaproxy.org/docs/desktop/addons/save-xml-message/
https://github.com/zaproxy/zap-extensions/
2021-12-22
6034
2.11.1
exim
scripts
Script Console
Supports all JSR 223 scripting languages
ZAP Dev Team
32
scripts-release-32.zap
release
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Don't print twice to std out when running without view and executing scripts (Issue 7455).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/scripts-v32/scripts-release-32.zap
SHA-256:481741ae386135311f7cb89e9e82178bd7f224c8ff23fac7802d35b13408d5b7
https://www.zaproxy.org/docs/desktop/addons/script-console/
https://github.com/zaproxy/zap-extensions/
2022-10-12
789639
2.11.1
selenium
Selenium
WebDriver provider and includes HtmlUnit browser
ZAP Dev Team
15.10.0
selenium-release-15.10.0.zap
release
<h3>Added</h3>
<ul>
<li>Option to register and run 'browserHooks'.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.10.0/selenium-release-15.10.0.zap
SHA-256:a7ab7ab2122ea52408395243d23941e5aa5fa669742c58a2ead141a2888fd1c2
https://www.zaproxy.org/docs/desktop/addons/selenium/
https://github.com/zaproxy/zap-extensions/
2022-09-23
24912328
2.11.1
network
>=0.2.0
sequence
Sequence
Gives the possibility of defining a sequence of requests to be scanned.
ZAP Dev Team
6
sequence-alpha-6.zap
alpha
<h3>Added</h3>
<ul>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Issue 2000 - Updated strings shown in active scan dialog with title caps.</li>
<li>Enable help button in Sequence tab of Active Scan dialog.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/sequence-v6/sequence-alpha-6.zap
SHA-256:2849204eab9ea1da50404ab9604e5ec69440c490453a24392c9a40bf95cdb164
https://www.zaproxy.org/docs/desktop/addons/sequence-scanner/
https://github.com/zaproxy/zap-extensions/
2021-10-07
1556476
2.11.0
zest
soap
SOAP Support
Imports and scans WSDL files containing SOAP endpoints.
Alberto (albertov91) + ZAP Dev Team
14
soap-beta-14.zap
beta
<h3>Changed</h3>
<ul>
<li>Dependency updates.</li>
<li>Maintenance changes.</li>
<li>Use Spider add-on (Issue 3113).</li>
<li>Use Form Handler add-on directly.</li>
<li>Promoted to Beta status.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/soap-v14/soap-beta-14.zap
SHA-256:5ed80d0abd009a0902f660417a761fb3d2585e26b2f092ebdc70d44c3993d0f5
https://www.zaproxy.org/docs/desktop/addons/soap-support/
https://github.com/zaproxy/zap-extensions/
2022-09-23
13988341
2.11.1
commonlib
>= 1.5.0 & < 2.0.0
spiderAjax
Ajax Spider
Allows you to spider sites that make heavy use of JavaScript using Crawljax
ZAP Dev Team
23.9.0
spiderAjax-release-23.9.0.zap
release
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
</ul>
<h3>Added</h3>
<ul>
<li>Support for automation monitor tests.</li>
<li>Added 'runOnlyIfModern' Automation Framework option.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Automation Framework dialog - min numberOfBrowsers now 1.</li>
<li>Automation Framework job - correctly pick up URL from context.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/spiderAjax-v23.9.0/spiderAjax-release-23.9.0.zap
SHA-256:6e87e79a9be4ffd95b9ad48ff8f09720d9229bd2e3fcbed30d490ec1c44cda8f
https://www.zaproxy.org/docs/desktop/addons/ajax-spider/
https://github.com/zaproxy/zap-extensions/
2022-09-23
5821779
2.11.1
network
>=0.1.0
selenium
15.*
sqliplugin
Advanced SQLInjection Scanner
An advanced active injection bundle for SQLi (derived by SQLMap)
Andrea Pompili (Yhawke)
15
sqliplugin-beta-15.zap
beta
<h3>Fixed</h3>
<ul>
<li>Re-ordered variable initialization to prevent an NPE.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/sqliplugin-v15/sqliplugin-beta-15.zap
SHA-256:76e857bd2fea0b57b641862ea5bef46365ac1b03a19371c5e818a5401f7d9384
https://www.zaproxy.org/docs/desktop/addons/advanced-sqlinjection-scanner/
https://github.com/zaproxy/zap-extensions/
2021-10-20
534349
2.11.0
commonlib
>= 1.5.0 & < 2.0.0
sse
Server-Sent Events
Allows you to view Server-Sent Events (SSE) communication.
