2.14.0 D-2021-10-18 https://github.com/zaproxy/zaproxy/releases/download/w2021-10-18/ZAP_WEEKLY_D-2021-10-18.zip ZAP_WEEKLY_D-2021-10-18.zip SHA-256:9d4bcb12e47293f3cbc4c32285b8469e620f092bb2519e65e12e5e528a25a8ad 188556676 https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2_14_0_windows-x32.exe ZAP_2_14_0_windows-x32.exe SHA-256:5dae52e27da12fba5115e40ebc0cd2da24f6d9ba91608a7b0b7b254984a0b798 220967424 https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2_14_0_windows.exe ZAP_2_14_0_windows.exe SHA-256:df49ffbd14cf82cde5ac06902615e40cbfce1576f866436366708c0845eb9ec6 221097472 https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2.14.0_Linux.tar.gz ZAP_2.14.0_Linux.tar.gz SHA-256:219d7f25bbe25247713805ab02cc12279898c870743c1aae3c2b0b1882191960 215142045 https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2.14.0.dmg ZAP_2.14.0.dmg SHA-256:3b9862a647b1c5c26d6917f2316113dfaceac06bdb79ad3f2c96e0cbd73861f7 244671708 Bug fix and enhancement release. https://www.zaproxy.org/docs/desktop/releases/2.14.0/ accessControl Access Control Testing Adds a set of tools for testing access control in web applications. ZAP Dev Team 3 accessControl-alpha-3.zap alpha Fix exception that occurred with Java 9 (Issue 3934).<br> Allow to copy multiple results and copy correct value from the result column.<br> Display correct message when the table is sorted.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/accessControl-alpha-3.zap SHA1:21f36dc3c4b6ebff10ac8fbb4f358b78b89328d0 2017-11-24 512096 2.4.0 alertFilters Context Alert Filters Allows you to automate the changing of alert risk levels. ZAP Dev Team 5 alertFilters-beta-5.zap beta Dynamically unload the add-on.<br> Clear filters on session changes (Issue 3683).<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/alertFilters-beta-5.zap SHA1:30ca048b72f3c6de3c011ab00bdb7c8822dedda0 2017-11-24 285973 2.6.0 alertReport Report alert generator Allows you to generate reports for alerts you specify in pdf or odt format Talsoft SRL 14 alertReport-beta-14.zap beta Fix an exception while generating the report (Issue 1612).<br> Include Alert's evidence in report of ODT format. https://github.com/zaproxy/zap-extensions/releases/download/2.5/alertReport-beta-14.zap SHA1:d5f2a410eafec455e4b1051eb68d7d6560c68be5 http://www.talsoft.com.ar 2016-06-02 9712171 2.4.0 amf AMF Adds support for AMF messages ZAP Dev Team 2 amf-alpha-2.zap alpha Deserialise the AMF request. https://github.com/zaproxy/zap-extensions/releases/download/2.6/amf-alpha-2.zap SHA1:e34f73753902f2ebedc0be130b446cae39ff4784 2017-05-26 813478 2.4.0 ascanrules Active scanner rules The release quality Active Scanner rules ZAP Dev Team 27 ascanrules-release-27.zap release Issue 1365: Additional Path Traversal detection.<br> Correct alert's evidence/attack of Parameter Tampering (Issue 3524).<br> Fix Path Traversal false positives when etc is a substring (Issue 3735).<br> Code changes for Java 9 (Issue 2602).<br> TestSQLInjection Modifications to improve handling of injected math expressions and reflected params (Issue 3139).</br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/ascanrules-release-27.zap SHA1:348588e03ee6019e46514e6380af07ddd1fc02ec 2017-11-24 594932 2.4.1 ascanrulesAlpha Active scanner rules (alpha) The alpha quality Active Scanner rules ZAP Dev Team 20 ascanrulesAlpha-alpha-20.zap alpha Code changes for Java 9 (Issue 2602).<br> Correct handling of messages with emtpy path.<br> Add Get for Post Scanner.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/ascanrulesAlpha-alpha-20.zap SHA1:df085930d5a817a60a1dd98cb3beae5750916186 https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsAscanrulesAlphaAscanalpha 2017-11-24 1434903 2.4.1 ascanrulesBeta Active scanner rules (beta) The beta quality Active Scanner rules ZAP Dev Team 22 ascanrulesBeta-beta-22.zap beta Fix FP in "Source Code Disclosure - /WEB-INF folder" on successful responses (Issue 3048).<br> Fix FP in "Integer Overflow Error" on 500 error responses (Issue 3064).<br> Support security annotations for forms that dont need anti-CSRF tokens.<br> Changed XXE rule to use new callback extension.