2.14.0
D-2021-10-18
https://github.com/zaproxy/zaproxy/releases/download/w2021-10-18/ZAP_WEEKLY_D-2021-10-18.zip
ZAP_WEEKLY_D-2021-10-18.zip
SHA-256:9d4bcb12e47293f3cbc4c32285b8469e620f092bb2519e65e12e5e528a25a8ad
188556676
https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2_14_0_windows-x32.exe
ZAP_2_14_0_windows-x32.exe
SHA-256:5dae52e27da12fba5115e40ebc0cd2da24f6d9ba91608a7b0b7b254984a0b798
220967424
https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2_14_0_windows.exe
ZAP_2_14_0_windows.exe
SHA-256:df49ffbd14cf82cde5ac06902615e40cbfce1576f866436366708c0845eb9ec6
221097472
https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2.14.0_Linux.tar.gz
ZAP_2.14.0_Linux.tar.gz
SHA-256:219d7f25bbe25247713805ab02cc12279898c870743c1aae3c2b0b1882191960
215142045
https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2.14.0.dmg
ZAP_2.14.0.dmg
SHA-256:3b9862a647b1c5c26d6917f2316113dfaceac06bdb79ad3f2c96e0cbd73861f7
244671708
Bug fix and enhancement release.
https://www.zaproxy.org/docs/desktop/releases/2.14.0/
accessControl
Access Control Testing
Adds a set of tools for testing access control in web applications.
ZAP Dev Team
3
accessControl-alpha-3.zap
alpha
Fix exception that occurred with Java 9 (Issue 3934).<br>
Allow to copy multiple results and copy correct value from the result column.<br>
Display correct message when the table is sorted.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/accessControl-alpha-3.zap
SHA1:21f36dc3c4b6ebff10ac8fbb4f358b78b89328d0
2017-11-24
512096
2.4.0
alertFilters
Context Alert Filters
Allows you to automate the changing of alert risk levels.
ZAP Dev Team
5
alertFilters-beta-5.zap
beta
Dynamically unload the add-on.<br>
Clear filters on session changes (Issue 3683).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/alertFilters-beta-5.zap
SHA1:30ca048b72f3c6de3c011ab00bdb7c8822dedda0
2017-11-24
285973
2.6.0
alertReport
Report alert generator
Allows you to generate reports for alerts you specify in pdf or odt format
Talsoft SRL
14
alertReport-beta-14.zap
beta
Fix an exception while generating the report (Issue 1612).<br>
Include Alert's evidence in report of ODT format.
https://github.com/zaproxy/zap-extensions/releases/download/2.5/alertReport-beta-14.zap
SHA1:d5f2a410eafec455e4b1051eb68d7d6560c68be5
http://www.talsoft.com.ar
2016-06-02
9712171
2.4.0
amf
AMF
Adds support for AMF messages
ZAP Dev Team
2
amf-alpha-2.zap
alpha
Deserialise the AMF request.
https://github.com/zaproxy/zap-extensions/releases/download/2.6/amf-alpha-2.zap
SHA1:e34f73753902f2ebedc0be130b446cae39ff4784
2017-05-26
813478
2.4.0
ascanrules
Active scanner rules
The release quality Active Scanner rules
ZAP Dev Team
27
ascanrules-release-27.zap
release
Issue 1365: Additional Path Traversal detection.<br>
Correct alert's evidence/attack of Parameter Tampering (Issue 3524).<br>
Fix Path Traversal false positives when etc is a substring (Issue 3735).<br>
Code changes for Java 9 (Issue 2602).<br>
TestSQLInjection Modifications to improve handling of injected math expressions and reflected params (Issue 3139).</br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/ascanrules-release-27.zap
SHA1:348588e03ee6019e46514e6380af07ddd1fc02ec
2017-11-24
594932
2.4.1
ascanrulesAlpha
Active scanner rules (alpha)
The alpha quality Active Scanner rules
ZAP Dev Team
20
ascanrulesAlpha-alpha-20.zap
alpha
Code changes for Java 9 (Issue 2602).<br>
Correct handling of messages with emtpy path.<br>
Add Get for Post Scanner.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/ascanrulesAlpha-alpha-20.zap
SHA1:df085930d5a817a60a1dd98cb3beae5750916186
https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsAscanrulesAlphaAscanalpha
2017-11-24
1434903
2.4.1
ascanrulesBeta
Active scanner rules (beta)
The beta quality Active Scanner rules
ZAP Dev Team
22
ascanrulesBeta-beta-22.zap
beta
Fix FP in "Source Code Disclosure - /WEB-INF folder" on successful responses (Issue 3048).<br>
Fix FP in "Integer Overflow Error" on 500 error responses (Issue 3064).<br>
Support security annotations for forms that dont need anti-CSRF tokens.<br>
Changed XXE rule to use new callback extension.<br>
Notify of messages sent during Heartbleed scanning (Issue 2425).<br>
Fix false positive in Code Disclosure - CVE-2012-1823 on image content (Issue 3846).<br>
Fix false positive in Backup File Disclosure scanner on 403 responses (Issue 3911).<br>
CsrfTokenScan : Keep session cookies instead of deleting all of them<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/ascanrulesBeta-beta-22.zap
SHA1:6c764624a8c3ddbdc47d0b5276244f3681a5c060
2017-11-24
2762546
2.6.0
authstats
Authentication Statistics
Records logged in/out statistics for all contexts in scope.
