2.14.0
D-2021-10-18
https://github.com/zaproxy/zaproxy/releases/download/w2021-10-18/ZAP_WEEKLY_D-2021-10-18.zip
ZAP_WEEKLY_D-2021-10-18.zip
SHA-256:9d4bcb12e47293f3cbc4c32285b8469e620f092bb2519e65e12e5e528a25a8ad
188556676
https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2_14_0_windows-x32.exe
ZAP_2_14_0_windows-x32.exe
SHA-256:5dae52e27da12fba5115e40ebc0cd2da24f6d9ba91608a7b0b7b254984a0b798
220967424
https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2_14_0_windows.exe
ZAP_2_14_0_windows.exe
SHA-256:df49ffbd14cf82cde5ac06902615e40cbfce1576f866436366708c0845eb9ec6
221097472
https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2.14.0_Linux.tar.gz
ZAP_2.14.0_Linux.tar.gz
SHA-256:219d7f25bbe25247713805ab02cc12279898c870743c1aae3c2b0b1882191960
215142045
https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2.14.0.dmg
ZAP_2.14.0.dmg
SHA-256:3b9862a647b1c5c26d6917f2316113dfaceac06bdb79ad3f2c96e0cbd73861f7
244671708
Bug fix and enhancement release.
https://www.zaproxy.org/docs/desktop/releases/2.14.0/
accessControl
Access Control Testing
Adds a set of tools for testing access control in web applications.
ZAP Dev Team
5
accessControl-alpha-5.zap
alpha
Respect the current mode and react to changes.<br>
Dynamically unload the add-on.<br>
Inform of running tests (e.g. on session change, add-on uninstall).<br>
Improve error handling during test.<br>
Tweak alerts to use Other Info field instead of Attack/Evidence.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/accessControl-alpha-5.zap
SHA1:8160d7a28f9952a3760299d0bc30c32982b75274
2018-11-02
539232
2.7.0
alertFilters
Context Alert Filters
Allows you to automate the changing of alert risk levels.
ZAP Dev Team
7
alertFilters-beta-7.zap
beta
Fix an exception when running ZAP in daemon mode (Issue 4405).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/alertFilters-beta-7.zap
SHA1:be53ed790f14d4631c663bde61a49154fbe6db3a
2018-02-15
300077
2.7.0
alertReport
Report alert generator
Allows you to generate reports for alerts you specify in pdf or odt format
Talsoft SRL
14
alertReport-beta-14.zap
beta
Fix an exception while generating the report (Issue 1612).<br>
Include Alert's evidence in report of ODT format.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/alertReport-beta-14.zap
SHA1:4e9456325fd921f7b403fa780f703c91cdf61bdd
http://www.talsoft.com.ar
2017-11-27
9722880
2.4.0
amf
AMF
Adds support for AMF messages
ZAP Dev Team
2
amf-alpha-2.zap
alpha
Deserialise the AMF request.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/amf-alpha-2.zap
SHA1:d73da69a1a8c40a881f545aea7bcfc28ee125467
2017-11-28
813490
2.4.0
ascanrules
Active scanner rules
The release quality Active Scanner rules
ZAP Dev Team
32
ascanrules-release-32.zap
release
Maintenance changes.<br>
Persistent XSS scanner updated to address various false negatives (Issue 4692).<br>
Command Injection plugin updated to include payloads for Uninitialized environment variable WAF bypass (Issue 4968).<br>
Correct Remote OS Command Injection to use the expected time in all time based payloads.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/ascanrules-release-32.zap
SHA1:abe97e5159ea2b8e699b2e35d64b7bbec6b33ae5
2018-10-04
638569
2.7.0
ascanrulesAlpha
Active scanner rules (alpha)
The alpha quality Active Scanner rules
ZAP Dev Team
23
ascanrulesAlpha-alpha-23.zap
alpha
Update minimum ZAP version to 2.6.0.<br>
Added Cloud Metadata Scanner<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/ascanrulesAlpha-alpha-23.zap
SHA1:cad876a0e583a57929bb56a2b718c2eb0d39958a
https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsAscanrulesAlphaAscanalpha
2019-02-06
1595455
2.6.0
ascanrulesBeta
Active scanner rules (beta)
The beta quality Active Scanner rules
ZAP Dev Team
24
ascanrulesBeta-beta-24.zap
beta
Maintenance changes.<br>
Issue 1142: Logic and alert risk ratings modified.<br>
Correct timeout per attack strength in Heartbleed OpenSSL Vulnerability scanner.<br>
Issue 174: Added further method checks to the Insecure HTTP Methods Scanner.<br>
Skip "Source Code Disclosure - /WEB-INF folder" on Java 9+ (Issue 4038).<br>
BackupFileDisclosure - Handle empty "backup" responses.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/ascanrulesBeta-beta-24.zap
SHA1:a2d8a46b9d571945c085b6367fa9985921e4e9e8
2018-07-31
2841893
2.7.0
attacksurfacedetector
Attack Surface Detector
The Attack Surface Detector analyzes web application source code to generate endpoints that can be used for penetration testing.
