2.14.0 D-2021-10-18 https://github.com/zaproxy/zaproxy/releases/download/w2021-10-18/ZAP_WEEKLY_D-2021-10-18.zip ZAP_WEEKLY_D-2021-10-18.zip SHA-256:9d4bcb12e47293f3cbc4c32285b8469e620f092bb2519e65e12e5e528a25a8ad 188556676 https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2_14_0_windows-x32.exe ZAP_2_14_0_windows-x32.exe SHA-256:5dae52e27da12fba5115e40ebc0cd2da24f6d9ba91608a7b0b7b254984a0b798 220967424 https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2_14_0_windows.exe ZAP_2_14_0_windows.exe SHA-256:df49ffbd14cf82cde5ac06902615e40cbfce1576f866436366708c0845eb9ec6 221097472 https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2.14.0_Linux.tar.gz ZAP_2.14.0_Linux.tar.gz SHA-256:219d7f25bbe25247713805ab02cc12279898c870743c1aae3c2b0b1882191960 215142045 https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2.14.0.dmg ZAP_2.14.0.dmg SHA-256:3b9862a647b1c5c26d6917f2316113dfaceac06bdb79ad3f2c96e0cbd73861f7 244671708 Bug fix and enhancement release. https://www.zaproxy.org/docs/desktop/releases/2.14.0/ accessControl Access Control Testing Adds a set of tools for testing access control in web applications. ZAP Dev Team 6 accessControl-alpha-6.zap alpha <h3>Added</h3> <ul> <li>Add API support.</li> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.9.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/accessControl-v6/accessControl-alpha-6.zap SHA-256:34143426d045bff319138d9012b50383e84989a36e17d15e145ed77fb3931165 https://www.zaproxy.org/docs/desktop/addons/access-control-testing/ https://github.com/zaproxy/zap-extensions/ 2020-10-06 545530 2.9.0 alertFilters Alert Filters Allows you to automate the changing of alert risk levels. ZAP Dev Team 10 alertFilters-release-10.zap release <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/alertFilters-v10/alertFilters-release-10.zap SHA-256:b49fb21e407694ecc52b9202fa53a0edc02b122b253b97b3308e24bcb9df0ab6 https://www.zaproxy.org/docs/desktop/addons/alert-filters/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 320054 2.7.0 alertReport Report alert generator Allows you to generate reports for alerts you specify in pdf or odt format Talsoft SRL 14 alertReport-beta-14.zap beta Fix an exception while generating the report (Issue 1612).<br> Include Alert's evidence in report of ODT format. https://github.com/zaproxy/zap-extensions/releases/download/2.7/alertReport-beta-14.zap SHA1:4e9456325fd921f7b403fa780f703c91cdf61bdd https://www.zaproxy.org/docs/desktop/addons/report-alert-generator/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 9722880 2.4.0 allinonenotes All In One Notes A simple extension to view all notes in one pane. David Vassallo 1 allinonenotes-alpha-1.zap alpha <ul> <li>First version.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/allinonenotes-v1/allinonenotes-alpha-1.zap SHA-256:3862c6b56214092fa1e50b408addcf21fddb88bcbaf756c6d08e5118c12c9ba4 https://www.zaproxy.org/docs/desktop/addons/all-in-one-notes/ https://github.com/zaproxy/zap-extensions/ 2019-06-18 19614 2.8.0 amf AMF Adds support for AMF messages ZAP Dev Team 2 amf-alpha-2.zap alpha Deserialise the AMF request. https://github.com/zaproxy/zap-extensions/releases/download/2.7/amf-alpha-2.zap SHA1:d73da69a1a8c40a881f545aea7bcfc28ee125467 https://www.zaproxy.org/docs/desktop/addons/amf-support/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 813490 2.4.0 ascanrules Active scanner rules The release quality Active Scanner rules ZAP Dev Team 37 ascanrules-release-37.zap release <h3>Changed</h3> <ul> <li>Maintenance changes.</li> </ul> <h3>Fixed</h3> <ul> <li>Terminology</li> </ul> <h3>Added</h3> <ul> <li>The following scan rules were promoted to Beta: ELMAH Information Leak, .htaccess Information Leak (Issue 6211).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v37/ascanrules-release-37.zap SHA-256:0d96697e21a4d8a6e0a9b323b7dce94f1160645746ee408ee065ecc028fa92ee https://www.zaproxy.org/docs/desktop/addons/active-scan-rules/ https://github.com/zaproxy/zap-extensions/ 2020-11-27 2406450 2.9.0 commonlib ascanrulesAlpha Active scanner rules (alpha) The alpha quality Active Scanner rules ZAP Dev Team 30 ascanrulesAlpha-alpha-30.zap alpha <h3>Changed</h3> <ul> <li>'Hidden File Finder' ensure that test requests are appropriately rebuilt for this scan rule (Issue 6129).</li> <li>Maintenance changes.</li> </ul> <h3>Fixed</h3> <ul> <li>Terminology.</li> <li>SocketTimeoutException in the LDAP Injection scan rule.</li> </ul> <h3>Removed</h3> <ul> <li>The following scan rules were removed and promoted to Beta: Cloud Meta Data, .env File, Hidden Files, XSLT Injection (Issue 6211).