ZAP Core Team
1
authstats-alpha-1.zap
alpha
First version<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.5/authstats-alpha-1.zap
SHA1:c00d7e572faba04ff1262bcc04406599a8b20ffd
https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsAuthstatsAuthStats
2016-08-16
11605
2.5.0
beanshell
BeanShell Console
Provides a BeanShell Console
ZAP Dev Team
5
beanshell-beta-5.zap
beta
Updated for ZAP 2.4
https://github.com/zaproxy/zap-extensions/releases/download/2.5/beanshell-beta-5.zap
SHA1:1fc34a12180cd700cc6fad2236641936cece8cdc
2016-06-02
562333
2.4.0
browserView
Browser View
Adds an option to render HTML responses like a browser
ZAP Dev Team
5
browserView-alpha-5.zap
alpha
Allow to properly scroll the rendered page.
https://github.com/zaproxy/zap-extensions/releases/download/2.6/browserView-alpha-5.zap
SHA1:6acfc72f0491d3b391d6633b3dc89ad6d4d4c801
2017-07-21
188142
2.4.0
bruteforce
Forced Browse
Forced browsing of files and directories using code from the OWASP DirBuster tool
ZAP Dev Team
6
bruteforce-beta-6.zap
beta
Allow to set higher number of threads (Issue 2912).<br>
Fix issue with multiple concurrent scans.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/bruteforce-beta-6.zap
SHA1:5acad406b5d9abe8cf88b8c67eb9b7b9a4c8a5b0
2017-04-03
1000348
2.4.0
bugtracker
Bug Tracker
Bug Tracker extension.
ZAP Dev Team
2
bugtracker-alpha-2.zap
alpha
Added help for the add-on
https://github.com/zaproxy/zap-extensions/releases/download/2.6/bugtracker-alpha-2.zap
SHA1:156b7ad6616db6a17d96ecea42c44542e5bbf163
2017-05-26
1995812
2.5.0
callgraph
Call Graph
Allows the user to view a call graph of the selected resources
Colm O'Flaherty
4
callgraph-alpha-4.zap
alpha
Finish internationalisation.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/callgraph-alpha-4.zap
SHA1:c369e9bc5c18800debe566595cdc73cc7a7f4629
2017-11-24
1158457
2.4.0
codedx
Code Dx Extension
Includes request and response data in XML reports and provides the ability to upload reports directly to a Code Dx server
Code Dx, Inc.
5
codedx-alpha-5.zap
alpha
Add an upload to Code Dx option.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/codedx-alpha-5.zap
SHA1:fad5d14acd070d6ab2b7baae7092a5f75f5b6a8c
2017-04-18
1185698
2.4.0
communityScripts
Community Scripts
Useful ZAP scripts written by the ZAP community.
ZAP Community
4
communityScripts-alpha-4.zap
alpha
Updated with the latest scripts for 2.6.0<br>
Stop the scripts from being registered twice<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/communityScripts-alpha-4.zap
SHA1:822bb272b10cf3f185e92f297dec1ffe3ca142bb
https://github.com/zaproxy/community-scripts
2017-10-17
335736
2.6.0
coreLang
Core Language Files
Translations of the core language files
ZAP Dev Team
11
coreLang-release-11.zap
release
Fix installation issue.
https://github.com/zaproxy/zap-extensions/releases/download/2.6/coreLang-release-11.zap
SHA1:11e24142cd5e30d389161a1fc2e1dd08b445309c
https://crowdin.com/project/zaproxy
2017-04-06
2715653
2.5.0
cspscanner
Content Security Policy Scanner
Content Security Policy (CSP) Scanner
ZAP Dev Team
4
cspscanner-alpha-4.zap
alpha
Fixed missing error and warning messages.<br>
Added evidence.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/cspscanner-alpha-4.zap
SHA1:1d672d3575e395c5bd466274979338a5ece2d965
2017-07-27
112917
2.5.0
1.8
customreport
CustomReport
New HTML report module allows users to customize report content.
Chienli Ma
2
customreport-alpha-2.zap
alpha
Allow to update/uninstall the add-on without restarting ZAP.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.5/customreport-alpha-2.zap
SHA1:fe8f172a879e5372d040449973ac7a1a133eafd5
2016-06-02
557158
2.4.0
diff
Diff
Displays a dialog showing the differences between 2 requests or responses. It uses diffutils and diff_match_patch
ZAP Dev Team
7
diff-beta-7.zap
beta
Minor code changes.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/diff-beta-7.zap
SHA1:1a7cb9e64e0740d752280729dda4c3f606c29a6c
2017-04-03
235040
2.4.0
directorylistv1
Directory List v1.0
List of directory names to be used with "Forced Browse" add-on.