Secure Decisions (Matthew DeLetto)
1.1.4
attacksurfacedetector-alpha-1.1.4.zap
alpha
Various incremental changes (see https://github.com/secdec/attack-surface-detector-zap/releases)<br>
Fix un-handled exception when target unavailable & address various "house keeping" tasks.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/attacksurfacedetector-alpha-1.1.4.zap
SHA1:e21758c2cdcbc7806f44cc986a88360457eff82e
https://github.com/secdec/attack-surface-detector-zap/wiki
2019-03-07
15604948
2.7.0
authstats
Authentication Statistics
Records logged in/out statistics for all contexts in scope.
ZAP Core Team
1
authstats-alpha-1.zap
alpha
First version<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/authstats-alpha-1.zap
SHA1:7191fd7491564eed5186df3567ee4002ce42b25a
https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsAuthstatsAuthStats
2017-11-28
238686
2.5.0
beanshell
BeanShell Console
Provides a BeanShell Console
ZAP Dev Team
6
beanshell-beta-6.zap
beta
Minor code changes.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/beanshell-beta-6.zap
SHA1:9546aad4694ef047822bc17d3d9f532d3aa162b8
2017-11-27
574028
2.4.0
browserView
Browser View
Adds an option to render HTML responses like a browser
ZAP Dev Team
5
browserView-alpha-5.zap
alpha
Allow to properly scroll the rendered page.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/browserView-alpha-5.zap
SHA1:0aaf81863ad1011136416b49a05eba3d8b262a02
2017-11-28
193880
2.4.0
bruteforce
Forced Browse
Forced browsing of files and directories using code from the OWASP DirBuster tool
ZAP Dev Team
7
bruteforce-beta-7.zap
beta
Code changes for Java 9 (Issue 2602).<br>
Updated for 2.7.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/bruteforce-beta-7.zap
SHA1:4f28d919b7e8765a9acb3eaba5607d607f8b3710
2017-11-27
1011548
2.7.0
bugtracker
Bug Tracker
Bug Tracker extension.
ZAP Dev Team
2
bugtracker-alpha-2.zap
alpha
Added help for the add-on
https://github.com/zaproxy/zap-extensions/releases/download/2.7/bugtracker-alpha-2.zap
SHA1:8990bb1dec45749982a9cad93a7437a9281b40aa
2017-11-28
2002624
2.5.0
callgraph
Call Graph
Allows the user to view a call graph of the selected resources
Colm O'Flaherty
4
callgraph-alpha-4.zap
alpha
Finish internationalisation.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/callgraph-alpha-4.zap
SHA1:4edaa3f624517ebf6a52b9f84e2209d8839429bb
2017-11-28
1160586
2.4.0
codedx
Code Dx Extension
Includes request and response data in XML reports and provides the ability to upload reports directly to a Code Dx server
Code Dx, Inc.
7
codedx-alpha-7.zap
alpha
Update minimum ZAP version to 2.5.0.<br>
Add a ZAP API endpoints for generating and uploading Code Dx reports.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/codedx-alpha-7.zap
SHA1:e0283162628bb741c2bea93e57616a0302d231bf
https://www.codedx.com/
2018-07-02
1415674
2.5.0
communityScripts
Community Scripts
Useful ZAP scripts written by the ZAP community.
ZAP Community
8
communityScripts-alpha-8.zap
alpha
Update from community-scripts repo.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/communityScripts-alpha-8.zap
SHA1:cdcdb4acc3ee95187067a86b6cd89a37beea5431
https://github.com/zaproxy/community-scripts
2018-06-19
387552
2.7.0
coreLang
Core Language Files
Translations of the core language files
ZAP Dev Team
13
coreLang-release-13.zap
release
Added help file with credits.<br>
Updated the languages files from Crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/coreLang-release-13.zap
SHA1:8074521b78c3fc9d63e0543ca3887afa2424167e
https://crowdin.com/project/zaproxy
2018-01-15
3221988
2.7.0
cspscanner
Content Security Policy Scanner
Content Security Policy (CSP) Scanner
ZAP Dev Team
6
cspscanner-beta-6.zap
beta
Maintenance changes.<br>
Salvation library upgraded to 2.5.0.<br>
Promote addon to Beta.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/cspscanner-beta-6.zap
SHA1:c8f9a673ce7538ed64acc0f94d32efd9f271e7f5
2018-04-24
176663
2.7.0
customreport
CustomReport
New HTML report module allows users to customize report content.
Chienli Ma
4
customreport-alpha-4.zap
alpha
Update minimum ZAP version to 2.5.0.<br>
Fix "Content only in scope" handling (Issue 2492).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/customreport-alpha-4.zap
SHA1:afedbd850e1ab5cb181936ace11011da7736fb50
2018-06-27
575782
2.5.0
diff
Diff
Displays a dialog showing the differences between 2 requests or responses. It uses diffutils and diff_match_patch
ZAP Dev Team
8
diff-beta-8.zap
beta
Updated for 2.7.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/diff-beta-8.zap
SHA1:d76cfd841c5893faba628a1b45d27592cbeab291
2017-11-27
241225
2.7.0
directorylistv1
Directory List v1.0
List of directory names to be used with "Forced Browse" add-on.