ZAP Dev Team
11
sse-alpha-11.zap
alpha
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Update minimum ZAP version to 2.11.1.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Properly close the server side connection when no longer in use (Issue 6424).</li>
<li>Increase the size of the URL column (Issue 7354).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/sse-v11/sse-alpha-11.zap
SHA-256:c4126a431866de8271e314a9ca1343002a4a0db05f669870f84c015eb707e372
https://www.zaproxy.org/docs/desktop/addons/server-sent-events/
https://github.com/zaproxy/zap-extensions/
2022-09-23
340546
2.11.1
svndigger
SVN Digger Files
SVN Digger files which can be used with ZAP forced browsing
ZAP Dev Team
4
svndigger-release-4.zap
release
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add repo URL.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Promote to release status.</li>
<li>Change info URL to link to the site.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/svndigger-v4/svndigger-release-4.zap
SHA-256:5556efdf3fdb84ebd6cf3e76ca31e3fb6fb57c002cf14b2cf2f05f67bf2b622a
https://www.zaproxy.org/docs/desktop/addons/svn-digger-files/
https://github.com/zaproxy/zap-extensions/
2021-10-07
713963
2.11.0
tips
Tips and Tricks
Display ZAP Tips and Tricks
ZAP Dev Team
9
tips-beta-9.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/tips-v9/tips-beta-9.zap
SHA-256:dd65cd0a0f1621bd759bd92fb0a4bdba67cdf498fdaea2c40a333035aec9df97
https://www.zaproxy.org/docs/desktop/addons/tips-and-tricks/
https://github.com/zaproxy/zap-extensions/
2021-10-06
563979
2.11.0
tokengen
Token Generation and Analysis
Allows you to generate and analyze pseudo random tokens, such as those used for session handling or CSRF protection
ZAP Dev Team
15
tokengen-beta-15.zap
beta
<h3>Changed</h3>
<ul>
<li>Now using 2.10 logging infrastructure (Log4j 2.x).</li>
<li>Maintenance changes.</li>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/tokengen-v15/tokengen-beta-15.zap
SHA-256:daef1d13d44a76b8735a30ed9e1e50fa87a85d02728bd7ae575197d173f942f9
https://www.zaproxy.org/docs/desktop/addons/token-generator/
https://github.com/zaproxy/zap-extensions/
2021-10-07
525206
2.11.0
treetools
TreeTools
Tools to add functionality to the tree view.