ZAP Dev Team
3
directorylistv1-release-3.zap
release
Removed repeated files.<br>
Added strings for version control directories of Git, Mercurial, SVN, CVS, Bazaar.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.5/directorylistv1-release-3.zap
SHA1:135cd0a2e0831996811fec852e6871848c144bfc
https://owasp.org/index.php/DirBuster
2016-06-02
847617
2.4.0
directorylistv2_3
Directory List v2.3
Lists of directory names to be used with "Forced Browse" add-on.
ZAP Dev Team
3
directorylistv2_3-release-3.zap
release
Removed repeated files.<br>
Added strings for version control directories of Git, Mercurial, SVN, Bazaar.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.5/directorylistv2_3-release-3.zap
SHA1:29c1661ae88dcc7bd1577504cfc9415e0aefcbff
https://owasp.org/index.php/DirBuster
2016-06-02
8608732
2.4.0
directorylistv2_3_lc
Directory List v2.3 LC
Lists of lower case directory names to be used with "Forced Browse" add-on.
ZAP Dev Team
3
directorylistv2_3_lc-release-3.zap
release
Added strings for version control directories of Git, Mercurial, SVN, Bazaar.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.5/directorylistv2_3_lc-release-3.zap
SHA1:d15984e9ca45e8cd238228cb471e8f6d59a61708
https://owasp.org/index.php/DirBuster
2016-06-02
7454765
2.4.0
domxss
DOM XSS Active scanner rule
DOM XSS Active scanner rule
ZAP Dev Team
4
domxss-alpha-4.zap
alpha
Allow to use newer versions of Firefox (Issue 3396).<br>
Provide the reason why the scanner was skipped.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/domxss-alpha-4.zap
SHA1:031676c8d795251f94c8c57c645f2de236b69551
2017-08-18
193882
2.6.0
1.8
selenium
2.*
exportreport
Export Report
Report Export module that allows users to customize content and export in a desired format.
Goran Sarenkapa - JordanGS
4
exportreport-alpha-4.zap
alpha
Updated the command line help messages.
https://github.com/zaproxy/zap-extensions/releases/download/2.6/exportreport-alpha-4.zap
SHA1:019c1361b0b04ba70dd0406c67f16351f4a19d78
2017-05-25
6201200
2.5.0
formhandler
Form Handler
This Form Handler Add-on allows a user to define field names and values to be used in a form's fields. Fields can be added, modified, enabled, and deleted for use in form fields.
ZAP Dev Team
1
formhandler-alpha-1.zap
alpha
First version
https://github.com/zaproxy/zap-extensions/releases/download/2.6/formhandler-alpha-1.zap
SHA1:6fc8df5c0c9c9a6d40ddefcc7c96e1c4b54df218
2017-03-23
87717
2.6.0
fuzz
AdvFuzzer
Advanced fuzzer for manual testing
ZAP Dev Team
9
2.0.1
fuzz-beta-9.zap
beta
Code changes for Java 9 (Issue 2602).<br>
Ignore empty payloads when highlighting or detecting reflections.<br>
Contains new number generator payload.<br>
Add null/empty payload generator.<br>
Issue 3557: Backport export changes.<br>
Set fuzzer script types enabled by default (Issue 2997).<br>
Add description to script types.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/fuzz-beta-9.zap
SHA1:56c15b8da1e19909ecc7fe06f29c6ba6b1c7f291
https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsFuzzConcepts
2017-11-24
2400821
2.6.0
fuzzdb
FuzzDB files
FuzzDB files which can be used with the ZAP fuzzer
ZAP Dev Team
4
fuzzdb-release-4.zap
release
Update FuzzDB files.
https://github.com/zaproxy/zap-extensions/releases/download/2.5/fuzzdb-release-4.zap
SHA1:52009a0c13015e6b06e396a506ccb8668cca3f7a
https://github.com/fuzzdb-project/fuzzdb/
2016-06-02
5626766
2.4.0
gettingStarted
Getting Started with ZAP Guide
A short Getting Started with ZAP Guide
ZAP Dev Team
7
gettingStarted-release-7.zap
release
Correct step when importing Root CA cert in Firefox (Issue 3724)
https://github.com/zaproxy/zap-extensions/releases/download/2.6/gettingStarted-release-7.zap
SHA1:05cad791a552ede6fd99133dd82299ee07b24108
2017-11-24
578773
2.6.0
help
Help - English
English (master) version of the ZAP help file.