ZAP Dev Team
3
directorylistv1-release-3.zap
release
Removed repeated files.<br>
Added strings for version control directories of Git, Mercurial, SVN, CVS, Bazaar.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/directorylistv1-release-3.zap
SHA1:b1697b64f5bc50f6bfcb4047b37789850cc3e252
https://owasp.org/index.php/DirBuster
2017-11-27
847619
2.4.0
directorylistv2_3
Directory List v2.3
Lists of directory names to be used with "Forced Browse" add-on.
ZAP Dev Team
3
directorylistv2_3-release-3.zap
release
Removed repeated files.<br>
Added strings for version control directories of Git, Mercurial, SVN, Bazaar.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/directorylistv2_3-release-3.zap
SHA1:e3b9cb6a9bae87a0dbcf73ff52f7b4406486d5c0
https://owasp.org/index.php/DirBuster
2017-11-27
8608734
2.4.0
directorylistv2_3_lc
Directory List v2.3 LC
Lists of lower case directory names to be used with "Forced Browse" add-on.
ZAP Dev Team
3
directorylistv2_3_lc-release-3.zap
release
Added strings for version control directories of Git, Mercurial, SVN, Bazaar.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/directorylistv2_3_lc-release-3.zap
SHA1:03a5ec11530203be6625633821ab3c05754b2daa
https://owasp.org/index.php/DirBuster
2017-11-27
7454767
2.4.0
domxss
DOM XSS Active scanner rule
DOM XSS Active scanner rule
ZAP Dev Team
7
domxss-alpha-7.zap
alpha
Issue 2918: Added an option to attack URL parameters.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/domxss-alpha-7.zap
SHA1:e6d28e52892e41469aefdad3959057900aed6d35
2018-03-07
211983
2.7.0
selenium
2.*
exportreport
Export Report
Report Export module that allows users to customize content and export in a desired format.
Goran Sarenkapa - JordanGS
5
exportreport-alpha-5.zap
alpha
Change where XSL files are deployed to avoid clashes (Issue 4206).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/exportreport-alpha-5.zap
SHA1:9bf35bf2b2299e4a191b1d8ac78e5630cc7cf69d
2018-01-04
6402380
2.4.0
formhandler
Form Handler
This Form Handler Add-on allows a user to define field names and values to be used in a form's fields. Fields can be added, modified, enabled, and deleted for use in form fields.
ZAP Dev Team
2
formhandler-alpha-2.zap
alpha
Add context menu to params panel.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/formhandler-alpha-2.zap
SHA1:d7057d5b93bdd8f356a9814f30269b336c38c612
2018-10-26
2200662
2.6.0
fuzz
AdvFuzzer
Advanced fuzzer for manual testing
ZAP Dev Team
10
2.0.1
fuzz-beta-10.zap
beta
Updated for 2.7.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/fuzz-beta-10.zap
SHA1:eb87f3fd76c7691b514b4977c81bcaa8cc3bae79
https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsFuzzConcepts
2017-11-27
2418608
2.7.0
fuzzdb
FuzzDB files
FuzzDB files which can be used with the ZAP fuzzer
ZAP Dev Team
4
fuzzdb-release-4.zap
release
Update FuzzDB files.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/fuzzdb-release-4.zap
SHA1:6da7ce962bae6b54954415eb71059467e93f14f6
https://github.com/fuzzdb-project/fuzzdb/
2017-11-27
5627107
2.4.0
gettingStarted
Getting Started with ZAP Guide
A short Getting Started with ZAP Guide
ZAP Dev Team
9
gettingStarted-release-9.zap
release
Added the Spanish, Filipino and Indonesian translations
https://github.com/zaproxy/zap-extensions/releases/download/2.7/gettingStarted-release-9.zap
SHA1:85108d1ae8df5baae37e62a8494d774a32268782
2018-02-13
1623605
2.7.0
groovy
Groovy Scripting
Allows Groovy to be used for ZAP scripting - templates included
ZAP Dev Team
2
groovy-alpha-2.zap
alpha
Add help.<br>
Added script templates.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/groovy-alpha-2.zap
SHA1:7f0d54eaf987a435e941a422378c124f3fd29259
2018-04-19
7334399
2.7.0
help
Help - English
English (master) version of the ZAP help file.
ZAP Crowdin Team
8
help-release-8.zap
release
Updated for 2.7.0
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help-release-8.zap
SHA1:137c6627366d86e4629d32aa066e0ebf457ebfe3
https://github.com/zaproxy/zap-core-help/wiki/HelpIntro
2017-11-27
725234
2.7.0
help_bs_BA
Help - Bosnian
Bosnian version of the ZAP help file.
ZAP Crowdin Team
9
help_bs_BA-alpha-9.zap
alpha
Updated with the latest files from crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_bs_BA-alpha-9.zap
SHA1:d33a3277e877da4734e6bf9c911c61c4e6ce2f3f
https://crowdin.com/project/zap-help
2018-02-08
747536
2.7.0
help_es_ES
Help - Spanish
Spanish version of the ZAP help file.