<br> Notify of messages sent during Heartbleed scanning (Issue 2425).<br> Fix false positive in Code Disclosure - CVE-2012-1823 on image content (Issue 3846).<br> Fix false positive in Backup File Disclosure scanner on 403 responses (Issue 3911).<br> CsrfTokenScan : Keep session cookies instead of deleting all of them<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/ascanrulesBeta-beta-22.zap SHA1:6c764624a8c3ddbdc47d0b5276244f3681a5c060 2017-11-24 2762546 2.6.0 authstats Authentication Statistics Records logged in/out statistics for all contexts in scope. ZAP Core Team 1 authstats-alpha-1.zap alpha First version<br> https://github.com/zaproxy/zap-extensions/releases/download/2.5/authstats-alpha-1.zap SHA1:c00d7e572faba04ff1262bcc04406599a8b20ffd https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsAuthstatsAuthStats 2016-08-16 11605 2.5.0 beanshell BeanShell Console Provides a BeanShell Console ZAP Dev Team 5 beanshell-beta-5.zap beta Updated for ZAP 2.4 https://github.com/zaproxy/zap-extensions/releases/download/2.5/beanshell-beta-5.zap SHA1:1fc34a12180cd700cc6fad2236641936cece8cdc 2016-06-02 562333 2.4.0 browserView Browser View Adds an option to render HTML responses like a browser ZAP Dev Team 5 browserView-alpha-5.zap alpha Allow to properly scroll the rendered page. https://github.com/zaproxy/zap-extensions/releases/download/2.6/browserView-alpha-5.zap SHA1:6acfc72f0491d3b391d6633b3dc89ad6d4d4c801 2017-07-21 188142 2.4.0 bruteforce Forced Browse Forced browsing of files and directories using code from the OWASP DirBuster tool ZAP Dev Team 6 bruteforce-beta-6.zap beta Allow to set higher number of threads (Issue 2912).<br> Fix issue with multiple concurrent scans.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/bruteforce-beta-6.zap SHA1:5acad406b5d9abe8cf88b8c67eb9b7b9a4c8a5b0 2017-04-03 1000348 2.4.0 bugtracker Bug Tracker Bug Tracker extension. ZAP Dev Team 2 bugtracker-alpha-2.zap alpha Added help for the add-on https://github.com/zaproxy/zap-extensions/releases/download/2.6/bugtracker-alpha-2.zap SHA1:156b7ad6616db6a17d96ecea42c44542e5bbf163 2017-05-26 1995812 2.5.0 callgraph Call Graph Allows the user to view a call graph of the selected resources Colm O'Flaherty 4 callgraph-alpha-4.zap alpha Finish internationalisation.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/callgraph-alpha-4.zap SHA1:c369e9bc5c18800debe566595cdc73cc7a7f4629 2017-11-24 1158457 2.4.0 codedx Code Dx Extension Includes request and response data in XML reports and provides the ability to upload reports directly to a Code Dx server Code Dx, Inc. 5 codedx-alpha-5.zap alpha Add an upload to Code Dx option.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/codedx-alpha-5.zap SHA1:fad5d14acd070d6ab2b7baae7092a5f75f5b6a8c 2017-04-18 1185698 2.4.0 communityScripts Community Scripts Useful ZAP scripts written by the ZAP community. ZAP Community 4 communityScripts-alpha-4.zap alpha Updated with the latest scripts for 2.6.0<br> Stop the scripts from being registered twice<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/communityScripts-alpha-4.zap SHA1:822bb272b10cf3f185e92f297dec1ffe3ca142bb https://github.com/zaproxy/community-scripts 2017-10-17 335736 2.6.0 coreLang Core Language Files Translations of the core language files ZAP Dev Team 11 coreLang-release-11.zap release Fix installation issue. https://github.com/zaproxy/zap-extensions/releases/download/2.6/coreLang-release-11.zap SHA1:11e24142cd5e30d389161a1fc2e1dd08b445309c https://crowdin.com/project/zaproxy 2017-04-06 2715653 2.5.0 cspscanner Content Security Policy Scanner Content Security Policy (CSP) Scanner ZAP Dev Team 4 cspscanner-alpha-4.zap alpha Fixed missing error and warning messages.<br> Added evidence.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/cspscanner-alpha-4.zap SHA1:1d672d3575e395c5bd466274979338a5ece2d965 2017-07-27 112917 2.5.0 1.8 customreport CustomReport New HTML report module allows users to customize report content. Chienli Ma 2 customreport-alpha-2.zap alpha Allow to update/uninstall the add-on without restarting ZAP.