ZAP Crowdin Team
7
help-release-7.zap
release
Updated for 2.6.0
https://github.com/zaproxy/zap-extensions/releases/download/2.6/help-release-7.zap
SHA1:1fb17288f60d46d70375049cda86bda5d978456e
https://github.com/zaproxy/zap-core-help/wiki/HelpIntro
2017-04-06
763371
2.6.0
help_bs_BA
Help - Bosnian
Bosnian version of the ZAP help file.
ZAP Crowdin Team
6
help_bs_BA-alpha-6.zap
alpha
Updated for 2.6.0
https://github.com/zaproxy/zap-extensions/releases/download/2.6/help_bs_BA-alpha-6.zap
SHA1:8f54f0fe065762f101ee1818545dacca581b2a2c
https://crowdin.com/project/zap-help
2017-11-24
773399
2.6.0
help_es_ES
Help - Spanish
Spanish version of the ZAP help file.
ZAP Crowdin Team
6
help_es_ES-alpha-6.zap
alpha
Updated for 2.6.0
https://github.com/zaproxy/zap-extensions/releases/download/2.6/help_es_ES-alpha-6.zap
SHA1:5055f43457c118363b828a6e83a036e4b5b13d52
https://crowdin.com/project/zap-help
2017-11-24
775922
2.6.0
help_fr_FR
Help - French
French version of the ZAP help file.
ZAP Crowdin Team
6
help_fr_FR-alpha-6.zap
alpha
Updated for 2.6.0
https://github.com/zaproxy/zap-extensions/releases/download/2.6/help_fr_FR-alpha-6.zap
SHA1:d2946f64199d1b4dad767f86ae92b408fa61c66f
https://crowdin.com/project/zap-help
2017-11-24
773836
2.6.0
help_ja_JP
Help - Japanese
Japanese version of the ZAP help file.
ZAP Crowdin Team
6
help_ja_JP-alpha-6.zap
alpha
Updated for 2.6.0
https://github.com/zaproxy/zap-extensions/releases/download/2.6/help_ja_JP-alpha-6.zap
SHA1:50cf8563f1bd97f9cc3c9e90132057b5a6f8d484
https://crowdin.com/project/zap-help
2017-11-24
799759
2.6.0
help_pt_BR
Help - Portuguese, Brazilian
Portuguese, Brazilian version of the ZAP help file.
ZAP Crowdin Team
7
help_pt_BR-release-7.zap
release
Updated for 2.6.0
https://github.com/zaproxy/zap-extensions/releases/download/2.6/help_pt_BR-release-7.zap
SHA1:716cf91fdf7fc2e599120134157f672e0147672b
https://crowdin.com/project/zap-help
2017-11-24
817771
2.6.0
highlighter
Highlighter
Allows you to highlight strings in the request and response tabs.
ZAP Dev Team
6
highlighter-alpha-6.zap
alpha
Updated for ZAP 2.4
https://github.com/zaproxy/zap-extensions/releases/download/2.5/highlighter-alpha-6.zap
SHA1:ebc48b0880ff7862839ae0158de9ddb038218735
2016-06-02
9568
2.4.0
httpsInfo
HttpsInfo
Displays HTTPS configuration information.
ZAP Dev Team
10
httpsInfo-alpha-10.zap
alpha
Upgrade to use DeepViolet 5.0.3, which provides some minor logging changes.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/httpsInfo-alpha-10.zap
SHA1:1f862f891f7a6aebf474c654547b98ffcb8651bf
2017-11-24
5545558
2.4.0
1.8
importLogFiles
Log File Importer
Allows you to import log files from ModSecurity and files previously exported from ZAP
ZAP Dev Team
4
importLogFiles-alpha-4.zap
alpha
Use API actions when importing files.
https://github.com/zaproxy/zap-extensions/releases/download/2.6/importLogFiles-alpha-4.zap
SHA1:ed557f0caf1e7c630532d9171f13f8afaa99be30
https://github.com/zaproxy/zaproxy/wiki/MozillaMentorship_ImportingModSecurityLogs
2017-05-05
152363
2.4.0
importurls
Import files containing URLs
Adds an option to import a file of URLs. The file must be plain text with one URL per line.
ZAP Dev Team
4
importurls-beta-4.zap
beta
Minor change to help content.
