2.14.0
D-2021-10-18
https://github.com/zaproxy/zaproxy/releases/download/w2021-10-18/ZAP_WEEKLY_D-2021-10-18.zip
ZAP_WEEKLY_D-2021-10-18.zip
SHA-256:9d4bcb12e47293f3cbc4c32285b8469e620f092bb2519e65e12e5e528a25a8ad
188556676
https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2_14_0_windows-x32.exe
ZAP_2_14_0_windows-x32.exe
SHA-256:5dae52e27da12fba5115e40ebc0cd2da24f6d9ba91608a7b0b7b254984a0b798
220967424
https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2_14_0_windows.exe
ZAP_2_14_0_windows.exe
SHA-256:df49ffbd14cf82cde5ac06902615e40cbfce1576f866436366708c0845eb9ec6
221097472
https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2.14.0_Linux.tar.gz
ZAP_2.14.0_Linux.tar.gz
SHA-256:219d7f25bbe25247713805ab02cc12279898c870743c1aae3c2b0b1882191960
215142045
https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2.14.0.dmg
ZAP_2.14.0.dmg
SHA-256:3b9862a647b1c5c26d6917f2316113dfaceac06bdb79ad3f2c96e0cbd73861f7
244671708
Bug fix and enhancement release.
https://www.zaproxy.org/docs/desktop/releases/2.14.0/
accessControl
Access Control Testing
Adds a set of tools for testing access control in web applications.
ZAP Dev Team
5
accessControl-alpha-5.zap
alpha
Respect the current mode and react to changes.<br>
Dynamically unload the add-on.<br>
Inform of running tests (e.g. on session change, add-on uninstall).<br>
Improve error handling during test.<br>
Tweak alerts to use Other Info field instead of Attack/Evidence.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/accessControl-alpha-5.zap
SHA1:8160d7a28f9952a3760299d0bc30c32982b75274
2018-11-02
539232
2.7.0
alertFilters
Alert Filters
Allows you to automate the changing of alert risk levels.
ZAP Dev Team
9
alertFilters-release-9.zap
release
<ul>
<li>Added support for parameter regex, attack and evidence strings and regexes (Issue 5574)</li>
<li>Added support for global alert filters (Issue 5575)</li>
<li>Added option to create alert filters from alert</li>
<li>Added options to test which alerts will apply to and to actually apply them</li>
<li>Removed the "Context" from the add-on name</li>
<li>Promote Alert Filters addon to release status</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/alertFilters-v9/alertFilters-release-9.zap
SHA-256:a0ddb38e80e35ee4cdd172e24f7007ee00b83ebe61c6effb97e46371128b883a
2019-09-30
320152
2.7.0
alertReport
Report alert generator
Allows you to generate reports for alerts you specify in pdf or odt format
Talsoft SRL
14
alertReport-beta-14.zap
beta
Fix an exception while generating the report (Issue 1612).<br>
Include Alert's evidence in report of ODT format.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/alertReport-beta-14.zap
SHA1:4e9456325fd921f7b403fa780f703c91cdf61bdd
http://www.talsoft.com.ar
2017-11-27
9722880
2.4.0
allinonenotes
All In One Notes
A simple extension to view all notes in one pane.
David Vassallo
1
allinonenotes-alpha-1.zap
alpha
<ul>
<li>First version.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/allinonenotes-v1/allinonenotes-alpha-1.zap
SHA-256:3862c6b56214092fa1e50b408addcf21fddb88bcbaf756c6d08e5118c12c9ba4
2019-06-18
19614
2.8.0
amf
AMF
Adds support for AMF messages
ZAP Dev Team
2
amf-alpha-2.zap
alpha
Deserialise the AMF request.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/amf-alpha-2.zap
SHA1:d73da69a1a8c40a881f545aea7bcfc28ee125467
2017-11-28
813490
2.4.0
ascanrules
Active scanner rules
The release quality Active Scanner rules
ZAP Dev Team
33
ascanrules-release-33.zap
release
<ul>
<li>Maintenance changes.</li>
<li>Promote Source Code Disclosure WEB-INF (Issue 4448).</li>
<li>Bundle Diff Utils library instead of relying on core.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v33/ascanrules-release-33.zap
SHA-256:ca493be26902fa3fc61539da091c46f338d70b015db2265d4a42fa77e1274e1d
2019-06-07
2343365
2.7.0
ascanrulesAlpha
Active scanner rules (alpha)
The alpha quality Active Scanner rules
ZAP Dev Team
27
ascanrulesAlpha-alpha-27.zap
alpha
<h3>Added</h3>
<ul>
<li>Added Hidden Files Finder (issue 4585) largely based on Snallygaster by Hanno Böck, also supports use of the Custom Payloads addon.</li>
</ul>
<h3>Removed</h3>
<ul>
<li>The following scan rules were removed in being promoted from Alpha to Beta:
<ul>
<li>Apache Range Header DoS</li>
<li>Cookie Slack Detector</li>
<li>ELMAH Information Leak</li>
<li>GET for POST</li>
<li>.htaccess Information Leak</li>
<li>HTTP Only Site</li>
<li>Httpoxy - Proxy Header Misuse</li>
<li>HTTPS Content Available via HTTP</li>
<li>Proxy Disclosure</li>
<li>Relative Path Confusion</li>
<li>Source Code Disclosure - File Inclusion</li>
<li>Source Code Disclosure - Git</li>
<li>SQL Injection - MsSQL</li>
<li>SQL Injection - SQLite</li>
<li>Trace.axd Information Leak</li>
<li>User Agent Fuzzer</li>
</ul>
</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesAlpha-v27/ascanrulesAlpha-alpha-27.zap
SHA-256:c097abc59dfc49cc8c20bd4b22a7ae93e9129a805a35a2f8e7341c9c21db9821
https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsAscanrulesAlphaAscanalpha
2019-12-16
1225414
2.8.0
ascanrulesBeta
Active scanner rules (beta)
The beta quality Active Scanner rules
ZAP Dev Team
27
ascanrulesBeta-beta-27.zap
beta
<h3>Added</h3>
<ul>
<li>The following scan rules were promoted from Alpha to Beta:
<ul>
<li>Apache Range Header DoS</li>
<li>Cookie Slack Detector</li>
<li>ELMAH Information Leak</li>
<li>GET for POST</li>
<li>.htaccess Information Leak</li>
<li>HTTP Only Site</li>
<li>Httpoxy - Proxy Header Misuse</li>
<li>HTTPS Content Available via HTTP</li>
<li>Proxy Disclosure</li>
<li>Relative Path Confusion</li>
<li>Source Code Disclosure - File Inclusion</li>
<li>Source Code Disclosure - Git</li>
<li>SQL Injection - MsSQL</li>
<li>SQL Injection - SQLite</li>
<li>Trace.axd Information Leak</li>
<li>User Agent Fuzzer</li>
</ul>
</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Add dependency on Custom Payloads add-on.</li>
<li>Fixed ArrayIndexOutOfBoundsException issue in XML External Entity Attack scan rule.