ZAP Crowdin Team
9
help_es_ES-release-9.zap
release
Updated with the latest files from crowdin, promoted to release
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_es_ES-release-9.zap
SHA1:c17a1d63de54a99feb5344ea3f07e66dcbd7d4d1
https://crowdin.com/project/zap-help
2018-02-08
810573
2.7.0
help_fil_PH
Help Filipino
Filipino version of the ZAP help file.
ZAP Crowdin Team
2
help_fil_PH-alpha-2.zap
alpha
Updated with the latest files from crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_fil_PH-alpha-2.zap
SHA1:76ae4fe9931d187aac7e5c4a4dd7bfbc13d262e4
https://crowdin.com/project/zap-help
2018-02-08
818996
2.7.0
help_fr_FR
Help - French
French version of the ZAP help file.
ZAP Crowdin Team
9
help_fr_FR-alpha-9.zap
alpha
Updated with the latest files from crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_fr_FR-alpha-9.zap
SHA1:05aa37ec86966990fa33190c65a53d1c5a6dc955
https://crowdin.com/project/zap-help
2018-02-08
752466
2.7.0
help_id_ID
Help Indonesian
Indonesian version of the ZAP help file.
ZAP Crowdin Team
2
help_id_ID-beta-2.zap
beta
Updated with the latest files from crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_id_ID-beta-2.zap
SHA1:7b7ba465a1eecac23781582a1f1d7dfbaef2d347
https://crowdin.com/project/zap-help
2018-02-08
775452
2.7.0
help_ja_JP
Help - Japanese
Japanese version of the ZAP help file.
ZAP Crowdin Team
9
help_ja_JP-beta-9.zap
beta
Updated with the latest files from crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_ja_JP-beta-9.zap
SHA1:d91450eef7e4f3ce19fa9ad9f318fb80cc337ec1
https://crowdin.com/project/zap-help
2018-02-08
774034
2.7.0
help_pt_BR
Help - Portuguese, Brazilian
Portuguese, Brazilian version of the ZAP help file.
ZAP Crowdin Team
10
help_pt_BR-release-10.zap
release
Updated with the latest files from crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_pt_BR-release-10.zap
SHA1:43ef048b4faff32e6ed59dfbd07174ceec71bbdb
https://crowdin.com/project/zap-help
2018-02-08
793044
2.7.0
help_tr_TR
Help - Turkish
Turkish version of the ZAP help file.
ZAP Crowdin Team
1
help_tr_TR-release-1.zap
release
First version
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_tr_TR-release-1.zap
SHA1:2d4c3c115e0f401c37049dd1802f413b42f88e5e
https://crowdin.com/project/zap-help
2018-02-08
815439
2.7.0
help_zh_CN
Help Chinese Simplified
Chinese Simplified version of the ZAP help file.
ZAP Crowdin Team
2
help_zh_CN-beta-2.zap
beta
Updated with the latest files from crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_zh_CN-beta-2.zap
SHA1:bf58e29e3813b20df90e1691e81119e4a1a2e4f2
https://crowdin.com/project/zap-help
2018-02-08
761680
2.7.0
highlighter
Highlighter
Allows you to highlight strings in the request and response tabs.
ZAP Dev Team
7
highlighter-alpha-7.zap
alpha
Fix help related exception in the Highlighter panel.<br>
Correct resizing of Highlighter panel.<br>
Update minimum ZAP version to 2.5.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/highlighter-alpha-7.zap
SHA1:6b3cbf8939c2dfc5eb0c6e74e407d3674048fe93
2018-05-30
9210
2.5.0
httpsInfo
HttpsInfo
Displays HTTPS configuration information.
ZAP Dev Team
12
httpsInfo-alpha-12.zap
alpha
<ul>
<li>New tabbed UI.</li>
<li>Update to DeepViolet 5.1.16.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/httpsInfo-v12/httpsInfo-alpha-12.zap
SHA1:c9c44e815522b32f3870bae898ed4e76e9011207
2019-04-26
7690429
2.7.0
imagelocationscanner
Image Location and Privacy Scanner
Image Location and Privacy Passive Scanner
Veggiespam and the ZAP Dev Team
1
imagelocationscanner-beta-1.zap
beta
Promoted to beta and separated from the passive scan alpha add-on.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/imagelocationscanner-beta-1.zap
SHA1:5fcd1183e055406b8dd725f434044ef73323f48f
2018-02-27
607798
2.7.0
importLogFiles
Log File Importer
Allows you to import log files from ModSecurity and files previously exported from ZAP
ZAP Dev Team
4
importLogFiles-alpha-4.zap
alpha
Use API actions when importing files.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/importLogFiles-alpha-4.zap
SHA1:81d9d50c879301d8ce40b8b39d5e1953f95ba9ab
https://github.com/zaproxy/zaproxy/wiki/MozillaMentorship_ImportingModSecurityLogs
2017-11-28
152736
2.4.0
importurls
Import files containing URLs
Adds an option to import a file of URLs. The file must be plain text with one URL per line.