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.5/customreport-alpha-2.zap SHA1:fe8f172a879e5372d040449973ac7a1a133eafd5 2016-06-02 557158 2.4.0 diff Diff Displays a dialog showing the differences between 2 requests or responses. It uses diffutils and diff_match_patch ZAP Dev Team 7 diff-beta-7.zap beta Minor code changes.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/diff-beta-7.zap SHA1:1a7cb9e64e0740d752280729dda4c3f606c29a6c 2017-04-03 235040 2.4.0 directorylistv1 Directory List v1.0 List of directory names to be used with "Forced Browse" add-on. ZAP Dev Team 3 directorylistv1-release-3.zap release Removed repeated files.<br> Added strings for version control directories of Git, Mercurial, SVN, CVS, Bazaar.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.5/directorylistv1-release-3.zap SHA1:135cd0a2e0831996811fec852e6871848c144bfc https://owasp.org/index.php/DirBuster 2016-06-02 847617 2.4.0 directorylistv2_3 Directory List v2.3 Lists of directory names to be used with "Forced Browse" add-on. ZAP Dev Team 3 directorylistv2_3-release-3.zap release Removed repeated files.<br> Added strings for version control directories of Git, Mercurial, SVN, Bazaar.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.5/directorylistv2_3-release-3.zap SHA1:29c1661ae88dcc7bd1577504cfc9415e0aefcbff https://owasp.org/index.php/DirBuster 2016-06-02 8608732 2.4.0 directorylistv2_3_lc Directory List v2.3 LC Lists of lower case directory names to be used with "Forced Browse" add-on. ZAP Dev Team 3 directorylistv2_3_lc-release-3.zap release Added strings for version control directories of Git, Mercurial, SVN, Bazaar.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.5/directorylistv2_3_lc-release-3.zap SHA1:d15984e9ca45e8cd238228cb471e8f6d59a61708 https://owasp.org/index.php/DirBuster 2016-06-02 7454765 2.4.0 domxss DOM XSS Active scanner rule DOM XSS Active scanner rule ZAP Dev Team 4 domxss-alpha-4.zap alpha Allow to use newer versions of Firefox (Issue 3396).<br> Provide the reason why the scanner was skipped.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/domxss-alpha-4.zap SHA1:031676c8d795251f94c8c57c645f2de236b69551 2017-08-18 193882 2.6.0 1.8 selenium 2.* exportreport Export Report Report Export module that allows users to customize content and export in a desired format. Goran Sarenkapa - JordanGS 4 exportreport-alpha-4.zap alpha Updated the command line help messages. https://github.com/zaproxy/zap-extensions/releases/download/2.6/exportreport-alpha-4.zap SHA1:019c1361b0b04ba70dd0406c67f16351f4a19d78 2017-05-25 6201200 2.5.0 formhandler Form Handler This Form Handler Add-on allows a user to define field names and values to be used in a form's fields. Fields can be added, modified, enabled, and deleted for use in form fields. ZAP Dev Team 1 formhandler-alpha-1.zap alpha First version https://github.com/zaproxy/zap-extensions/releases/download/2.6/formhandler-alpha-1.zap SHA1:6fc8df5c0c9c9a6d40ddefcc7c96e1c4b54df218 2017-03-23 87717 2.6.0 fuzz AdvFuzzer Advanced fuzzer for manual testing ZAP Dev Team 9 2.0.1 fuzz-beta-9.zap beta Code changes for Java 9 (Issue 2602).<br> Ignore empty payloads when highlighting or detecting reflections.<br> Contains new number generator payload.<br> Add null/empty payload generator.<br> Issue 3557: Backport export changes.<br> Set fuzzer script types enabled by default (Issue 2997).<br> Add description to script types.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/fuzz-beta-9.zap SHA1:56c15b8da1e19909ecc7fe06f29c6ba6b1c7f291 https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsFuzzConcepts 2017-11-24 2400821 2.6.0 fuzzdb FuzzDB files FuzzDB files which can be used with the ZAP fuzzer ZAP Dev Team 4 fuzzdb-release-4.zap release Update FuzzDB files. https://github.com/zaproxy/zap-extensions/releases/download/2.5/fuzzdb-release-4.zap SHA1:52009a0c13015e6b06e396a506ccb8668cca3f7a https://github.com/fuzzdb-project/fuzzdb/ 2016-06-02 5626766 2.4.0 gettingStarted Getting Started with ZAP Guide A short Getting Started with ZAP Guide ZAP Dev Team 7 gettingStarted-release-7.zap release Correct step when importing Root CA cert in Firefox (Issue 