<ul>
<li>Now removes original XML header in "Local File Reflection Attack".</li>
</ul>
</li>
<li>Maintenance changes.</li>
<li>Update minimum ZAP version to 2.8.0.</li>
<li>Elmah scan rule updated to include a response content check, and vary alert confidence values accordingly.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v27/ascanrulesBeta-beta-27.zap
SHA-256:19f176a2ecada196708b1ab521a766871411f2edfd8dd24a37ccfd1d9df5c46d
2019-12-16
1434027
2.8.0
attacksurfacedetector
Attack Surface Detector
The Attack Surface Detector analyzes web application source code to generate endpoints that can be used for penetration testing.
Secure Decisions (Matthew DeLetto)
1.1.4
attacksurfacedetector-alpha-1.1.4.zap
alpha
Various incremental changes (see https://github.com/secdec/attack-surface-detector-zap/releases)<br>
Fix un-handled exception when target unavailable & address various "house keeping" tasks.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/attacksurfacedetector-alpha-1.1.4.zap
SHA1:e21758c2cdcbc7806f44cc986a88360457eff82e
https://github.com/secdec/attack-surface-detector-zap/wiki
2019-03-07
15604948
2.7.0
authstats
Authentication Statistics
Records logged in/out statistics for all contexts in scope.
ZAP Core Team
1
authstats-alpha-1.zap
alpha
First version<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/authstats-alpha-1.zap
SHA1:7191fd7491564eed5186df3567ee4002ce42b25a
https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsAuthstatsAuthStats
2017-11-28
238686
2.5.0
beanshell
BeanShell Console
Provides a BeanShell Console
ZAP Dev Team
6
beanshell-beta-6.zap
beta
Minor code changes.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/beanshell-beta-6.zap
SHA1:9546aad4694ef047822bc17d3d9f532d3aa162b8
2017-11-27
574028
2.4.0
browserView
Browser View
Adds an option to render HTML responses like a browser
ZAP Dev Team
5
browserView-alpha-5.zap
alpha
Allow to properly scroll the rendered page.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/browserView-alpha-5.zap
SHA1:0aaf81863ad1011136416b49a05eba3d8b262a02
2017-11-28
193880
2.4.0
bruteforce
Forced Browse
Forced browsing of files and directories using code from the OWASP DirBuster tool
ZAP Dev Team
8
bruteforce-beta-8.zap
beta
<ul>
<li>Two new options are provided as part of issue 173:
<ul>
<li>One option allows the user to specify the file extensions to ignore.
URIs ending with specified file extensions are ignored from making requests to the server.</li>
<li>The other option allows the user to specify fail case string.</li>
</ul>
</li>
<li>Inform of running scans (e.g. on session change, add-on uninstall).</li>
<li>Issue 2000 - Updated strings shown in attack menu with title caps.</li>
<li>Enable start button on file selection.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/bruteforce-v8/bruteforce-beta-8.zap
SHA-256:b497d8db37ef26bd49055c818a5bea7c0197e5778a9613320f64179b34596714
2019-06-07
517559
2.7.0
bugtracker
Bug Tracker
Bug Tracker extension.
ZAP Dev Team
2
bugtracker-alpha-2.zap
alpha
Added help for the add-on
https://github.com/zaproxy/zap-extensions/releases/download/2.7/bugtracker-alpha-2.zap
SHA1:8990bb1dec45749982a9cad93a7437a9281b40aa
2017-11-28
2002624
2.5.0
callgraph
Call Graph
Allows the user to view a call graph of the selected resources
Colm O'Flaherty
4
callgraph-alpha-4.zap
alpha
Finish internationalisation.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/callgraph-alpha-4.zap
SHA1:4edaa3f624517ebf6a52b9f84e2209d8839429bb
2017-11-28
1160586
2.4.0
codedx
Code Dx Extension
Includes request and response data in XML reports and provides the ability to upload reports directly to a Code Dx server
Code Dx, Inc.
8
codedx-alpha-8.zap
alpha
<ul>
<li>Make fixes to the report generation process to handle encoding the same as other ZAP reports</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/codedx-v8/codedx-alpha-8.zap
SHA-256:a0f90a41eb1e9fc50c87a00d78e19957e083c933ec35a84f4f9be062b1d510ae
https://www.codedx.com/
2019-08-23
1740991
2.5.0
communityScripts
Community Scripts
Useful ZAP scripts written by the ZAP community.
ZAP Community
8
communityScripts-alpha-8.zap
alpha
Update from community-scripts repo.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/communityScripts-alpha-8.zap
SHA1:cdcdb4acc3ee95187067a86b6cd89a37beea5431
https://github.com/zaproxy/community-scripts
2018-06-19
387552
2.7.0
custompayloads
Custom Payloads
Ability to add, edit or remove payloads that are used i.e. by active scanners
ZAP Core Team
0.9.0
custompayloads-alpha-0.9.0.zap
alpha
<ul>
<li>First version.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/custompayloads-v0.9.0/custompayloads-alpha-0.9.0.zap
SHA-256:ddfade1c631b4151f66825e5f3b3bd64d11e4e612e9a85042eb00a5a5bc51f9d
2019-10-31
45786
2.8.0
customreport
CustomReport
New HTML report module allows users to customize report content.
Chienli Ma
5
customreport-alpha-5.zap
alpha
<ul>
<li>Improve layout/sizing of Generate Report dialogue (Issue 5521).</li>
<li>Remove unused library.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/customreport-v5/customreport-alpha-5.zap
SHA-256:437af7cf0e9517ec4efd2117ce6e601228471fb4e9493b2331820344e17e8e40
2019-08-30
262137
2.5.0
diff
Diff
Displays a dialog showing the differences between 2 requests or responses. It uses diffutils and diff_match_patch
ZAP Dev Team
9
diff-beta-9.zap
beta
<ul>
<li>Maintenance changes.</li>
<li>Bundle Diff Utils library instead of relying on core.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/diff-v9/diff-beta-9.zap
SHA-256:21b0190dc7c1705422657c166607b79cbda9ee0476b40d294d41d5373ff9b471
2019-06-07
280329
2.7.0
directorylistv1
Directory List v1.0
List of directory names to be used with "Forced Browse" add-on.
ZAP Dev Team
3
directorylistv1-release-3.zap
release
Removed repeated files.<br>
Added strings for version control directories of Git, Mercurial, SVN, CVS, Bazaar.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/directorylistv1-release-3.zap
SHA1:b1697b64f5bc50f6bfcb4047b37789850cc3e252
https://owasp.org/index.php/DirBuster
2017-11-27
847619
2.4.0
directorylistv2_3
Directory List v2.3
Lists of directory names to be used with "Forced Browse" add-on.