ZAP Dev Team
5
importurls-beta-5.zap
beta
Updated for 2.7.0.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/importurls-beta-5.zap
SHA1:fc1386d20cf70a7aa42655303d22479009fa9a89
2017-11-27
225043
2.7.0
invoke
Invoke Applications
Invoke external applications passing context related information such as URLs and parameters
ZAP Dev Team
9
invoke-beta-9.zap
beta
Added additional parameter replacements of %msgid% and %header-*%<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/invoke-beta-9.zap
SHA1:81df2e9d7794b273410c87336ef66cb4cc4dc6b6
2018-02-19
314763
2.7.0
jruby
Ruby scripting
Allows Ruby to be used for ZAP scripting - templates included
ZAP Dev Team
6
jruby-beta-6.zap
beta
Updated for 2.7.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/jruby-beta-6.zap
SHA1:99166f0e9f4337329ae8452da032986214f1eb73
2017-11-27
22477473
2.7.0
jsonview
Json view
Adds a view that shows JSON messages nicely formatted
Juha Kivekäs
1
jsonview-alpha-1.zap
alpha
Initial release
https://github.com/zaproxy/zap-extensions/releases/download/2.7/jsonview-alpha-1.zap
SHA1:be9a95e39722ff42af1160a195a56c9af9e285c1
2018-02-08
10796
2.6.0
jxbrowser
JxBrowser (core)
An embedded browser based on Chromium, you must also install the relevant platform specific add-on
ZAP Dev Team
13
jxbrowser-alpha-13.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update JxBrowser to 6.23.1.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/jxbrowser-v13/jxbrowser-alpha-13.zap
SHA1:9cc402c82c444f7301c731a138f56b1c7c20c65a
2019-04-18
1479082
2.7.0
jxbrowserlinux64
JxBrowser (Linux 64)
An embedded browser based on Chromium, Linux 64 specific
ZAP Dev Team
11
jxbrowserlinux64-alpha-11.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update JxBrowser to 6.23.1.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/jxbrowserlinux64-v11/jxbrowserlinux64-alpha-11.zap
SHA1:3c646a6ee0f48f53d327835314b4a38fa77ded26
2019-04-18
64486373
2.7.0
jxbrowser
jxbrowsermacos
JxBrowser (Mac OS)
An embedded browser based on Chromium, Mac OS specific
ZAP Dev Team
11
jxbrowsermacos-alpha-11.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update JxBrowser to 6.23.1.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/jxbrowsermacos-v11/jxbrowsermacos-alpha-11.zap
SHA1:9f332653d0d7b5b62dd55e82b85262f9f05d24dc
2019-04-18
70400501
2.7.0
jxbrowser
jxbrowserwindows
JxBrowser (Windows)
An embedded browser based on Chromium, Windows specific
ZAP Dev Team
11
jxbrowserwindows-alpha-11.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update JxBrowser to 6.23.1.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/jxbrowserwindows-v11/jxbrowserwindows-alpha-11.zap
SHA1:73b499d5e93f609e275921fc1411183f41390d5b
2019-04-18
51288333
2.7.0
jxbrowser
jxbrowserwindows64
JxBrowser (Windows 64bits)
An embedded browser based on Chromium, Windows 64bits specific
ZAP Dev Team
4
jxbrowserwindows64-alpha-4.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update JxBrowser to 6.23.1.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/jxbrowserwindows64-v4/jxbrowserwindows64-alpha-4.zap
SHA1:2531ffef84b9c314ce6789976b528b2935df78ea
2019-04-18
53008941
2.7.0
jxbrowser
jython
Python Scripting
Allows Python to be used for ZAP scripting - templates included
ZAP Dev Team
10
jython-beta-10.zap
beta
Correctly set path module defined in the options and address UI hang (Issue 4651).<br>
Minor tweak in extender template.<br>
Add default template for Script Input Vector.<br>
Add help page for the options.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/jython-beta-10.zap
SHA1:fedf4e6c30dfb52543d851bb668ab1c8101dd58f
2018-05-08
41738465
2.7.0
onlineMenu
Online menus
ZAP Online menu items
ZAP Dev Team
6
onlineMenu-release-6.zap
release
Updated for 2.7.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/onlineMenu-release-6.zap
SHA1:343c6f9891b311739770bbb3e25d12c766bd1866
https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsOnlineMenuOnlineMenu
2017-11-27
206306
2.7.0
openapi
OpenAPI Support
Imports and spiders Open API definitions.
ZAP Core Team plus Joanna Bona, Artur Grzesica, Michal Materniak and Marcin Spiewak
12
openapi-alpha-12.zap
alpha
Ignore BOM when parsing and don't rely on default character encoding (Issue 4676).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/openapi-alpha-12.zap
SHA1:19cc79b5d18274fd6cb7d2ab5877f8f607b8f4fc
2018-05-18
3324050
2.6.0
plugnhack
Plug-n-Hack Configuration
Supports the Mozilla Plug-n-Hack standard: https://developer.mozilla.org/en-US/docs/Plug-n-Hack.