3724) https://github.com/zaproxy/zap-extensions/releases/download/2.6/gettingStarted-release-7.zap SHA1:05cad791a552ede6fd99133dd82299ee07b24108 2017-11-24 578773 2.6.0 help Help - English English (master) version of the ZAP help file. ZAP Crowdin Team 7 help-release-7.zap release Updated for 2.6.0 https://github.com/zaproxy/zap-extensions/releases/download/2.6/help-release-7.zap SHA1:1fb17288f60d46d70375049cda86bda5d978456e https://github.com/zaproxy/zap-core-help/wiki/HelpIntro 2017-04-06 763371 2.6.0 help_bs_BA Help - Bosnian Bosnian version of the ZAP help file. ZAP Crowdin Team 6 help_bs_BA-alpha-6.zap alpha Updated for 2.6.0 https://github.com/zaproxy/zap-extensions/releases/download/2.6/help_bs_BA-alpha-6.zap SHA1:8f54f0fe065762f101ee1818545dacca581b2a2c https://crowdin.com/project/zap-help 2017-11-24 773399 2.6.0 help_es_ES Help - Spanish Spanish version of the ZAP help file. ZAP Crowdin Team 6 help_es_ES-alpha-6.zap alpha Updated for 2.6.0 https://github.com/zaproxy/zap-extensions/releases/download/2.6/help_es_ES-alpha-6.zap SHA1:5055f43457c118363b828a6e83a036e4b5b13d52 https://crowdin.com/project/zap-help 2017-11-24 775922 2.6.0 help_fr_FR Help - French French version of the ZAP help file. ZAP Crowdin Team 6 help_fr_FR-alpha-6.zap alpha Updated for 2.6.0 https://github.com/zaproxy/zap-extensions/releases/download/2.6/help_fr_FR-alpha-6.zap SHA1:d2946f64199d1b4dad767f86ae92b408fa61c66f https://crowdin.com/project/zap-help 2017-11-24 773836 2.6.0 help_ja_JP Help - Japanese Japanese version of the ZAP help file. ZAP Crowdin Team 6 help_ja_JP-alpha-6.zap alpha Updated for 2.6.0 https://github.com/zaproxy/zap-extensions/releases/download/2.6/help_ja_JP-alpha-6.zap SHA1:50cf8563f1bd97f9cc3c9e90132057b5a6f8d484 https://crowdin.com/project/zap-help 2017-11-24 799759 2.6.0 help_pt_BR Help - Portuguese, Brazilian Portuguese, Brazilian version of the ZAP help file. ZAP Crowdin Team 7 help_pt_BR-release-7.zap release Updated for 2.6.0 https://github.com/zaproxy/zap-extensions/releases/download/2.6/help_pt_BR-release-7.zap SHA1:716cf91fdf7fc2e599120134157f672e0147672b https://crowdin.com/project/zap-help 2017-11-24 817771 2.6.0 highlighter Highlighter Allows you to highlight strings in the request and response tabs. ZAP Dev Team 6 highlighter-alpha-6.zap alpha Updated for ZAP 2.4 https://github.com/zaproxy/zap-extensions/releases/download/2.5/highlighter-alpha-6.zap SHA1:ebc48b0880ff7862839ae0158de9ddb038218735 2016-06-02 9568 2.4.0 httpsInfo HttpsInfo Displays HTTPS configuration information. ZAP Dev Team 10 httpsInfo-alpha-10.zap alpha Upgrade to use DeepViolet 5.0.3, which provides some minor logging changes.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/httpsInfo-alpha-10.zap SHA1:1f862f891f7a6aebf474c654547b98ffcb8651bf 2017-11-24 5545558 2.4.0 1.8 importLogFiles Log File Importer Allows you to import log files from ModSecurity and files previously exported from ZAP ZAP Dev Team 4 importLogFiles-alpha-4.zap alpha Use API actions when importing files. https://github.com/zaproxy/zap-extensions/releases/download/2.6/importLogFiles-alpha-4.zap SHA1:ed557f0caf1e7c630532d9171f13f8afaa99be30 https://github.com/zaproxy/zaproxy/wiki/MozillaMentorship_ImportingModSecurityLogs 2017-05-05 152363 2.4.0 importurls Import files containing URLs Adds an option to import a file of URLs. The file must be plain text with one URL per line. ZAP Dev Team 4 importurls-beta-4.zap beta Minor change to help content. https://github.com/zaproxy/zap-extensions/releases/download/2.6/importurls-beta-4.zap SHA1:e3df25f154a3a2001a8afffabebae9bf0a066416 2017-11-24 223832 2.4.0 invoke Invoke Applications Invoke external applications passing context related information such as URLs and parameters ZAP Dev Team 7 invoke-beta-7.zap beta Report/log when the application fails to start (related to Issue 3960).<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/invoke-beta-7.zap SHA1:311a21e7ae14d996422bf48813c3b10602a98e00 2017-10-19 291274 2.4.1 jruby Ruby scripting Allows Ruby to be used for ZAP scripting - templates included ZAP Dev Team 5 jruby-beta-5.zap beta Add template for HTTP Sender script.