ZAP Dev Team
3
directorylistv2_3-release-3.zap
release
Removed repeated files.<br>
Added strings for version control directories of Git, Mercurial, SVN, Bazaar.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/directorylistv2_3-release-3.zap
SHA1:e3b9cb6a9bae87a0dbcf73ff52f7b4406486d5c0
https://owasp.org/index.php/DirBuster
2017-11-27
8608734
2.4.0
directorylistv2_3_lc
Directory List v2.3 LC
Lists of lower case directory names to be used with "Forced Browse" add-on.
ZAP Dev Team
3
directorylistv2_3_lc-release-3.zap
release
Added strings for version control directories of Git, Mercurial, SVN, Bazaar.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/directorylistv2_3_lc-release-3.zap
SHA1:03a5ec11530203be6625633821ab3c05754b2daa
https://owasp.org/index.php/DirBuster
2017-11-27
7454767
2.4.0
domxss
DOM XSS Active scanner rule
DOM XSS Active scanner rule
ZAP Dev Team
9
domxss-alpha-9.zap
alpha
<h3>Fixed</h3>
<ul>
<li>Use default browser when no browser is specified in the configuration rule.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/domxss-v9/domxss-alpha-9.zap
SHA-256:069505357e4b18ffa1bc47ae2ea10fd3ddd5845b5e94b3edaefee9eb2dede254
2019-06-12
213767
2.7.0
selenium
15.*
exportreport
Export Report
Report Export module that allows users to customize content and export in a desired format.
Goran Sarenkapa - JordanGS
6
exportreport-alpha-6.zap
alpha
<ul>
<li>Remove API when uninstalling.</li>
<li>Fix exception with Java 9+ (Issue 4214).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/exportreport-v6/exportreport-alpha-6.zap
SHA-256:18bcc0f55e0584489abce42bfc93db44ab370153b137c8322099879a046f2b14
2019-06-24
8224348
2.7.0
formhandler
Form Handler
This Form Handler Add-on allows a user to define field names and values to be used in a form's fields. Fields can be added, modified, enabled, and deleted for use in form fields.
ZAP Dev Team
2
formhandler-alpha-2.zap
alpha
Add context menu to params panel.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/formhandler-alpha-2.zap
SHA1:d7057d5b93bdd8f356a9814f30269b336c38c612
2018-10-26
2200662
2.6.0
fuzz
AdvFuzzer
Advanced fuzzer for manual testing
ZAP Dev Team
11
2.0.1
fuzz-beta-11.zap
beta
<ul>
<li>Enable the extensions for all DB types.</li>
<li>Use Monospaced font in payload text areas.</li>
<li>Possibility to enforce a random order in the RegexPayloadGenerator.</li>
<li>Make the default step in the Numberzz generator one.</li>
<li>Add json fuzzer.</li>
<li>Add parameters to Fuzzer HTTP Processor script.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/fuzz-v11/fuzz-beta-11.zap
SHA-256:a100eeec7013a08782cf19b987bb76ee64b29419af99ef1a940a16604df6ce33
https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsFuzzConcepts
2019-06-07
1945947
2.7.0
fuzzdb
FuzzDB files
FuzzDB files which can be used with the ZAP fuzzer
ZAP Dev Team
5
fuzzdb-release-5.zap
release
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.8.0.</li>
</ul>
<h3>Removed</h3>
<ul>
<li>Move web-backdoors to a new add-on, FuzzDB Web Backdoors, to avoid causing issues with AVs. <a href="https://github.com/zaproxy/zaproxy/issues/5294">#5294</a></li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/fuzzdb-v5/fuzzdb-release-5.zap
SHA-256:569a17547297f682da8d0abf51b5c9db24421c37c16023db7586588d0cbfbada
https://github.com/fuzzdb-project/fuzzdb/
2019-06-27
5467143
2.8.0
fuzzdbwebbackdoors
FuzzDB Web Backdoors
FuzzDB web backdoors which can be used with the ZAP fuzzer
ZAP Dev Team
1
fuzzdbwebbackdoors-release-1.zap
release
<p>First version.</p>
https://github.com/zaproxy/fuzzdb-web-backdoors/releases/download/v1/fuzzdbwebbackdoors-release-1.zap
SHA-256:18c8f8f01c49f3134843daa569653a798bdc06cfd1b6e0d26a3c18e44213de81
https://github.com/fuzzdb-project/fuzzdb/
2019-06-27
161031
2.8.0
gettingStarted
Getting Started with ZAP Guide
A short Getting Started with ZAP Guide
ZAP Dev Team
10
gettingStarted-release-10.zap
release
<ul>
<li>Updated for 2.8.0</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/gettingStarted-v10/gettingStarted-release-10.zap
SHA-256:cea5fe2fd081d1814b4e21d95973a9090b195e580bb279edde875f8161ea1d8c
2019-06-07
706894
2.8.0
groovy
Groovy Scripting
Allows Groovy to be used for ZAP scripting - templates included
ZAP Dev Team
2
groovy-alpha-2.zap
alpha
Add help.<br>
Added script templates.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/groovy-alpha-2.zap
SHA1:7f0d54eaf987a435e941a422378c124f3fd29259
2018-04-19
7334399
2.7.0
help
Help - English
English version of the ZAP help file.
ZAP Crowdin Team
9
help-release-9.zap
release
<ul>
<li>Update for 2.8.0 release.</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help-v9/help-release-9.zap
SHA-256:d4ac481ff08ebfa0fc35fea4d3c0a481a0f4491aab0cbe0d0d7caef408ee679c
https://github.com/zaproxy/zap-core-help/wiki/HelpIntro
2019-06-07
747145
2.8.0
help_bs_BA
Help - Bosnian
Bosnian version of the ZAP help file.
ZAP Crowdin Team
9
help_bs_BA-alpha-9.zap
alpha
Updated with the latest files from crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_bs_BA-alpha-9.zap
SHA1:d33a3277e877da4734e6bf9c911c61c4e6ce2f3f
https://crowdin.com/project/zap-help
2018-02-08
747536
2.7.0
help_es_ES
Help - Spanish
Spanish version of the ZAP help file.
ZAP Crowdin Team
9
help_es_ES-release-9.zap
release
Updated with the latest files from crowdin, promoted to release
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_es_ES-release-9.zap
SHA1:c17a1d63de54a99feb5344ea3f07e66dcbd7d4d1
https://crowdin.com/project/zap-help
2018-02-08
810573
2.7.0
help_fil_PH
Help Filipino
Filipino version of the ZAP help file.
ZAP Crowdin Team
2
help_fil_PH-alpha-2.zap
alpha
Updated with the latest files from crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_fil_PH-alpha-2.zap
SHA1:76ae4fe9931d187aac7e5c4a4dd7bfbc13d262e4
https://crowdin.com/project/zap-help
2018-02-08
818996
2.7.0
help_fr_FR
Help - French
French version of the ZAP help file.