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesAlpha-v30/ascanrulesAlpha-alpha-30.zap SHA-256:2333752918a991c91dfc9ecd925fa1dcdc0d3207c873f32b3877707dbcb01125 https://www.zaproxy.org/docs/desktop/addons/active-scan-rules-alpha/ https://github.com/zaproxy/zap-extensions/ 2020-11-27 1207766 2.9.0 commonlib ascanrulesBeta Active scanner rules (beta) The beta quality Active Scanner rules ZAP Dev Team 32 ascanrulesBeta-beta-32.zap beta <h3>Changed</h3> <ul> <li>XML External Entity Attack scan rule changed to parse response body irrespective of the HTTP response status code. (Issue 6203)</li> <li>XML External Entity Attack scan rule changed to skip only Remote File Inclusion Attack when Callback extension is not available.</li> <li>Maintenance changes.</li> <li>The Relative Path Confusion scan rule no longer treats 'href=&quot;#&quot;' as a problematic use.</li> </ul> <h3>Fixed</h3> <ul> <li>Terminology.</li> <li>Correct reason shown when the XML External Entity Attack scan rule is skipped.</li> <li>SocketTimeoutException in the Proxy Disclosure scan rule.</li> </ul> <h3>Added</h3> <ul> <li>The following scan rules were promoted to Beta: Cloud Meta Data, .env File, Hidden Files, XSLT Injection (Issue 6211).</li> </ul> <h3>Removed</h3> <ul> <li>The following scan rules were removed and promoted to Release: ELMAH Information Leak, .htaccess Information Leak (Issue 6211).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v32/ascanrulesBeta-beta-32.zap SHA-256:d4514e91c9e61481fce029b5a01f00606dbb451062bb50380382df5d81dab6e7 https://www.zaproxy.org/docs/desktop/addons/active-scan-rules-beta/ https://github.com/zaproxy/zap-extensions/ 2020-11-27 1556720 2.9.0 commonlib attacksurfacedetector Attack Surface Detector The Attack Surface Detector analyzes web application source code to generate endpoints that can be used for penetration testing. Secure Decisions (Matthew DeLetto) 1.1.4 attacksurfacedetector-alpha-1.1.4.zap alpha Various incremental changes (see https://github.com/secdec/attack-surface-detector-zap/releases)<br> Fix un-handled exception when target unavailable & address various "house keeping" tasks.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/attacksurfacedetector-alpha-1.1.4.zap SHA1:e21758c2cdcbc7806f44cc986a88360457eff82e https://github.com/secdec/attack-surface-detector-zap/wiki https://github.com/secdec/attack-surface-detector-zap/ 2019-03-07 15604948 2.7.0 authstats Authentication Statistics Records logged in/out statistics for all contexts in scope. ZAP Core Team 1 authstats-alpha-1.zap alpha First version<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/authstats-alpha-1.zap SHA1:7191fd7491564eed5186df3567ee4002ce42b25a https://www.zaproxy.org/docs/desktop/addons/authentication-statistics/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 238686 2.5.0 beanshell BeanShell Console Provides a BeanShell Console ZAP Dev Team 6 beanshell-beta-6.zap beta Minor code changes. https://github.com/zaproxy/zap-extensions/releases/download/2.7/beanshell-beta-6.zap SHA1:9546aad4694ef047822bc17d3d9f532d3aa162b8 https://www.zaproxy.org/docs/desktop/addons/bean-shell/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 574028 2.4.0 browserView Browser View Adds an option to render HTML responses like a browser ZAP Dev Team 5 browserView-alpha-5.zap alpha Allow to properly scroll the rendered page. https://github.com/zaproxy/zap-extensions/releases/download/2.7/browserView-alpha-5.zap SHA1:0aaf81863ad1011136416b49a05eba3d8b262a02 https://www.zaproxy.org/docs/desktop/addons/browser-view/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 193880 2.4.0 bruteforce Forced Browse Forced browsing of files and directories using code from the OWASP DirBuster tool ZAP Dev Team 9 bruteforce-beta-9.zap beta <h3>Changed</h3> <ul> <li>Now targets ZAP 2.8.0.</li> <li>Fix un-handled exception when base request doesn't end in a slash (Issue 5435).</li> <li>Split up the functionality from the desktop UI and provide external access (Issue 2848)</li> <li>Updated addon to use log4j instead of stdout (Issue 5530)</li> <li>Log exceptions instead of printing to stderr (Issue 5564).</li> <li>Address UI hang.</li> </ul> <h3>Added</h3> <ul> <li>Table export button.</li> <li>Add info and repo URLs.