<br> Dynamically unload the add-on.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/jruby-beta-5.zap SHA1:30920fbda214b6dea5dbf77a0f8c397cb38f2782 2017-09-28 22471619 2.4.0 jxbrowser JxBrowser (core) An embedded browser based on Chromium, you must also install the relevant platform specific add-on ZAP Dev Team 7 jxbrowser-alpha-7.zap alpha Updated to JxBrowser 6.17.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/jxbrowser-alpha-7.zap SHA1:661745f3809e80bc72251a5eebc21c98441f0eec 2017-11-20 1412665 2.5.0 jxbrowserlinux32 JxBrowser (Linux 32) An embedded browser based on Chromium, Linux 32 specific ZAP Dev Team 3 jxbrowserlinux32-alpha-3.zap alpha Updated for JxBrowser 6.14.2.<br> Updated to support latest selenium interfaces.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/jxbrowserlinux32-alpha-3.zap SHA1:ac8303a826fafe4df75ef348b5d2f7ce1f134cb6 2017-08-18 47149067 2.5.0 jxbrowser webdriverlinux jxbrowserlinux64 JxBrowser (Linux 64) An embedded browser based on Chromium, Linux 64 specific ZAP Dev Team 4 jxbrowserlinux64-alpha-4.zap alpha Updated for JxBrowser 6.17<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/jxbrowserlinux64-alpha-4.zap SHA1:db770aa5b37d386c142ba1943a6b2928dbf6cd23 2017-11-20 52750394 2.5.0 jxbrowser webdriverlinux jxbrowsermacos JxBrowser (Mac OS) An embedded browser based on Chromium, Mac OS specific ZAP Dev Team 4 jxbrowsermacos-alpha-4.zap alpha Updated for JxBrowser 6.17<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/jxbrowsermacos-alpha-4.zap SHA1:a57a6d297feda6e842b5756685f19bbf3b31ca95 2017-11-20 56486892 2.5.0 jxbrowser webdrivermacos jxbrowserwindows JxBrowser (Windows) An embedded browser based on Chromium, Windows specific ZAP Dev Team 4 jxbrowserwindows-alpha-4.zap alpha Updated for JxBrowser 6.17<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/jxbrowserwindows-alpha-4.zap SHA1:3cdbaa964a2fea7b6c9d7fc696253d6a90eb46b1 2017-11-20 36680513 2.5.0 jxbrowser webdriverwindows jython Python scripting Allows Python to be used for ZAP scripting - templates included ZAP Dev Team 7 jython-beta-7.zap beta Do not initialise java.awt.Toolkit when in daemon.<br> Update HTTP Sender template with initiator ID of AJAX Spider.<br> Added extender template and example.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/jython-beta-7.zap SHA1:00e03758368f562d26ba135155a39f1976b003cc 2017-10-27 41727201 2.4.0 onlineMenu Online menus ZAP Online menu items ZAP Dev Team 5 onlineMenu-release-5.zap release Minor code changes.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/onlineMenu-release-5.zap SHA1:1d403adc3667f732ed3a029e363389fd3457dc02 https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsOnlineMenuOnlineMenu 2017-04-06 200046 2.4.0 openapi OpenAPI Support Imports and spiders Open API definitions. ZAP Core Team plus Joanna Bona, Artur Grzesica, Michal Materniak and Marcin Spiewak 8 openapi-alpha-8.zap alpha Fix NPE in BodyGenerator.<br> Fix NPEs when a parameter is null.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/openapi-alpha-8.zap SHA1:c28949de9794a974ff54864a54970d9a4ae0612e 2017-11-24 3171797 2.6.0 plugnhack Plug-n-Hack Configuration Supports the Mozilla Plug-n-Hack standard: https://developer.mozilla.org/en-US/docs/Plug-n-Hack. ZAP Dev Team 10 plugnhack-beta-10.zap beta Make breakpoint dialogues modal.<br> Changed to use api nonces and include new fx_pnh.xpi (still unsigned).<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/plugnhack-beta-10.zap SHA1:a71447529ca963139d454e940eff2a8ef4625dde https://developer.mozilla.org/en-US/docs/Plug-n-Hack 2017-06-20 692662 2.4.0 portscan Port Scanner Allows to port scan a target server ZAP Dev Team 8 portscan-beta-8.zap beta Code changes for Java 9 (Issue 2602).<br> Issue 3513: Options panel UI fixes.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/portscan-beta-8.zap SHA1:8c3c025534e804eede8d26fb3d5febec51059d96 2017-11-24 633257 2.4.0 pscanrules Passive scanner rules The release quality Passive Scanner rules ZAP Dev Team 20 pscanrules-release-20.zap release Fix false positive with Secure Pages Include Mixed Content and JavaScript files (Issue 3581).