ZAP Crowdin Team
9
help_fr_FR-alpha-9.zap
alpha
Updated with the latest files from crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_fr_FR-alpha-9.zap
SHA1:05aa37ec86966990fa33190c65a53d1c5a6dc955
https://crowdin.com/project/zap-help
2018-02-08
752466
2.7.0
help_id_ID
Help Indonesian
Indonesian version of the ZAP help file.
ZAP Crowdin Team
2
help_id_ID-beta-2.zap
beta
Updated with the latest files from crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_id_ID-beta-2.zap
SHA1:7b7ba465a1eecac23781582a1f1d7dfbaef2d347
https://crowdin.com/project/zap-help
2018-02-08
775452
2.7.0
help_ja_JP
Help - Japanese
Japanese version of the ZAP help file.
ZAP Crowdin Team
9
help_ja_JP-beta-9.zap
beta
Updated with the latest files from crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_ja_JP-beta-9.zap
SHA1:d91450eef7e4f3ce19fa9ad9f318fb80cc337ec1
https://crowdin.com/project/zap-help
2018-02-08
774034
2.7.0
help_pt_BR
Help - Portuguese, Brazilian
Portuguese, Brazilian version of the ZAP help file.
ZAP Crowdin Team
10
help_pt_BR-release-10.zap
release
Updated with the latest files from crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_pt_BR-release-10.zap
SHA1:43ef048b4faff32e6ed59dfbd07174ceec71bbdb
https://crowdin.com/project/zap-help
2018-02-08
793044
2.7.0
help_tr_TR
Help - Turkish
Turkish version of the ZAP help file.
ZAP Crowdin Team
1
help_tr_TR-release-1.zap
release
First version
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_tr_TR-release-1.zap
SHA1:2d4c3c115e0f401c37049dd1802f413b42f88e5e
https://crowdin.com/project/zap-help
2018-02-08
815439
2.7.0
help_zh_CN
Help Chinese Simplified
Chinese Simplified version of the ZAP help file.
ZAP Crowdin Team
2
help_zh_CN-beta-2.zap
beta
Updated with the latest files from crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_zh_CN-beta-2.zap
SHA1:bf58e29e3813b20df90e1691e81119e4a1a2e4f2
https://crowdin.com/project/zap-help
2018-02-08
761680
2.7.0
highlighter
Highlighter
Allows you to highlight strings in the request and response tabs.
ZAP Dev Team
7
highlighter-alpha-7.zap
alpha
Fix help related exception in the Highlighter panel.<br>
Correct resizing of Highlighter panel.<br>
Update minimum ZAP version to 2.5.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/highlighter-alpha-7.zap
SHA1:6b3cbf8939c2dfc5eb0c6e74e407d3674048fe93
2018-05-30
9210
2.5.0
httpsInfo
HttpsInfo
Displays HTTPS configuration information.
ZAP Dev Team
12
httpsInfo-alpha-12.zap
alpha
<ul>
<li>New tabbed UI.</li>
<li>Update to DeepViolet 5.1.16.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/httpsInfo-v12/httpsInfo-alpha-12.zap
SHA1:c9c44e815522b32f3870bae898ed4e76e9011207
2019-04-26
7690429
2.7.0
hud
HUD - Heads Up Display
Display information from ZAP in browser.
ZAP Dev Team
0.8.0
hud-beta-0.8.0.zap
beta
<h3>Added</h3>
<ul>
<li>Added 'Toggle Script' tool, allowing user-made scripts to be toggled on and off from the HUD <a href="https://github.com/zaproxy/zap-hud/issues/335">#335</a></li>
<li>Tweet link on completing the tutorial</li>
<li>Comments tool which shows all of the HTML comments on a page <a href="https://github.com/zaproxy/zap-hud/issues/378">#378</a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Dialogue windows close properly when the Escape key is pressed <a href="https://github.com/zaproxy/zap-hud/issues/71">#71</a></li>
<li>Sites upgraded to https fail if 'only in scope' switched on <a href="https://github.com/zaproxy/zap-hud/issues/316">#316</a></li>
</ul>
https://github.com/zaproxy/zap-hud/releases/download/v0.8.0/hud-beta-0.8.0.zap
SHA-256:108fda27ad71160767dbb5271155416ea31f05ae4e9556b1d85b8ecd2ab8c120
2019-11-25
898414
2.8.0
websocket
imagelocationscanner
Image Location and Privacy Scanner
Image Location and Privacy Passive Scanner
Veggiespam and the ZAP Dev Team
1
imagelocationscanner-beta-1.zap
beta
Promoted to beta and separated from the passive scan alpha add-on.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/imagelocationscanner-beta-1.zap
SHA1:5fcd1183e055406b8dd725f434044ef73323f48f
2018-02-27
607798
2.7.0
importLogFiles
Log File Importer
Allows you to import log files from ModSecurity and files previously exported from ZAP
ZAP Dev Team
4
importLogFiles-alpha-4.zap
alpha
Use API actions when importing files.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/importLogFiles-alpha-4.zap
SHA1:81d9d50c879301d8ce40b8b39d5e1953f95ba9ab
https://github.com/zaproxy/zaproxy/wiki/MozillaMentorship_ImportingModSecurityLogs
2017-11-28
152736
2.4.0
importurls
Import files containing URLs
Adds an option to import a file of URLs. The file must be plain text with one URL per line.