ZAP Dev Team
11
plugnhack-beta-11.zap
beta
Code changes for Java 9 (Issue 2602).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/plugnhack-beta-11.zap
SHA1:e3243495919a8d1a7f4bd69e60b7147690bb9836
https://developer.mozilla.org/en-US/docs/Plug-n-Hack
2017-11-27
722977
2.4.0
portscan
Port Scanner
Allows to port scan a target server
ZAP Dev Team
8
portscan-beta-8.zap
beta
Code changes for Java 9 (Issue 2602).<br>
Issue 3513: Options panel UI fixes.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/portscan-beta-8.zap
SHA1:85b7377c65778d22a4c78fe1ff79b82245abc4c9
2017-11-27
632994
2.4.0
pscanrules
Passive scanner rules
The release quality Passive Scanner rules
ZAP Dev Team
23
pscanrules-release-23.zap
release
Fix a typo in the description of Referer Exposes Session ID.<br>
Address false negative on jsessionid in URL Rewrite when preceded by a semi-colon and potentially followed by parameters (Issue 3008).<br>
Address potential false positive in Cross Domain Script Inclusion Scanner by ensuring that only HTML responses are analyzed.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/pscanrules-release-23.zap
SHA1:7c0f24a3a220208ca9acf885b183e22df8f5b883
2018-08-15
557237
2.7.0
pscanrulesAlpha
Passive scanner rules (alpha)
The alpha quality Passive Scanner rules
ZAP Dev Team
23
pscanrulesAlpha-alpha-23.zap
alpha
Fix a stack overflow with PII Scanner.<br>
Fix a DateParseException in Cacheable Scanner (Issue 4969).<br>
Fix Open Redirect (10028) "Attack" should be Desc.<br>
Fix false positive due to RxJS Observable method being mistaken for ASP source disclosure.<br>
Tweak User Controllable Charset and Cookie Poisoning to use Description/Other Info field instead of Attack (Issue 5149).<br>
Only report missing STS header on redirects to HTTPS URLs on the same domain at Low threshold.<br>
Hash Disclosure (10097): Add threshold filtering and fix hash confidence levels.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/pscanrulesAlpha-alpha-23.zap
SHA1:be9d13cec00184d5ca9626ca09668ee8a707f252
2019-02-08
1883655
2.7.0
pscanrulesBeta
Passive scanner rules (beta)
The beta quality Passive Scanner rules
ZAP Dev Team
18
pscanrulesBeta-beta-18.zap
beta
Minor code changes to address deprecation.<br/>
At HIGH threshold only perform CSRF checks for in scope messages (Issue 1354).<br/>
Exclude JavaScript response types from the InformationDisclosureDebugErrors scanner unless threshold is Low (Issue 4210).<br/>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/pscanrulesBeta-beta-18.zap
SHA1:caf60a429ff6c7c6f53fab09f94462a9c6e30150
2018-01-19
559591
2.7.0
quickstart
Quick Start
Provides a tab which allows you to quickly test a target application
ZAP Dev Team
25
quickstart-release-25.zap
release
Inform when quick attack is disabled by the current mode (Issue 5069).<br>
Notify when quick attack starts.<br>
Include expected status code in the error message.<br>
Removed PnH code (Issue 5136).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/quickstart-release-25.zap
SHA1:28cd040c0af5f9a729592cb1054c19b30131378f
2018-12-11
458684
2.7.0
replacer
Replacer
Easy way to replace strings in requests and responses.
ZAP Dev Team
7
replacer-beta-7.zap
beta
Maintenance changes.<br>
API, Replacement String should not be mandatory (Issue 5080).
https://github.com/zaproxy/zap-extensions/releases/download/2.7/replacer-beta-7.zap
SHA1:dee532142002197f392e8a40205bdcc3572c5c20
2018-10-26
330734
2.7.0
requester
Requester
Request numbered panel.