<br> Fix false positive with Private IP Disclosure when target is a private IP on a non-standard port (Issue 3549).<br> Fix false positive with X-Content-Type-Options Header Missing with certain system locales.<br> Fix X-Content-Type-Options help content (Issue 3986).<br> Remove N/A value from parameter of alert Session ID in URL Rewrite.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/pscanrules-release-20.zap SHA1:bb8329a047fcd4f318bd7e4caa72ff4a7d3ebce6 2017-11-24 521226 2.4.0 pscanrulesAlpha Passive scanner rules (alpha) The alpha quality Passive Scanner rules ZAP Dev Team 18 pscanrulesAlpha-alpha-18.zap alpha Correct typo in XCOLD alert description (Issue 3997).<br> Do not set a value in the attack fields.<br> Do not rely on system's charset to create request/response bodies.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/pscanrulesAlpha-alpha-18.zap SHA1:c8ec9c62c2d94e52d36b14cd586eb5d5c0b31e20 2017-11-24 2214618 2.6.0 pscanrulesBeta Passive scanner rules (beta) The beta quality Passive Scanner rules ZAP Dev Team 17 pscanrulesBeta-beta-17.zap beta Minor changes to InsecureJFSViewStatePassiveScanner (check response contains JSF viewstate or if it's server stored).<br/> Improve the domain matching in CookieLooselyScopedScanner.<br/> Issue 3449: CSRFcountermeasures passive scanner now raises alerts on a per-form basis on pages with multiple forms.<br/> Issue 3937: Update ServletParameterPollutionScanner reference.<br/> https://github.com/zaproxy/zap-extensions/releases/download/2.6/pscanrulesBeta-beta-17.zap SHA1:7d1870ff53c1b9ea361d8033ca203c9cec9d5e93 2017-11-24 557020 2.4.0 quickstart Quick Start Provides a tab which allows you to quickly test a target application ZAP Dev Team 21 quickstart-release-21.zap release Add option to launch a browser via selenium (v20).<br> Fix to the default launch page url for 2.6.0.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/quickstart-release-21.zap SHA1:1a853c19abf8b524678d44d34894dc880590cdd9 2017-08-18 370682 2.6.0 replacer Replacer Easy way to replace strings in requests and responses. ZAP Dev Team 3 replacer-beta-3.zap beta Added API support https://github.com/zaproxy/zap-extensions/releases/download/2.6/replacer-beta-3.zap SHA1:9bfa4d030c8ab519f05250dc57af1e194a8563a0 2017-06-23 283688 2.6.0 requester Requester Request numbered panel. Surikato 1 requester-alpha-1.zap alpha https://github.com/zaproxy/zap-extensions/releases/download/2.5/requester-alpha-1.zap SHA1:3f43ac40b5b6225ebdc918df0b14cd53f0e7e8a2 2016-06-02 40411 2.4.2 reveal Reveal Show hidden fields and enable disabled fields ZAP Dev Team 2 reveal-release-2.zap release Code changes and API documentation. https://github.com/zaproxy/zap-extensions/releases/download/2.5/reveal-release-2.zap SHA1:fd0e6c2f99a7bba052c11b076794984615dc32e1 2016-06-02 221496 2.4.0 revisit Revisit Revisit a site at any time in the past using the session history ZAP Dev Team 2 revisit-alpha-2.zap alpha Allow to update/uninstall the add-on without restarting ZAP.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.5/revisit-alpha-2.zap SHA1:84087ce758254bc515160b458bcf5c2c82773641 2016-06-02 279982 2.4.2 saml SAML Extension Detect, Show, Edit, Fuzz SAML requests ZAP Dev Team 7 saml-alpha-7.zap alpha Minor code change to work with ZAP 2.5.0.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/saml-alpha-7.zap SHA1:47e830cfffbe0742440f9923356ed73f3e817074 https://github.com/zaproxy/zaproxy 2017-11-24 997657 2.4.0 saverawmessage Save Raw Message Allows to save content of HTTP messages as binary ZAP Dev Team 3 saverawmessage-release-3.zap release Remember last selected directory (Issue 2446). https://github.com/zaproxy/zap-extensions/releases/download/2.5/saverawmessage-release-3.zap SHA1:49868206b8b621fd7b2e7eeff11dbdf8c11b4d82 2016-06-02 27005 2.4.0 scripts Script Console Supports all JSR 223 scripting languages ZAP Dev Team 21 scripts-beta-21.zap beta Show script types in alphabetical order in dialogues New and Load Script.<br> Fix an exception when installing extender scripts with errors.<br> Correct state of Enabled checkbox when creating a script from templates.