ZAP Dev Team
6
importurls-beta-6.zap
beta
<ul>
<li>Maintenance changes.</li>
<li>Add description to API endpoint.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/importurls-v6/importurls-beta-6.zap
SHA-256:865ba2d56165fc49f1d15a8e698f1996ba2dcc4356f1db56de831f94be029fff
2019-06-07
235071
2.7.0
invoke
Invoke Applications
Invoke external applications passing context related information such as URLs and parameters
ZAP Dev Team
9
invoke-beta-9.zap
beta
Added additional parameter replacements of %msgid% and %header-*%<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/invoke-beta-9.zap
SHA1:81df2e9d7794b273410c87336ef66cb4cc4dc6b6
2018-02-19
314763
2.7.0
jruby
Ruby scripting
Allows Ruby to be used for ZAP scripting - templates included
ZAP Dev Team
6
jruby-beta-6.zap
beta
Updated for 2.7.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/jruby-beta-6.zap
SHA1:99166f0e9f4337329ae8452da032986214f1eb73
2017-11-27
22477473
2.7.0
jsonview
Json view
Adds a view that shows JSON messages nicely formatted
Juha Kivekäs
1
jsonview-alpha-1.zap
alpha
Initial release
https://github.com/zaproxy/zap-extensions/releases/download/2.7/jsonview-alpha-1.zap
SHA1:be9a95e39722ff42af1160a195a56c9af9e285c1
2018-02-08
10796
2.6.0
jxbrowser
JxBrowser (core)
An embedded browser based on Chromium, you must also install the relevant platform specific add-on
ZAP Dev Team
14
jxbrowser-alpha-14.zap
alpha
<h3>Changed</h3>
<ul>
<li>Depend on newer version of Selenium add-on.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/jxbrowser-v14/jxbrowser-alpha-14.zap
SHA-256:b185d17c7a981afd0d77c07436786341a4e580e0f76bfa6d319e8f3592c11bbe
2019-06-07
1479208
2.7.0
jxbrowserlinux64
JxBrowser (Linux 64)
An embedded browser based on Chromium, Linux 64 specific
ZAP Dev Team
12
jxbrowserlinux64-alpha-12.zap
alpha
<h3>Changed</h3>
<ul>
<li>Depend on newer version of Selenium add-on.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/jxbrowserlinux64-v12/jxbrowserlinux64-alpha-12.zap
SHA-256:43838e4dc135ee98ad14d01f2dc2468648cda4fb9a72c93c06201015f05e87af
2019-06-07
64486391
2.7.0
jxbrowser
jxbrowsermacos
JxBrowser (Mac OS)
An embedded browser based on Chromium, Mac OS specific
ZAP Dev Team
12
jxbrowsermacos-alpha-12.zap
alpha
<h3>Changed</h3>
<ul>
<li>Depend on newer version of Selenium add-on.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/jxbrowsermacos-v12/jxbrowsermacos-alpha-12.zap
SHA-256:7dcdfb8148d372d522021e964c7e7b5b172232f0ced45b9617c8c63fff87114c
2019-06-07
70400516
2.7.0
jxbrowser
jxbrowserwindows
JxBrowser (Windows)
An embedded browser based on Chromium, Windows specific
ZAP Dev Team
12
jxbrowserwindows-alpha-12.zap
alpha
<h3>Changed</h3>
<ul>
<li>Depend on newer version of Selenium add-on.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/jxbrowserwindows-v12/jxbrowserwindows-alpha-12.zap
SHA-256:d7af59c37e3a80798767d42c25cf04d9125268101eb61bfd08c7b90d9e1f70b2
2019-06-07
51288355
2.7.0
jxbrowser
jxbrowserwindows64
JxBrowser (Windows 64bits)
An embedded browser based on Chromium, Windows 64bits specific
ZAP Dev Team
5
jxbrowserwindows64-alpha-5.zap
alpha
<h3>Changed</h3>
<ul>
<li>Depend on newer version of Selenium add-on.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/jxbrowserwindows64-v5/jxbrowserwindows64-alpha-5.zap
SHA-256:f833b91b5acc49ca9023b14bdfc18a7b239794c8b84b73486578f784d3c61038
2019-06-07
53008958
2.7.0
jxbrowser
jython
Python Scripting
Allows Python to be used for ZAP scripting - templates included
ZAP Dev Team
10
jython-beta-10.zap
beta
Correctly set path module defined in the options and address UI hang (Issue 4651).<br>
Minor tweak in extender template.<br>
Add default template for Script Input Vector.<br>
Add help page for the options.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/jython-beta-10.zap
SHA1:fedf4e6c30dfb52543d851bb668ab1c8101dd58f
2018-05-08
41738465
2.7.0
neonmarker
Neonmarker
Colors history table items based on tags
Juha Kivekäs, Kingthorin
1.1.0
neonmarker-alpha-1.1.0.zap
alpha
<h3>Changed</h3>
<ul>
<li>Migrated from https://github.com/juhakivekas/zap-extensions/tree/neonmarker/ to https://github.com/kingthorin/neonmarker.</li>
<li>Adapted to Gradle build.</li>
<li>Mapping 'rules' now display all available Tags not just those currently mapped to a history item.</li>
<li>Allow selection of custom colors with a Color Chooser.</li>
</ul>
<h3>Added</h3>
<ul>
<li>Basic help entry.</li>
<li>Color Mappings can be added in scripts.</li>
<li>Add enable/disable toggle in toolbar.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/neonmarker-alpha-1.1.0.zap
SHA-256:42ec116cd6e329b9707d47c1a6958684eb47680c538a13c2ca0ab0e1559eb4b2
https://github.com/kingthorin/neonmarker
2020-01-02
24394
2.8.0
onlineMenu
Online menus
ZAP Online menu items
ZAP Dev Team
6
onlineMenu-release-6.zap
release
Updated for 2.7.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/onlineMenu-release-6.zap
SHA1:343c6f9891b311739770bbb3e25d12c766bd1866
https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsOnlineMenuOnlineMenu
2017-11-27
206306
2.7.0
openapi
OpenAPI Support
Imports and spiders OpenAPI definitions.
ZAP Core Team plus Joanna Bona, Nathalie Bouchahine, Artur Grzesica, Mohammad Kamar, Markus Kiss, Michal Materniak and Marcin Spiewak
14
openapi-alpha-14.zap
alpha
<h3>Added</h3>
<ul>
<li>Support OpenAPI v3.0 (Issue 4549).</li>
<li>Allow to specify the target URL (scheme, authority, and path) when importing through the command line.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Do not consume spider resource if not parsed as OpenAPI definition.</li>
<li>Allow to specify the target URL when importing from file through the API and GUI.</li>
<li>Allow to override also the scheme and path when importing from URL through the API.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/openapi-v14/openapi-alpha-14.zap
SHA-256:6b6d5effb2b4cc5bc1cc09fe428ab05972c660d7fb6e46a4202dd5322d574fb3
2019-12-02
11475733
2.8.0
plugnhack
Plug-n-Hack Configuration
Supports the Mozilla Plug-n-Hack standard: https://developer.mozilla.org/en-US/docs/Plug-n-Hack.