https://github.com/zaproxy/zap-extensions/releases/download/2.6/importurls-beta-4.zap
SHA1:e3df25f154a3a2001a8afffabebae9bf0a066416
2017-11-24
223832
2.4.0
invoke
Invoke Applications
Invoke external applications passing context related information such as URLs and parameters
ZAP Dev Team
7
invoke-beta-7.zap
beta
Report/log when the application fails to start (related to Issue 3960).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/invoke-beta-7.zap
SHA1:311a21e7ae14d996422bf48813c3b10602a98e00
2017-10-19
291274
2.4.1
jruby
Ruby scripting
Allows Ruby to be used for ZAP scripting - templates included
ZAP Dev Team
5
jruby-beta-5.zap
beta
Add template for HTTP Sender script.<br>
Dynamically unload the add-on.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/jruby-beta-5.zap
SHA1:30920fbda214b6dea5dbf77a0f8c397cb38f2782
2017-09-28
22471619
2.4.0
jxbrowser
JxBrowser (core)
An embedded browser based on Chromium, you must also install the relevant platform specific add-on
ZAP Dev Team
7
jxbrowser-alpha-7.zap
alpha
Updated to JxBrowser 6.17.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/jxbrowser-alpha-7.zap
SHA1:661745f3809e80bc72251a5eebc21c98441f0eec
2017-11-20
1412665
2.5.0
jxbrowserlinux32
JxBrowser (Linux 32)
An embedded browser based on Chromium, Linux 32 specific
ZAP Dev Team
3
jxbrowserlinux32-alpha-3.zap
alpha
Updated for JxBrowser 6.14.2.<br>
Updated to support latest selenium interfaces.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/jxbrowserlinux32-alpha-3.zap
SHA1:ac8303a826fafe4df75ef348b5d2f7ce1f134cb6
2017-08-18
47149067
2.5.0
jxbrowser
webdriverlinux
jxbrowserlinux64
JxBrowser (Linux 64)
An embedded browser based on Chromium, Linux 64 specific
ZAP Dev Team
4
jxbrowserlinux64-alpha-4.zap
alpha
Updated for JxBrowser 6.17<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/jxbrowserlinux64-alpha-4.zap
SHA1:db770aa5b37d386c142ba1943a6b2928dbf6cd23
2017-11-20
52750394
2.5.0
jxbrowser
webdriverlinux
jxbrowsermacos
JxBrowser (Mac OS)
An embedded browser based on Chromium, Mac OS specific
ZAP Dev Team
4
jxbrowsermacos-alpha-4.zap
alpha
Updated for JxBrowser 6.17<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/jxbrowsermacos-alpha-4.zap
SHA1:a57a6d297feda6e842b5756685f19bbf3b31ca95
2017-11-20
56486892
2.5.0
jxbrowser
webdrivermacos
jxbrowserwindows
JxBrowser (Windows)
An embedded browser based on Chromium, Windows specific
ZAP Dev Team
4
jxbrowserwindows-alpha-4.zap
alpha
Updated for JxBrowser 6.17<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/jxbrowserwindows-alpha-4.zap
SHA1:3cdbaa964a2fea7b6c9d7fc696253d6a90eb46b1
2017-11-20
36680513
2.5.0
jxbrowser
webdriverwindows
jython
Python scripting
Allows Python to be used for ZAP scripting - templates included
ZAP Dev Team
7
jython-beta-7.zap
beta
Do not initialise java.awt.Toolkit when in daemon.<br>
Update HTTP Sender template with initiator ID of AJAX Spider.<br>
Added extender template and example.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/jython-beta-7.zap
SHA1:00e03758368f562d26ba135155a39f1976b003cc
2017-10-27
41727201
2.4.0
onlineMenu
Online menus
ZAP Online menu items
ZAP Dev Team
5
onlineMenu-release-5.zap
release
Minor code changes.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/onlineMenu-release-5.zap
SHA1:1d403adc3667f732ed3a029e363389fd3457dc02
https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsOnlineMenuOnlineMenu
2017-04-06
200046
2.4.0
openapi
OpenAPI Support
Imports and spiders Open API definitions.
ZAP Core Team plus Joanna Bona, Artur Grzesica, Michal Materniak and Marcin Spiewak
8
openapi-alpha-8.zap
alpha
Fix NPE in BodyGenerator.<br>
Fix NPEs when a parameter is null.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/openapi-alpha-8.zap
SHA1:c28949de9794a974ff54864a54970d9a4ae0612e
2017-11-24
3171797
2.6.0
plugnhack
Plug-n-Hack Configuration
Supports the Mozilla Plug-n-Hack standard: https://developer.mozilla.org/en-US/docs/Plug-n-Hack.