<br> Allow to enable code folding in script text area.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/scripts-beta-21.zap SHA1:d98f881c4fc631d51c970b3d8f1bc3b2f212ab45 https://github.com/zaproxy/zaproxy/wiki/ScriptConsole 2017-11-24 572335 2.6.0 selenium Selenium WebDriver provider and includes HtmlUnit browser ZAP Dev Team 12 2.0.0 selenium-release-12.zap release Update Selenium to version 3.7.1.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/selenium-release-12.zap SHA1:e911953dc08b49147468aea6762483efcc0b890b 2017-11-20 22780374 2.6.0 1.8 sequence Sequence Gives the possibility of defining a sequence of requests to be scanned. ZAP Dev Team 4 sequence-alpha-4.zap alpha Correct error message to include the script name.<br> Add help content (Issue 2191).<br> Depend on Zest extension, since it is currently the only script option for Sequence scripts.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/sequence-alpha-4.zap SHA1:734c30eddc68fa938e9f7eedb8d3284c255b5038 2017-05-25 1319013 2.4.1 zest sniTerminator SNI Terminator Transparent HTTP proxying ZAP Dev Team 5 sniTerminator-alpha-5.zap alpha Minor code changes. https://github.com/zaproxy/zap-extensions/releases/download/2.6/sniTerminator-alpha-5.zap SHA1:e84387ae6343989c2d1d943797c22c5f1bf990c2 http://www.computerist.org/blog/2014/07/23/Transparent-HTTPS-proxying-with-ZAP/ 2017-11-24 254816 2.4.1 1.8 soap SOAP Scanner Imports and scans WSDL files containing SOAP endpoints. Alberto (albertov91) + ZAP Core team 3 soap-alpha-3.zap alpha Added API, help and other minor code changes. https://github.com/zaproxy/zap-extensions/releases/download/2.6/soap-alpha-3.zap SHA1:c02815ca249e8d2736d9e66498bfe7d43ed0d464 2017-03-31 7337575 2.5.0 spiderAjax Ajax Spider Allows you to spider sites that make heavy use of JavaScript using Crawljax ZAP Dev Team 19 spiderAjax-release-19.zap release Code changes for Java 9 (Issue 2602).<br> Fix "Internal Error" when accessing the full results API view.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/spiderAjax-release-19.zap SHA1:02de7ca1ba480b91e2ccc82e749401f1558e712c https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsSpiderAjaxConcepts 2017-11-24 2595311 2.6.0 1.8 selenium 2.* sqliplugin Advanced SQLInjection Scanner An advanced active injection bundle for SQLi (derived by SQLMap) Andrea Pompili (Yhawke) 11 sqliplugin-beta-11.zap beta Check all DB techs when evaluating if the scanner should be run.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.5/sqliplugin-beta-11.zap SHA1:33b91ef51c3fb322efe14a8da56a77252760d392 2016-07-07 104490 2.4.1 sse Server-Sent Events Allows you to view Server-Sent Events (SSE) communication. ZAP Dev Team 9 sse-alpha-9.zap alpha https://github.com/zaproxy/zap-extensions/releases/download/2.5/sse-alpha-9.zap SHA1:c642ed5fa03bc2c7840c722baf9dc9d842197e9d 2016-06-02 331696 2.4.0 svndigger SVN Digger files SVN Digger files which can be used with ZAP forced browsing ZAP Dev Team 3 svndigger-beta-3.zap beta Updated for ZAP 2.4 https://github.com/zaproxy/zap-extensions/releases/download/2.5/svndigger-beta-3.zap SHA1:257803a38ab33b7645deb63562d1fcce2c4fb46c http://www.mavitunasecurity.com/blog/svn-digger-better-lists-for-forced-browsing/ 2016-06-02 614846 2.4.0 tips Tips and Tricks Display ZAP Tips and Tricks ZAP Dev Team 6 tips-beta-6.zap beta Minor code changes. https://github.com/zaproxy/zap-extensions/releases/download/2.6/tips-beta-6.zap SHA1:ae835ec3e884148f1ff49daf6fc80d613e28e297 2017-04-03 501880 2.4.0 tlsdebug TLS Debug Provides a tab which allows to quickly debug a TLS/SSL connection P.M.J. Roth 2 tlsdebug-alpha-2.zap alpha Code changes for Java 9 (Issue 2602).<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/tlsdebug-alpha-2.zap SHA1:813cedda7bf5afe7c0b12ca0b520a11fc0829805 2017-11-24 234477 2.4.0 tokengen Token generation and analysis Allows you to generate and analyze pseudo random tokens, such as those used for session handling or CSRF protection ZAP Dev Team 11 tokengen-beta-11.zap beta Use custom HTTP Sender initiator ID.<br> Show same cookies once in Generate Tokens dialogue (Issue 2116).