ZAP Dev Team
11
plugnhack-beta-11.zap
beta
Code changes for Java 9 (Issue 2602).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/plugnhack-beta-11.zap
SHA1:e3243495919a8d1a7f4bd69e60b7147690bb9836
https://developer.mozilla.org/en-US/docs/Plug-n-Hack
2017-11-27
722977
2.4.0
portscan
Port Scanner
Allows to port scan a target server
ZAP Dev Team
8
portscan-beta-8.zap
beta
Code changes for Java 9 (Issue 2602).<br>
Issue 3513: Options panel UI fixes.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/portscan-beta-8.zap
SHA1:85b7377c65778d22a4c78fe1ff79b82245abc4c9
2017-11-27
632994
2.4.0
pscanrules
Passive scanner rules
The release quality Passive Scanner rules
ZAP Dev Team
25
pscanrules-release-25.zap
release
<h3>Changed</h3>
<ul>
<li>Content Security Policy scan rule: Update to Salvation 2.7.0, add handling for script-src-elem, script-src-attr, style-src-elem, and style-src-attr (Issue 5459).</li>
<li>Minimum ZAP version is now 2.8.0.</li>
</ul>
<h3>Added</h3>
<ul>
<li>The following scan rules were added, promoted from Beta to Release:
<ul>
<li>Cookie Without SameSite Attribute</li>
<li>Cross Domain Misconfiguration</li>
<li>Information Disclosure: In URL</li>
<li>Information Disclosure: Referrer</li>
<li>Information Disclosure: Suspicious Comments</li>
<li>Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)</li>
<li>Timestamp Disclosure</li>
<li>Username Hash Found</li>
<li>X-AspNet-Version Response Header Scanner</li>
<li>X-Debug-Token Information Leak</li>
</ul>
</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v25/pscanrules-release-25.zap
SHA-256:d9995e8c2408f545b0dd0a4fab7ceb64b1c384e63ca24816bdcdee6afc8333f4
2019-12-16
758156
2.8.0
pscanrulesAlpha
Passive scanner rules (alpha)
The alpha quality Passive Scanner rules
ZAP Dev Team
26
pscanrulesAlpha-alpha-26.zap
alpha
<h3>Added</h3>
<ul>
<li>Add Java Serialized Object (JSO) Scanner.</li>
<li>Add Sub Resource Integrity Attribute Missing Scanner.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Fixed false positive when redirect destination is the same domain (Issue 5289).</li>
<li>CSP Missing and Feature Policy scan rule: Ignore missing headers on redirects unless Low threshold used.</li>
</ul>
<h3>Removed</h3>
<ul>
<li>The following scan rules were removed in being promoted to Beta:
<ul>
<li>Big Redirect Detected (Potential Sensitive Information Leak)</li>
<li>Content Security Policy (CSP) Header Not Set</li>
<li>Cookie Poisoning</li>
<li>Directory Browsing</li>
<li>Hash Disclosure</li>
<li>Heartbleed OpenSSL Vulnerability (Indicative)</li>
<li>HTTP Server Response Header Scanner</li>
<li>HTTP to HTTPS Insecure Transition in Form Post</li>
<li>HTTPS to HTTP Insecure Transition in Form Post</li>
<li>Open Redirect</li>
<li>PII Scanner</li>
<li>Retrieved from Cache</li>
<li>Reverse Tabnabbing</li>
<li>Strict-Transport-Security Header Scanner</li>
<li>User Controllable Charset</li>
<li>User Controllable HTML Element Attribute (Potential XSS)</li>
<li>User Controllable JavaScript Event (XSS)</li>
<li>X-Backend-Server Header Information Leak</li>
<li>X-ChromeLogger-Data (XCOLD) Header Information Leak</li>
</ul>
</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesAlpha-v26/pscanrulesAlpha-alpha-26.zap
SHA-256:605e9ad22a295f22419784b4ca09345257fe237bf4c0c8c41df35c531e875472
2019-12-16
1670892
2.7.0
pscanrulesBeta
Passive scanner rules (beta)
The beta quality Passive Scanner rules
ZAP Dev Team
21
pscanrulesBeta-beta-21.zap
beta
<h3>Added</h3>
<ul>
<li>The following scan rules were added being promoted from Alpha to Beta:
<ul>
<li>Big Redirect Detected (Potential Sensitive Information Leak)</li>
<li>Content Security Policy (CSP) Header Not Set</li>
<li>Cookie Poisoning</li>
<li>Directory Browsing</li>
<li>Hash Disclosure</li>
<li>Heartbleed OpenSSL Vulnerability (Indicative)</li>
<li>HTTP Server Response Header Scanner</li>
<li>HTTP to HTTPS Insecure Transition in Form Post</li>
<li>HTTPS to HTTP Insecure Transition in Form Post</li>
<li>Open Redirect</li>
<li>PII Scanner</li>
<li>Retrieved from Cache</li>
<li>Reverse Tabnabbing</li>
<li>Strict-Transport-Security Header Scanner</li>
<li>User Controllable Charset</li>
<li>User Controllable HTML Element Attribute (Potential XSS)</li>
<li>User Controllable JavaScript Event (XSS)</li>
<li>X-Backend-Server Header Information Leak</li>
<li>X-ChromeLogger-Data (XCOLD) Header Information Leak</li>
</ul>
</li>
</ul>
<h3>Removed</h3>
<ul>
<li>The following scan rules were removed in being promoted Beta to Release:
<ul>
<li>Cookie Without SameSite Attribute</li>
<li>Cross Domain Misconfiguration</li>
<li>Information Disclosure: In URL</li>
<li>Information Disclosure: Referrer</li>
<li>Information Disclosure: Suspicious Comments</li>
<li>Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)</li>
<li>Timestamp Disclosure</li>
<li>Username Hash Found</li>
<li>X-AspNet-Version Response Header Scanner</li>
<li>X-Debug-Token Information Leak</li>
</ul>
</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesBeta-v21/pscanrulesBeta-beta-21.zap
SHA-256:a0cabf74e3c4242cab8332b7b95b357ee522a501fcc76b8cbb0683db9d4f74ca
2019-12-16
745147
2.7.0
quickstart
Quick Start
Provides a tab which allows you to quickly test a target application
ZAP Dev Team
26
quickstart-release-26.zap
release
<ul>
<li>Improve outgoing proxy failure error message (Issue 5304).</li>
<li>Introduce News panel and use default quick start page</li>
<li>Dont make news request if -silent option used</li>
<li>Allow to use headless browsers in automated scans, use Firefox headless by default (Issue 3866).</li>
<li>Depend on newer version of Selenium add-on.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/quickstart-v26/quickstart-release-26.zap
SHA-256:126c17df032ef284296b8090e236af509de07c7ad93b7171c89e3ac9b4157119
2019-06-07
536925
2.7.0
regextester
Regular Expression Tester
Allows to test Regular Expressions
ZAP Dev Team
1
regextester-alpha-1.zap
alpha
<ul>
<li>Initial Release.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/regextester-v1/regextester-alpha-1.zap
SHA-256:433618046ca07eb3d45ee87f065790c1617921f5997943bafa4c8939a85e784f
2019-06-20
21420
2.8.0
replacer
Replacer
Easy way to replace strings in requests and responses.
ZAP Dev Team
7
replacer-beta-7.zap
beta
Maintenance changes.<br>
API, Replacement String should not be mandatory (Issue 5080).
https://github.com/zaproxy/zap-extensions/releases/download/2.7/replacer-beta-7.zap
SHA1:dee532142002197f392e8a40205bdcc3572c5c20
2018-10-26
330734
2.7.0
requester
Requester
Request numbered panel.