ZAP Dev Team
10
plugnhack-beta-10.zap
beta
Make breakpoint dialogues modal.<br>
Changed to use api nonces and include new fx_pnh.xpi (still unsigned).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/plugnhack-beta-10.zap
SHA1:a71447529ca963139d454e940eff2a8ef4625dde
https://developer.mozilla.org/en-US/docs/Plug-n-Hack
2017-06-20
692662
2.4.0
portscan
Port Scanner
Allows to port scan a target server
ZAP Dev Team
8
portscan-beta-8.zap
beta
Code changes for Java 9 (Issue 2602).<br>
Issue 3513: Options panel UI fixes.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/portscan-beta-8.zap
SHA1:8c3c025534e804eede8d26fb3d5febec51059d96
2017-11-24
633257
2.4.0
pscanrules
Passive scanner rules
The release quality Passive Scanner rules
ZAP Dev Team
20
pscanrules-release-20.zap
release
Fix false positive with Secure Pages Include Mixed Content and JavaScript files (Issue 3581).<br>
Fix false positive with Private IP Disclosure when target is a private IP on a non-standard port (Issue 3549).<br>
Fix false positive with X-Content-Type-Options Header Missing with certain system locales.<br>
Fix X-Content-Type-Options help content (Issue 3986).<br>
Remove N/A value from parameter of alert Session ID in URL Rewrite.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/pscanrules-release-20.zap
SHA1:bb8329a047fcd4f318bd7e4caa72ff4a7d3ebce6
2017-11-24
521226
2.4.0
pscanrulesAlpha
Passive scanner rules (alpha)
The alpha quality Passive Scanner rules
ZAP Dev Team
18
pscanrulesAlpha-alpha-18.zap
alpha
Correct typo in XCOLD alert description (Issue 3997).<br>
Do not set a value in the attack fields.<br>
Do not rely on system's charset to create request/response bodies.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/pscanrulesAlpha-alpha-18.zap
SHA1:c8ec9c62c2d94e52d36b14cd586eb5d5c0b31e20
2017-11-24
2214618
2.6.0
pscanrulesBeta
Passive scanner rules (beta)
The beta quality Passive Scanner rules
ZAP Dev Team
17
pscanrulesBeta-beta-17.zap
beta
Minor changes to InsecureJFSViewStatePassiveScanner (check response contains JSF viewstate or if it's server stored).<br/>
Improve the domain matching in CookieLooselyScopedScanner.<br/>
Issue 3449: CSRFcountermeasures passive scanner now raises alerts on a per-form basis on pages with multiple forms.<br/>
Issue 3937: Update ServletParameterPollutionScanner reference.<br/>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/pscanrulesBeta-beta-17.zap
SHA1:7d1870ff53c1b9ea361d8033ca203c9cec9d5e93
2017-11-24
557020
2.4.0
quickstart
Quick Start
Provides a tab which allows you to quickly test a target application
ZAP Dev Team
21
quickstart-release-21.zap
release
Add option to launch a browser via selenium (v20).<br>
Fix to the default launch page url for 2.6.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/quickstart-release-21.zap
SHA1:1a853c19abf8b524678d44d34894dc880590cdd9
2017-08-18
370682
2.6.0
replacer
Replacer
Easy way to replace strings in requests and responses.
ZAP Dev Team
3
replacer-beta-3.zap
beta
Added API support
https://github.com/zaproxy/zap-extensions/releases/download/2.6/replacer-beta-3.zap
SHA1:9bfa4d030c8ab519f05250dc57af1e194a8563a0
2017-06-23
283688
2.6.0
requester
Requester
Request numbered panel.
Surikato
1
requester-alpha-1.zap
alpha
https://github.com/zaproxy/zap-extensions/releases/download/2.5/requester-alpha-1.zap
SHA1:3f43ac40b5b6225ebdc918df0b14cd53f0e7e8a2
2016-06-02
40411
2.4.2
reveal
Reveal
Show hidden fields and enable disabled fields
ZAP Dev Team
2
reveal-release-2.zap
release
Code changes and API documentation.
https://github.com/zaproxy/zap-extensions/releases/download/2.5/reveal-release-2.zap
SHA1:fd0e6c2f99a7bba052c11b076794984615dc32e1
2016-06-02
221496
2.4.0
revisit
Revisit
Revisit a site at any time in the past using the session history
ZAP Dev Team
2
revisit-alpha-2.zap
alpha
Allow to update/uninstall the add-on without restarting ZAP.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.5/revisit-alpha-2.zap
SHA1:84087ce758254bc515160b458bcf5c2c82773641
2016-06-02
279982
2.4.2
saml
SAML Extension
Detect, Show, Edit, Fuzz SAML requests
ZAP Dev Team
7
saml-alpha-7.zap
alpha
Minor code change to work with ZAP 2.5.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/saml-alpha-7.zap
SHA1:47e830cfffbe0742440f9923356ed73f3e817074
https://github.com/zaproxy/zaproxy
2017-11-24
997657
2.4.0
saverawmessage
Save Raw Message
Allows to save content of HTTP messages as binary
ZAP Dev Team
3
saverawmessage-release-3.zap
release
Remember last selected directory (Issue 2446).
https://github.com/zaproxy/zap-extensions/releases/download/2.5/saverawmessage-release-3.zap
SHA1:49868206b8b621fd7b2e7eeff11dbdf8c11b4d82
2016-06-02
27005
2.4.0
scripts
Script Console
Supports all JSR 223 scripting languages
ZAP Dev Team
21
scripts-beta-21.zap
beta
Show script types in alphabetical order in dialogues New and Load Script.<br>
Fix an exception when installing extender scripts with errors.<br>
Correct state of Enabled checkbox when creating a script from templates.<br>
Allow to enable code folding in script text area.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/scripts-beta-21.zap
SHA1:d98f881c4fc631d51c970b3d8f1bc3b2f212ab45
https://github.com/zaproxy/zaproxy/wiki/ScriptConsole
2017-11-24
572335
2.6.0
selenium
Selenium
WebDriver provider and includes HtmlUnit browser
ZAP Dev Team
12
2.0.0
selenium-release-12.zap
release
Update Selenium to version 3.7.1.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/selenium-release-12.zap
SHA1:e911953dc08b49147468aea6762483efcc0b890b
2017-11-20
22780374
2.6.0
1.8
sequence
Sequence
Gives the possibility of defining a sequence of requests to be scanned.