Surikato
3
requester-alpha-3.zap
alpha
Maintenance changes.<br>
Change default accelerator for Requester tab.<br>
Dynamically unload the add-on.<br>
Ensure use of title caps (Issue 2000).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/requester-alpha-3.zap
SHA1:bd78559ccd89a94c2f0bc32dc09877a2b83b857e
2018-10-15
58164
2.7.0
reveal
Reveal
Show hidden fields and enable disabled fields
ZAP Dev Team
2
reveal-release-2.zap
release
Code changes and API documentation.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/reveal-release-2.zap
SHA1:caec390697cdc2c82945371e80901af05cc2bfbc
2017-11-27
230262
2.4.0
revisit
Revisit
Revisit a site at any time in the past using the session history
ZAP Dev Team
3
revisit-alpha-3.zap
alpha
Code changes for Java 9 (Issue 2602).<br>
Updated for 2.7.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/revisit-alpha-3.zap
SHA1:23655efe51113e48b8e2ff8bbe7e41a33235ff55
2017-11-28
289297
2.7.0
saml
SAML Extension
Detect, Show, Edit, Fuzz SAML requests
ZAP Dev Team
7
saml-alpha-7.zap
alpha
Minor code change to work with ZAP 2.5.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/saml-alpha-7.zap
SHA1:5e1b8b175b9711ca25d83488905ef1dc3a3792d5
https://github.com/zaproxy/zaproxy
2017-11-28
997659
2.4.0
saverawmessage
Save Raw Message
Allows to save content of HTTP messages as binary
ZAP Dev Team
4
saverawmessage-release-4.zap
release
Updated for 2.7.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/saverawmessage-release-4.zap
SHA1:df600792159042a452e3e9215d9b89b21417bf88
2017-11-27
27756
2.7.0
savexmlmessage
Save XML Message
Allows to save content of HTTP messages as XML
thatsn0tmysite
0.0.1
savexmlmessage-alpha-0.0.1.zap
alpha
Initial release.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/savexmlmessage-alpha-0.0.1.zap
SHA1:5a819610819e4edc227df5da4dac3c886f2b2d29
2018-05-30
12873
2.7.0
scripts
Script Console
Supports all JSR 223 scripting languages
ZAP Dev Team
24
scripts-beta-24.zap
beta
Fix GUI freeze on script addition/removal through the API (Issue 4302).<br>
Prompt for a charset when failed to read the script file (Issue 3383).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/scripts-beta-24.zap
SHA1:63295325786e27ee0d5920bb46656eda7ea1f514
https://github.com/zaproxy/zaproxy/wiki/ScriptConsole
2018-01-25
639756
2.7.0
selenium
Selenium
WebDriver provider and includes HtmlUnit browser
ZAP Dev Team
14
2.0.0
selenium-release-14.zap
release
Enable the extension for all DB types.<br>
Mention the configuration keys in the options help page.<br>
Tweak error message shown when failed to start/connect to the browser.<br>
Disable Firefox JSON viewer when used by AJAX Spider to prevent crawl.<br>
Prevent WebDriver process leak when closing ZAP.<br>
Ensure "localhost" is proxied through ZAP on Chrome >= 72.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/selenium-release-14.zap
SHA1:79df7cbe14d8368743c30f762d9209cc333913cb
2019-01-31
22697462
2.7.0
sequence
Sequence
Gives the possibility of defining a sequence of requests to be scanned.
ZAP Dev Team
5
sequence-alpha-5.zap
alpha
Updated for 2.7.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/sequence-alpha-5.zap
SHA1:24c62a7d59bec5035acc649bb0970de09fa05a4b
2017-11-28
1511222
2.7.0
zest
spiderAjax
Ajax Spider
Allows you to spider sites that make heavy use of JavaScript using Crawljax
ZAP Dev Team
22
spiderAjax-release-22.zap
release
Maintenance changes.<br>
Add Export button to results table (Issue 4875).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/spiderAjax-release-22.zap
SHA1:208e3695c4855f3adf850adc03d7aba7a9e15404
https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsSpiderAjaxConcepts
2018-08-08
2758623
2.7.0
selenium
2.*
sqliplugin
Advanced SQLInjection Scanner
An advanced active injection bundle for SQLi (derived by SQLMap)
Andrea Pompili (Yhawke)
12
sqliplugin-beta-12.zap
beta
Minor code changes.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/sqliplugin-beta-12.zap
SHA1:7661c839f8ab0fa731d6629de1b7526b706d6bb6
2017-11-27
119265
2.4.1
sse
Server-Sent Events
Allows you to view Server-Sent Events (SSE) communication.
ZAP Dev Team
9
sse-alpha-9.zap
alpha
https://github.com/zaproxy/zap-extensions/releases/download/2.7/sse-alpha-9.zap
SHA1:d5cbc991befbf002b171b23419d26623ab93ef73
2017-11-28
333669
2.4.0
svndigger
SVN Digger files
SVN Digger files which can be used with ZAP forced browsing
ZAP Dev Team
3
svndigger-beta-3.zap
beta
Updated for ZAP 2.4
https://github.com/zaproxy/zap-extensions/releases/download/2.7/svndigger-beta-3.zap
SHA1:8c7187180ed48466d6829e39469cc3d0915b1cbf
http://www.mavitunasecurity.com/blog/svn-digger-better-lists-for-forced-browsing/
2017-11-27
615459
2.4.0
tips
Tips and Tricks
Display ZAP Tips and Tricks
ZAP Dev Team
6
tips-beta-6.zap
beta
Updated for 2.7.0.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/tips-beta-6.zap
SHA1:b6a560a292fa21b867a5c2385bfab0afcdfe0cd5
2017-11-27
517219
2.7.0
tlsdebug
TLS Debug
Provides a tab which allows to quickly debug a TLS/SSL connection
P.M.J. Roth
3
tlsdebug-alpha-3.zap
alpha
Update minimum ZAP version to 2.5.0.<br>
Change default accelerator for TLS Debug tab.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/tlsdebug-alpha-3.zap
SHA1:1cbbbeca9e1681c968cddf612c7938c0dd6e1181
2018-10-15
244231
2.5.0
tokengen
Token generation and analysis
Allows you to generate and analyze pseudo random tokens, such as those used for session handling or CSRF protection
ZAP Dev Team
12
tokengen-beta-12.zap
beta
Stop the test and clear the panel on session changes.<br>
Respect the current mode and react to changes.<br>
Inform of running test (e.g. on session change, add-on uninstall).<br>
Allow to configure the number of threads.<br>
Allow to delay the requests.<br>
Update minimum ZAP version to 2.6.0.<br>
Deletes the cookie in question before sending the request.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/tokengen-beta-12.zap
SHA1:71bb8a5bc15fe725b5ba38939559696589782583
2018-05-17
323564
2.6.0
treetools
TreeTools
Tools to add functionality to the tree view.