Surikato
3
requester-alpha-3.zap
alpha
Maintenance changes.<br>
Change default accelerator for Requester tab.<br>
Dynamically unload the add-on.<br>
Ensure use of title caps (Issue 2000).<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/requester-alpha-3.zap
SHA1:bd78559ccd89a94c2f0bc32dc09877a2b83b857e
2018-10-15
58164
2.7.0
reveal
Reveal
Show hidden fields and enable disabled fields
ZAP Dev Team
2
reveal-release-2.zap
release
Code changes and API documentation.
https://github.com/zaproxy/zap-extensions/releases/download/2.7/reveal-release-2.zap
SHA1:caec390697cdc2c82945371e80901af05cc2bfbc
2017-11-27
230262
2.4.0
revisit
Revisit
Revisit a site at any time in the past using the session history
ZAP Dev Team
3
revisit-alpha-3.zap
alpha
Code changes for Java 9 (Issue 2602).<br>
Updated for 2.7.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/revisit-alpha-3.zap
SHA1:23655efe51113e48b8e2ff8bbe7e41a33235ff55
2017-11-28
289297
2.7.0
saml
SAML Extension
Detect, Show, Edit, Fuzz SAML requests
ZAP Dev Team
8
saml-alpha-8.zap
alpha
<ul>
<li>Update minimum ZAP version to 2.5.0.</li>
<li>Compressed SAMLMessage is not required</li>
<li>Possibility to disable compression when sending</li>
<li>Added SAML Passive Scanner</li>
<li>Dynamically unload the add-on.</li>
<li>Fix exception with Java 9+ (Issue 5032).</li>
<li>Replaced joda.time.datetime with java.time.localtime (Java8).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/saml-v8/saml-alpha-8.zap
SHA-256:5ac0f8d19ab7b4b7399496a3f7250177e2183c1fc3f622655ea9191c3f697dc7
2019-08-30
1720102
2.5.0
saverawmessage
Save Raw Message
Allows to save content of HTTP messages as binary
ZAP Dev Team
4
saverawmessage-release-4.zap
release
Updated for 2.7.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/saverawmessage-release-4.zap
SHA1:df600792159042a452e3e9215d9b89b21417bf88
2017-11-27
27756
2.7.0
savexmlmessage
Save XML Message
Allows to save content of HTTP messages as XML
thatsn0tmysite
0.0.1
savexmlmessage-alpha-0.0.1.zap
alpha
Initial release.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/savexmlmessage-alpha-0.0.1.zap
SHA1:5a819610819e4edc227df5da4dac3c886f2b2d29
2018-05-30
12873
2.7.0
scripts
Script Console
Supports all JSR 223 scripting languages
ZAP Dev Team
25
scripts-beta-25.zap
beta
<ul>
<li>Fix typo in help page.</li>
<li>Execute Targeted scripts in other thread than GUI thread.</li>
<li>Clear highlighting syntax when a non-script node is selected.</li>
<li>Warn of script changed by another program (post 2.7.0).</li>
<li>Script console is disabled if script size > 1MB and highlight behavior is disabled if script size > 0.5MB.</li>
<li>Allow to select the file path in the Edit Script dialogue.</li>
<li>Allow to add selection listener to Scripts tree.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/scripts-v25/scripts-beta-25.zap
SHA-256:67a55ad0e76b3c28968d01bedf1ae763b3a245977669fe7b767e8af36793c0f5
https://github.com/zaproxy/zaproxy/wiki/ScriptConsole
2019-06-07
660681
2.7.0
selenium
Selenium
WebDriver provider and includes HtmlUnit browser
ZAP Dev Team
15.0.0
selenium-release-15.0.0.zap
release
<ul>
<li>Remove support for Internet Explorer, does not support required capabilities.</li>
<li>Quit corresponding WebDrivers when removing WebDriver provider.</li>
<li>Enable ServiceWorker on launched Firefox browsers.</li>
<li>Ensure "localhost" is proxied through ZAP on Firefox >= 67.</li>
<li>Allow to start Chrome and Firefox in headless mode (Issue 3866).</li>
<li>Start using Semantic Versioning.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.0.0/selenium-release-15.0.0.zap
SHA-256:f5e9604362bfbeee017cc83efd7c71d0621a4b6ff6fd6e8cfda043eb78231edf
2019-06-07
22633303
2.7.0
sequence
Sequence
Gives the possibility of defining a sequence of requests to be scanned.
ZAP Dev Team
5
sequence-alpha-5.zap
alpha
Updated for 2.7.0.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/sequence-alpha-5.zap
SHA1:24c62a7d59bec5035acc649bb0970de09fa05a4b
2017-11-28
1511222
2.7.0
zest
spiderAjax
Ajax Spider
Allows you to spider sites that make heavy use of JavaScript using Crawljax
ZAP Dev Team
23.0.0
spiderAjax-release-23.0.0.zap
release
<ul>
<li>Correct WebDriver requester ID.</li>
<li>Remove unused resource messages.</li>
<li>Generate start and stop events.</li>
<li>Run with Firefox headless by default (Issue 3866).</li>
<li>Depend on newer version of Selenium add-on.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/spiderAjax-v23.0.0/spiderAjax-release-23.0.0.zap
SHA-256:edea00848f51863373351538722d2501bc26950eff5231f704323d00cfa364cf
https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsSpiderAjaxConcepts
2019-06-07
2492718
2.8.0
selenium
15.*
sqliplugin
Advanced SQLInjection Scanner
An advanced active injection bundle for SQLi (derived by SQLMap)
Andrea Pompili (Yhawke)
13
sqliplugin-beta-13.zap
beta
<ul>
<li>Update minimum ZAP version to 2.5.0.</li>
<li>Bundle JDOM library instead of relying on core.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/sqliplugin-v13/sqliplugin-beta-13.zap
SHA-256:caaf8a25330c4532f6d3ab33722b77e8389614876c721885382fb413802ee75f
2019-06-07
277848
2.5.0
sse
Server-Sent Events
Allows you to view Server-Sent Events (SSE) communication.
ZAP Dev Team
9
sse-alpha-9.zap
alpha
https://github.com/zaproxy/zap-extensions/releases/download/2.7/sse-alpha-9.zap
SHA1:d5cbc991befbf002b171b23419d26623ab93ef73
2017-11-28
333669
2.4.0
svndigger
SVN Digger files
SVN Digger files which can be used with ZAP forced browsing
ZAP Dev Team
3
svndigger-beta-3.zap
beta
Updated for ZAP 2.4
https://github.com/zaproxy/zap-extensions/releases/download/2.7/svndigger-beta-3.zap
SHA1:8c7187180ed48466d6829e39469cc3d0915b1cbf
http://www.mavitunasecurity.com/blog/svn-digger-better-lists-for-forced-browsing/
2017-11-27
615459
2.4.0
tips
Tips and Tricks
Display ZAP Tips and Tricks
ZAP Dev Team
6
tips-beta-6.zap
beta
<ul>
<li>Updated for 2.8.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/tips-v6/tips-beta-6.zap
SHA-256:4ca971fcd65968b15cdc289819f5c1c9671ff6a19550caa29f1e2013e9ea9833
2019-06-07
559664
2.7.0
tlsdebug
TLS Debug
Provides a tab which allows to quickly debug a TLS/SSL connection
P.M.J. Roth
3
tlsdebug-alpha-3.zap
alpha
Update minimum ZAP version to 2.5.0.<br>
Change default accelerator for TLS Debug tab.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/tlsdebug-alpha-3.zap
SHA1:1cbbbeca9e1681c968cddf612c7938c0dd6e1181
2018-10-15
244231
2.5.0
tokengen
Token Generation and Analysis
Allows you to generate and analyze pseudo random tokens, such as those used for session handling or CSRF protection
ZAP Dev Team
13
tokengen-beta-13.zap
beta
<ul>
<li>Maintenance changes.</li>
<li>Address problem from v12 where analysis dialog wasn't being shown after collection (this was due to a build issue).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/tokengen-v13/tokengen-beta-13.zap
SHA-256:d5bcf7649ccf5c88fcf5a7104990986d08b94eedfcd2d4d3b178d5945d5827df
2019-07-15
479372
2.6.0
treetools
TreeTools
Tools to add functionality to the tree view.