ZAP Dev Team
4
sequence-alpha-4.zap
alpha
Correct error message to include the script name.<br>
Add help content (Issue 2191).<br>
Depend on Zest extension, since it is currently the only script option for Sequence scripts.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/sequence-alpha-4.zap
SHA1:734c30eddc68fa938e9f7eedb8d3284c255b5038
2017-05-25
1319013
2.4.1
zest
sniTerminator
SNI Terminator
Transparent HTTP proxying
ZAP Dev Team
5
sniTerminator-alpha-5.zap
alpha
Minor code changes.
https://github.com/zaproxy/zap-extensions/releases/download/2.6/sniTerminator-alpha-5.zap
SHA1:e84387ae6343989c2d1d943797c22c5f1bf990c2
http://www.computerist.org/blog/2014/07/23/Transparent-HTTPS-proxying-with-ZAP/
2017-11-24
254816
2.4.1
1.8
soap
SOAP Scanner
Imports and scans WSDL files containing SOAP endpoints.
Alberto (albertov91) + ZAP Core team
3
soap-alpha-3.zap
alpha
Added API, help and other minor code changes.
https://github.com/zaproxy/zap-extensions/releases/download/2.6/soap-alpha-3.zap
SHA1:c02815ca249e8d2736d9e66498bfe7d43ed0d464
2017-03-31
7337575
2.5.0
spiderAjax
Ajax Spider
Allows you to spider sites that make heavy use of JavaScript using Crawljax
ZAP Dev Team
19
spiderAjax-release-19.zap
release
Code changes for Java 9 (Issue 2602).<br>
Fix "Internal Error" when accessing the full results API view.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/spiderAjax-release-19.zap
SHA1:02de7ca1ba480b91e2ccc82e749401f1558e712c
https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsSpiderAjaxConcepts
2017-11-24
2595311
2.6.0
1.8
selenium
2.*
sqliplugin
Advanced SQLInjection Scanner
An advanced active injection bundle for SQLi (derived by SQLMap)
Andrea Pompili (Yhawke)
11
sqliplugin-beta-11.zap
beta
Check all DB techs when evaluating if the scanner should be run.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.5/sqliplugin-beta-11.zap
SHA1:33b91ef51c3fb322efe14a8da56a77252760d392
2016-07-07
104490
2.4.1
sse
Server-Sent Events
Allows you to view Server-Sent Events (SSE) communication.
ZAP Dev Team
9
sse-alpha-9.zap
alpha
https://github.com/zaproxy/zap-extensions/releases/download/2.5/sse-alpha-9.zap
SHA1:c642ed5fa03bc2c7840c722baf9dc9d842197e9d
2016-06-02
331696
2.4.0
svndigger
SVN Digger files
SVN Digger files which can be used with ZAP forced browsing
ZAP Dev Team
3
svndigger-beta-3.zap
beta
Updated for ZAP 2.4
https://github.com/zaproxy/zap-extensions/releases/download/2.5/svndigger-beta-3.zap
SHA1:257803a38ab33b7645deb63562d1fcce2c4fb46c
http://www.mavitunasecurity.com/blog/svn-digger-better-lists-for-forced-browsing/
2016-06-02
614846
2.4.0
tips
Tips and Tricks
Display ZAP Tips and Tricks
ZAP Dev Team
6
tips-beta-6.zap
beta
Minor code changes.
https://github.com/zaproxy/zap-extensions/releases/download/2.6/tips-beta-6.zap
SHA1:ae835ec3e884148f1ff49daf6fc80d613e28e297
2017-04-03
501880
2.4.0
tlsdebug
TLS Debug
Provides a tab which allows to quickly debug a TLS/SSL connection
P.M.J. Roth
2
tlsdebug-alpha-2.zap
alpha
Code changes for Java 9 (Issue 2602).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/tlsdebug-alpha-2.zap
SHA1:813cedda7bf5afe7c0b12ca0b520a11fc0829805
2017-11-24
234477
2.4.0
tokengen
Token generation and analysis
Allows you to generate and analyze pseudo random tokens, such as those used for session handling or CSRF protection
ZAP Dev Team
11
tokengen-beta-11.zap
beta
Use custom HTTP Sender initiator ID.<br>
Show same cookies once in Generate Tokens dialogue (Issue 2116).<br>
Fix exception when no tokens are found (Issue 2116).<br>
Added help file.<br>
Issue 2338: Allow dynamic timeout adjustment to combat read timeout issues.<br>
Ensure initial dialog is properly sized.<br>
Issue 2000: Title caps adjustments.<br>
Code changes for Java 9 (Issue 2602).<br>
Ensure Analyse Token dialogue is shown in front of main window.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/tokengen-beta-11.zap
SHA1:39b89cb4404a59b8df848e6f69cb74146d80c84e
2017-11-24
478974
2.5.0
treetools
TreeTools
Tools to add functionality to the tree view.