Carl Sampson
8
treetools-beta-8.zap
beta
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/treetools-v8/treetools-beta-8.zap
SHA-256:b7f61f8939937ebc120bce8deb72713d7676087056e88801df2573112e7642e4
https://www.zaproxy.org/docs/desktop/addons/treetools/
https://github.com/zaproxy/zap-extensions/
2021-10-07
128931
2.11.0
viewstate
ViewState
ASP/JSF ViewState Decoder and Editor
Calum Hutton
3
viewstate-alpha-3.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/viewstate-v3/viewstate-alpha-3.zap
SHA-256:715caefd591415e79b32195361fea82aa8c6357b24e69530c22fde0a1b6dad17
https://www.zaproxy.org/docs/desktop/addons/viewstate/
https://github.com/zaproxy/zap-extensions/
2021-10-07
148716
2.11.0
wappalyzer
Wappalyzer - Technology Detection
Technology detection using Wappalyzer: wappalyzer.com
ZAP Dev Team
21.13.0
wappalyzer-release-21.13.0.zap
release
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Updated with upstream Wappalyzer icon and pattern changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/wappalyzer-v21.13.0/wappalyzer-release-21.13.0.zap
SHA-256:23f068d60f1ff095f53bbc795f805f2fbbe576174c8189843b167b3d1e40a44d
https://www.zaproxy.org/docs/desktop/addons/technology-detection/
https://github.com/zaproxy/zap-extensions/
2022-09-23
16419866
2.11.1
commonlib
>= 1.7.0 & < 2.0.0
webdriverlinux
Linux WebDrivers
Linux WebDrivers for Firefox and Chrome.
ZAP Dev Team
45
webdriverlinux-release-45.zap
release
<h3>Changed</h3>
<ul>
<li>Update geckodriver to 0.32.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/webdriverlinux-v45/webdriverlinux-release-45.zap
SHA-256:9d551814be93cbce737a62c3c636df801dce6237daae82aaca079cca75e59abf
https://www.zaproxy.org/docs/desktop/addons/linux-webdrivers/
https://github.com/zaproxy/zap-extensions/
2022-10-14
12870940
2.11.1
webdrivermacos
MacOS WebDrivers
MacOS WebDrivers for Firefox and Chrome.
ZAP Dev Team
46
webdrivermacos-release-46.zap
release
<h3>Changed</h3>
<ul>
<li>Update geckodriver to 0.32.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/webdrivermacos-v46/webdrivermacos-release-46.zap
SHA-256:4f929fe17ef932b1ee3b2477a34378d536c5b92a8a6404b4211abe932a202c7a
https://www.zaproxy.org/docs/desktop/addons/macos-webdrivers/
https://github.com/zaproxy/zap-extensions/
2022-10-14
20546304
2.11.1
webdriverwindows
Windows WebDrivers
Windows WebDrivers for Firefox and Chrome.
ZAP Dev Team
45
webdriverwindows-release-45.zap
release
<h3>Changed</h3>
<ul>
<li>Update geckodriver to 0.32.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/webdriverwindows-v45/webdriverwindows-release-45.zap
SHA-256:4714cb7937b4e7479b3dcd08ddd06db792b45ecb0ef15c06a97f661fdd4a292a
https://www.zaproxy.org/docs/desktop/addons/windows-webdrivers/
https://github.com/zaproxy/zap-extensions/
2022-10-14
10035120
2.11.1
websocket
WebSockets
Allows you to inspect WebSocket communication.
ZAP Dev Team
26
websocket-release-26.zap
release
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Cache WebSocket Passive Rules scripts for better performance with all script engines.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Handle errors caused by WebSocket Passive Rules scripts, which would break the passive scan.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/websocket-v26/websocket-release-26.zap
SHA-256:965a94bf9486b15eed5ad0dde9d681a2c121282bed73da62df2a6916acd0a1aa
https://www.zaproxy.org/docs/desktop/addons/websockets/
https://github.com/zaproxy/zap-extensions/
2022-05-20
1413083
2.11.1
zest
Zest - Graphical Security Scripting Language
A graphical security scripting language, ZAPs macro language on steroids
ZAP Dev Team
36
zest-beta-36.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.1.</li>
<li>Use Network add-on to proxy client authentication requests.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/zest-v36/zest-beta-36.zap
SHA-256:cbd3587709cdfeff9f85c619b88fa2af78ba7f0bb2b1aeb156598e6807d5b7bf
https://www.zaproxy.org/docs/desktop/addons/zest/
https://github.com/zaproxy/zap-extensions/
2022-09-23
13581902
2.11.1
network
>=0.2.0
scripts
selenium
15.*