Carl Sampson
7
treetools-beta-7.zap
beta
Code changes for Java 9 (Issue 2602)
https://github.com/zaproxy/zap-extensions/releases/download/2.7/treetools-beta-7.zap
SHA1:38fbc4d4e22c0da73a4048522d250fa4ac89bdab
2017-11-27
18821
2.4.0
viewstate
ViewState
ASP/JSF ViewState Decoder and Editor
Calum Hutton
1
viewstate-alpha-1.zap
alpha
https://github.com/zaproxy/zap-extensions/releases/download/2.7/viewstate-alpha-1.zap
SHA1:08cd32915a3b5a70c227b7b423f7d605b3603516
2017-11-28
43907
2.4.0
wappalyzer
Wappalyzer - Technology Detection
Technology detection using Wappalyzer: wappalyzer.com
ZAP Dev Team
15
wappalyzer-alpha-15.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update patterns and icons as of AliasIO/wappalyzer@98814a0 (release 5.8.5+).</li>
<li>Support for CPE information (as a table column in the GUI, and element in the new API output [as applicable]).</li>
<li>Allow multi-select of rows to facilitate copy/paste, only show context menu if a single row is selected.</li>
</ul>
<h3>Added</h3>
<ul>
<li>Export button.</li>
<li>API with three views:
<ul>
<li>listSites: Lists the sites that there are application (technology) details for [similar to the host:port drop down menu in the GUI].</li>
<li>listAll: Lists all sites and their associated applications (technologies).</li>
<li>listSite: Lists all the applications (technologies) for a given site [host:port] identifier.</li>
</ul>
</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/wappalyzer-v15/wappalyzer-alpha-15.zap
SHA-256:4fbe894763cd8f8f8806e860029ec51dc8bef5fafc91a19740f622cf289bf630
2019-12-20
2478296
2.7.0
webdriverlinux
Linux WebDrivers
Linux WebDrivers for Firefox and Chrome.
ZAP Dev Team
15
webdriverlinux-release-15.zap
release
<h3>Fixed</h3>
<ul>
<li>Bundle correct geckodriver binary for respective architecture (Issue 5763).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/webdriverlinux-v15/webdriverlinux-release-15.zap
SHA-256:480829bd344e769955b454a03d33b4317d2ae170fe8cd4e80551d5fcd377bd50
2019-12-16
9624234
2.5.0
webdrivermacos
MacOS WebDrivers
MacOS WebDrivers for Firefox and Chrome.
ZAP Dev Team
14
webdrivermacos-release-14.zap
release
<h3>Changed</h3>
<ul>
<li>Update ChromeDriver to v79.0.3945.36.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/webdrivermacos-v14/webdrivermacos-release-14.zap
SHA-256:30563f7d6d8cd7c5af4d211ebc6c9cc56c409d6f0c0051a0b63fdcf46bba8511
2019-12-12
8940634
2.5.0
webdriverwindows
Windows WebDrivers
Windows WebDrivers for Firefox and Chrome.
ZAP Dev Team
15
webdriverwindows-release-15.zap
release
<h3>Fixed</h3>
<ul>
<li>Bundle correct geckodriver binary for respective architecture (Issue 5763).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/webdriverwindows-v15/webdriverwindows-release-15.zap
SHA-256:136424e29d46f6ab5bb4e2a46e0b880990abefd4e2886a75aa96b45959d357d5
2019-12-16
7260195
2.5.0
websocket
WebSockets
Allows you to inspect WebSocket communication.
ZAP Dev Team
20
websocket-release-20.zap
release
<ul>
<li>Add WebSocket passive scan infrastructure.
<ul>
<li>Add WebSocket Passive scan script plugin.
<ul>
<li>Template scripts for:
<ul>
<li>Python</li>
<li>Javascript</li>
</ul>
</li>
<li>Default scripts for (loaded and enabled by default):
<ul>
<li>Base64 disclosure</li>
<li>Email disclosure</li>
<li>Error Application disclosure</li>
<li>Private IP disclosure</li>
<li>Credit Card disclosure</li>
<li>Username disclosure</li>
<li>Debug Error disclosure</li>
<li>Suspicious XML Comments disclosure</li>
</ul>
</li>
<li>Help content for the default scripts.</li>
</ul>
</li>
</ul>
</li>
<li>Add stats for websocket frames sent and time taken for passive scanning.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/websocket-v20/websocket-release-20.zap
SHA-256:52ada19fe710d5bb4bfdf288448117db38f1315b71aa0df19e1975bd69daaa46
2019-07-23
1010734
2.8.0
zest
Zest - Graphical Security Scripting Language
A graphical security scripting language, ZAPs macro language on steroids
ZAP Dev Team
30
zest-beta-30.zap
beta
<h3>Added</h3>
<ul>
<li>Allow to set, remove, and get global variables (Issue 3512), using the context menus:
<ul>
<li><code>Add Zest Action</code> > <code>Action - Global Variable - Set</code></li>
<li><code>Add Zest Action</code> > <code>Action - Global Variable - Remove</code></li>
<li><code>Add Zest Assignment</code> > <code>Assign variable to Global Variable</code></li>
</ul>
</li>
<li>Allow to start browsers (e.g. Chrome, Firefox) headless, enabled by default (Related to Issue 3866).</li>
<li>Add new assignment which can filter the parsed DOM by element or attributes and select the content
of an element or the value of an attribute.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update Zest library to 0.14.0 (Issue 4797). Refer to its <a href="https://github.com/mozilla/zest/blob/0.14.0/CHANGELOG.md#changelog">CHANGELOG</a> for full set of changes.</li>
<li>Send sequence messages with ZAP so that they make use of ZAP features e.g. authentication, HTTP
Sender scripts. (Issue 5590)</li>
<li>Set timestamp from/to Zest requests.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Send PUT request with its body (Issue 4337).</li>
<li>Launch browsers with capability <code>acceptInsecureCerts</code> set to true (Issue 4870).</li>
<li>Proxy localhost with Chrome 72+ and Firefox 67+.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/zest-v30/zest-beta-30.zap
SHA-256:6c90611f14afe1a126425b14e5a209cd4686c213b6e34b069fa9a02573ac86e2
https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsZestZest
2019-12-06
13598640
2.7.0
selenium
15.*