<br> Fix exception when no tokens are found (Issue 2116).<br> Added help file.<br> Issue 2338: Allow dynamic timeout adjustment to combat read timeout issues.<br> Ensure initial dialog is properly sized.<br> Issue 2000: Title caps adjustments.<br> Code changes for Java 9 (Issue 2602).<br> Ensure Analyse Token dialogue is shown in front of main window.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/tokengen-beta-11.zap SHA1:39b89cb4404a59b8df848e6f69cb74146d80c84e 2017-11-24 478974 2.5.0 treetools TreeTools Tools to add functionality to the tree view. Carl Sampson 6 treetools-beta-6.zap beta Safe menu items will now be enabled in protected and safe modes (Issue 1278). https://github.com/zaproxy/zap-extensions/releases/download/2.5/treetools-beta-6.zap SHA1:65dc679630d1d273cb4e8f541247d1deeff836e6 2016-06-02 17636 2.4.0 viewstate ViewState ASP/JSF ViewState Decoder and Editor Calum Hutton 1 viewstate-alpha-1.zap alpha https://github.com/zaproxy/zap-extensions/releases/download/2.5/viewstate-alpha-1.zap SHA1:55decd0f02e3a75bcc8e6f3ce757d569e398a099 2016-09-14 25184 2.4.0 wappalyzer Technology detection using Wappalyzer Technology detection using Wappalyzer: wappalyzer.com ZAP Dev Team 9 wappalyzer-alpha-9.zap alpha Updated Wappalyzer github link in help content.<br> Code changes for Java 9 (Issue 2602).<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/wappalyzer-alpha-9.zap SHA1:81a5a935c80f8ed51eebcc401cd18da3cc18e799 2017-11-24 1283522 2.5.0 webdriverlinux Linux WebDrivers Linux WebDrivers for Firefox and Chrome. ZAP Dev Team 4 webdriverlinux-beta-4.zap beta Update geckodriver to v0.19.1<br> Update chromedriver to 2.33<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/webdriverlinux-beta-4.zap SHA1:85bd6f4960786ac28ca225e0325f7f4d6f30c64c 2017-11-20 12848091 2.4.0 webdrivermacos MacOS WebDrivers MacOS WebDrivers for Firefox and Chrome. ZAP Dev Team 4 webdrivermacos-beta-4.zap beta Update geckodriver to v0.19.1<br> Update chromedriver to 2.33<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/webdrivermacos-beta-4.zap SHA1:2fb8f05781e5f3245f504ab45c7c2303e0b22d31 2017-11-20 6751167 2.4.0 webdriverwindows Windows WebDrivers Windows WebDrivers for Firefox, Chrome and IE. ZAP Dev Team 4 webdriverwindows-beta-4.zap beta Update geckodriver to v0.19.1<br> Update chromedriver to 2.33<br> Update IEDriverServer to 3.7.0<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/webdriverwindows-beta-4.zap SHA1:5ea6424eadf1b2128d55b4c8976fb42a9e314de0 2017-11-20 10340638 2.4.0 websocket WebSockets Allows you to inspect WebSocket communication. ZAP Dev Team 13 websocket-release-13.zap release Fix context include/exclude pop up menu items.<br> Fix/correct help buttons.<br> Set fuzzer script type enabled by default (Issue 2997).<br> Normalise the Session Properties panel Exclude from WebSockets.<br> Implements WebSocketSenderListener.<br> Use JRE decoder for UTF-8 conversions and log (debug) invalid payloads (related to Issue 3324).<br> Focus WebSockets tab just once (Issue 3747).<br> Minor code adjustment to align with core changes.<br> Code changes for Java 9 (Issue 2602).<br> Remove header Sec-WebSocket-Extensions (Issue 3324).<br> Add description to Fuzzer WebSocket Processor script type.<br> Update fuzzer template (use JSDoc and fix typos).<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/websocket-release-13.zap SHA1:3537ba2e56d42f9d54a0640b76c7ead800d016cf 2017-11-24 849497 2.6.0 zest Zest - Graphical Security Scripting Language A graphical security scripting language, ZAPs macro language on steroids ZAP Dev Team 25 zest-beta-25.zap beta Address exception when adding calc assign statement.<br> Validate cookie name not empty.<br> Code changes for Java 9 (Issue 2602).<br> Default 'load on start' to true in all cases.<br> Re-enabled parameterize option.<br> Cope with parameterizing strings in the URL.<br> Correct drag-and-drop in loop statements.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.6/zest-beta-25.zap SHA1:1b41d2860e2db295317558c6ce8d8c3df5b540ac https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsZestZest 2017-10-17 2088483 2.6.0 1.8 selenium >=2.0.0 & <3.0.0