Carl Sampson
7
treetools-beta-7.zap
beta
Code changes for Java 9 (Issue 2602)
https://github.com/zaproxy/zap-extensions/releases/download/2.7/treetools-beta-7.zap
SHA1:38fbc4d4e22c0da73a4048522d250fa4ac89bdab
2017-11-27
18821
2.4.0
viewstate
ViewState
ASP/JSF ViewState Decoder and Editor
Calum Hutton
1
viewstate-alpha-1.zap
alpha
https://github.com/zaproxy/zap-extensions/releases/download/2.7/viewstate-alpha-1.zap
SHA1:08cd32915a3b5a70c227b7b423f7d605b3603516
2017-11-28
43907
2.4.0
wappalyzer
Wappalyzer - Technology Detection
Technology detection using Wappalyzer: wappalyzer.com
ZAP Dev Team
12
wappalyzer-alpha-12.zap
alpha
<ul>
<li>Switch to using re2j where possible - results in significant performance improvements.</li>
<li>Added version information column to Wappalyzer Results.</li>
<li>Updated to align with AliasIO/Wappalyzer release v5.7.4.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/wappalyzer-v12/wappalyzer-alpha-12.zap
SHA1:29e1f5066783e420cf00f693a178b564e1200d8f
2019-04-24
2280866
2.7.0
webdriverlinux
Linux WebDrivers
Linux WebDrivers for Firefox and Chrome.
ZAP Dev Team
9
webdriverlinux-release-9.zap
release
<h3>Changed</h3>
<ul>
<li>Promote to release status.</li>
<li>Update ChromeDriver to v74.0.3729.6.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/webdriverlinux-v9/webdriverlinux-release-9.zap
SHA-256:51a61289078751e0257b7ed0e1959161c36948f2ee90d31f92c16aa46c99ef28
2019-05-28
10921867
2.5.0
webdrivermacos
MacOS WebDrivers
MacOS WebDrivers for Firefox and Chrome.
ZAP Dev Team
9
webdrivermacos-release-9.zap
release
<h3>Changed</h3>
<ul>
<li>Promote to release status.</li>
<li>Update ChromeDriver to v74.0.3729.6.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/webdrivermacos-v9/webdrivermacos-release-9.zap
SHA-256:92010df34098bd5d8b69c63ac4703e842ec0437df9eeb702262133e26749e4ae
2019-05-28
9139843
2.5.0
webdriverwindows
Windows WebDrivers
Windows WebDrivers for Firefox and Chrome.
ZAP Dev Team
9
webdriverwindows-release-9.zap
release
<h3>Changed</h3>
<ul>
<li>Promote to release status.</li>
<li>Update ChromeDriver to v74.0.3729.6.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/webdriverwindows-v9/webdriverwindows-release-9.zap
SHA-256:c1d9d3ece4070c4ef1fc3d985abc1f36190eae5988775da7ef2cd076768ad36c
2019-05-28
12460457
2.5.0
websocket
WebSockets
Allows you to inspect WebSocket communication.
ZAP Dev Team
18
websocket-release-18.zap
release
Allow to reopen WebSocket connection to (re)send messages (Issue 4290).
https://github.com/zaproxy/zap-extensions/releases/download/2.7/websocket-release-18.zap
SHA1:cacabee1018ab6b2ff38b7ec446f237f84d3d124
2018-08-01
952969
2.7.0
zest
Zest - Graphical Security Scripting Language
A graphical security scripting language, ZAPs macro language on steroids
ZAP Dev Team
28
zest-beta-28.zap
beta
Display HTTP message also when request statement is selected with keyboard.<br>
Update Content-Length of proxied responses (Issue 4613).<br>
Added input for Variable Name in Client Element Assign dialog.<br>
Allow to clear the Zest panel.<br>
Allow to access the options through Zest panel.<br>
Title caps adjustments (Issue 2000).<br>
Use selected text when adding assignments from the request/response.<br>
Show expression's inverse state in more tree nodes.<br>
Correct dialogue titles of client statements.<br>
Allow to invoke the context menu in text fields also with keyboard.<br>
Correct fields' state in Switch To Frame dialogue.<br>
Correct request conversion that dropped the topmost header (Issue 5100).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/zest-beta-28.zap
SHA1:277257f55eafb3203110ae9466580d5fab6cb41c
https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsZestZest
2018-11-07
2154460
2.7.0
selenium
>=2.0.0 & <3.0.0