Carl Sampson
6
treetools-beta-6.zap
beta
Safe menu items will now be enabled in protected and safe modes (Issue 1278).
https://github.com/zaproxy/zap-extensions/releases/download/2.5/treetools-beta-6.zap
SHA1:65dc679630d1d273cb4e8f541247d1deeff836e6
2016-06-02
17636
2.4.0
viewstate
ViewState
ASP/JSF ViewState Decoder and Editor
Calum Hutton
1
viewstate-alpha-1.zap
alpha
https://github.com/zaproxy/zap-extensions/releases/download/2.5/viewstate-alpha-1.zap
SHA1:55decd0f02e3a75bcc8e6f3ce757d569e398a099
2016-09-14
25184
2.4.0
wappalyzer
Technology detection using Wappalyzer
Technology detection using Wappalyzer: wappalyzer.com
ZAP Dev Team
9
wappalyzer-alpha-9.zap
alpha
Updated Wappalyzer github link in help content.<br>
Code changes for Java 9 (Issue 2602).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/wappalyzer-alpha-9.zap
SHA1:81a5a935c80f8ed51eebcc401cd18da3cc18e799
2017-11-24
1283522
2.5.0
webdriverlinux
Linux WebDrivers
Linux WebDrivers for Firefox and Chrome.
ZAP Dev Team
4
webdriverlinux-beta-4.zap
beta
Update geckodriver to v0.19.1<br>
Update chromedriver to 2.33<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/webdriverlinux-beta-4.zap
SHA1:85bd6f4960786ac28ca225e0325f7f4d6f30c64c
2017-11-20
12848091
2.4.0
webdrivermacos
MacOS WebDrivers
MacOS WebDrivers for Firefox and Chrome.
ZAP Dev Team
4
webdrivermacos-beta-4.zap
beta
Update geckodriver to v0.19.1<br>
Update chromedriver to 2.33<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/webdrivermacos-beta-4.zap
SHA1:2fb8f05781e5f3245f504ab45c7c2303e0b22d31
2017-11-20
6751167
2.4.0
webdriverwindows
Windows WebDrivers
Windows WebDrivers for Firefox, Chrome and IE.
ZAP Dev Team
4
webdriverwindows-beta-4.zap
beta
Update geckodriver to v0.19.1<br>
Update chromedriver to 2.33<br>
Update IEDriverServer to 3.7.0<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/webdriverwindows-beta-4.zap
SHA1:5ea6424eadf1b2128d55b4c8976fb42a9e314de0
2017-11-20
10340638
2.4.0
websocket
WebSockets
Allows you to inspect WebSocket communication.
ZAP Dev Team
13
websocket-release-13.zap
release
Fix context include/exclude pop up menu items.<br>
Fix/correct help buttons.<br>
Set fuzzer script type enabled by default (Issue 2997).<br>
Normalise the Session Properties panel Exclude from WebSockets.<br>
Implements WebSocketSenderListener.<br>
Use JRE decoder for UTF-8 conversions and log (debug) invalid payloads (related to Issue 3324).<br>
Focus WebSockets tab just once (Issue 3747).<br>
Minor code adjustment to align with core changes.<br>
Code changes for Java 9 (Issue 2602).<br>
Remove header Sec-WebSocket-Extensions (Issue 3324).<br>
Add description to Fuzzer WebSocket Processor script type.<br>
Update fuzzer template (use JSDoc and fix typos).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/websocket-release-13.zap
SHA1:3537ba2e56d42f9d54a0640b76c7ead800d016cf
2017-11-24
849497
2.6.0
zest
Zest - Graphical Security Scripting Language
A graphical security scripting language, ZAPs macro language on steroids
ZAP Dev Team
25
zest-beta-25.zap
beta
Address exception when adding calc assign statement.<br>
Validate cookie name not empty.<br>
Code changes for Java 9 (Issue 2602).<br>
Default 'load on start' to true in all cases.<br>
Re-enabled parameterize option.<br>
Cope with parameterizing strings in the URL.<br>
Correct drag-and-drop in loop statements.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.6/zest-beta-25.zap
SHA1:1b41d2860e2db295317558c6ce8d8c3df5b540ac
https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsZestZest
2017-10-17
2088483
2.6.0
1.8
selenium
>=2.0.0 & <3.0.0