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/bruteforce-v9/bruteforce-beta-9.zap SHA-256:67a3035c99059df14610dcaee19f6ddd7822e133e030f501d4d3dba5c3faaa3f https://www.zaproxy.org/docs/desktop/addons/forced-browse/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 519253 2.8.0 bugtracker Bug Tracker Bug Tracker extension. ZAP Dev Team 2 bugtracker-alpha-2.zap alpha Added help for the add-on https://github.com/zaproxy/zap-extensions/releases/download/2.7/bugtracker-alpha-2.zap SHA1:8990bb1dec45749982a9cad93a7437a9281b40aa https://www.zaproxy.org/docs/desktop/addons/bug-tracker/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 2002624 2.5.0 callgraph Call Graph Allows the user to view a call graph of the selected resources Colm O'Flaherty 4 callgraph-alpha-4.zap alpha Finish internationalisation.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/callgraph-alpha-4.zap SHA1:4edaa3f624517ebf6a52b9f84e2209d8839429bb https://www.zaproxy.org/docs/desktop/addons/call-graph/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 1160586 2.4.0 codedx Code Dx Extension Includes request and response data in XML reports and provides the ability to upload reports directly to a Code Dx server Code Dx, Inc. 8 codedx-alpha-8.zap alpha <ul> <li>Make fixes to the report generation process to handle encoding the same as other ZAP reports</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/codedx-v8/codedx-alpha-8.zap SHA-256:a0f90a41eb1e9fc50c87a00d78e19957e083c933ec35a84f4f9be062b1d510ae https://www.zaproxy.org/docs/desktop/addons/code-dx/ https://github.com/zaproxy/zap-extensions/ https://www.codedx.com/ 2019-08-23 1740991 2.5.0 commonlib Common Library A common library, for use by other add-ons. ZAP Dev Team 1.1.0 commonlib-release-1.1.0.zap release <h3>Changed</h3> <ul> <li>AbstractAppFilePlugin &gt; don't raise issues for responses other than 200 - Ok unless at LOW threshold (Issue 6077). This will make the following Alpha and Beta active scan rules slightly less False Positive prone: <ul> <li>Trace.axd, .env File, .htaccess file</li> </ul> </li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.1.0/commonlib-release-1.1.0.zap SHA-256:6ae8ce3c51b425f48822a146fe0e5933f559f2343aefe7b078b0c8c7eb254542 https://github.com/zaproxy/zap-extensions/ 2020-08-04 3827153 2.9.0 communityScripts Community Scripts Useful ZAP scripts written by the ZAP community. ZAP Community 9 communityScripts-alpha-9.zap alpha <h3>Added</h3> <ul> <li>Add repo URL, shown in the marketplace and Manage Add-ons dialogue.</li> <li>active/cve-2019-5418.js &gt; An active scanner for Ruby on Rails Accept header content disclosure issue.</li> <li>active/JWT None Exploit.js &gt; Checks if the application's JWT implementation allows the usage of the 'none' algorithm.</li> <li>authentication/DjangoAuthentication.js &gt; Django authentication script.</li> <li>authentication/GetsWithRedirectThenPost.js &gt; An authentication script that follows GET redirects and then submits a POST with the authentication credentials.</li> <li>extender/Simple Reverse Proxy.js &gt; Adds a simple reverse proxy.</li> <li>extender/ZAP onEvent Handler.js &gt; An example for how to listen for internal ZAP events.</li> <li>httpsender/add-extra-headers.js &gt; Adds encountered 'extra' headers to all requests.</li> <li>httpsender/aws-signing-for-owasp-zap.py &gt; Signs requests to AWS.</li> <li>httpsender/fingerprinter.js &gt; Logs MD5s of responses.</li> <li>httpsender/greenbone-maintain-auth.js &gt; An auth helper script for OpenVAS Greenbone web interface.</li> <li>httpsender/inject-xss.js &gt; Injects XSS payloads into JSON responses.</li> <li>httpsender/juice-shop-maintain-auth.js &gt; An auth helper script for OWASP JuiceShop.</li> <li>httpsender/keep-cookies-going.js &gt; An auth helper script.</li> <li>httpsender/maintain-jwt.js &gt; Tracks JWTs and updates Authorization bearer headers.</li> <li>passive/Find IBANs.js &gt; Finds IBANs in HTTP response bodies.</li> <li>passive/HUNT.py &gt; Merge of existing HUNT scripts.</li> <li>proxy/Drop requests by response code.js &gt; Drops requests that have a given response code.</li> <li>standalone/scan_rule_list.js &gt; Lists details from both active and passive scan rules.</li> <li>standalone/Split download extract.rb &gt; Concatenates split file downloads.</li> </ul> <h3>Changed</h3> <ul> <li>Change info URL to link to the online help page.</li> <li>Updated to target ZAP 2.9</li> </ul> <h3>Removed</h3> <ul> <li>The following scripts were merged into a new script <code>HUNT.py</code>: <ul> <li>passive/HUNT - Debug &amp; Logic Parameters.py</li> <li>passive/HUNT - File Inclusion.py</li> <li>passive/HUNT - IDOR.py</li> <li>passive/HUNT - RCE.py</li> <li>passive/HUNT - SQLi.py</li> <li>passive/HUNT - SSRF.py</li> <li>passive/HUNT - SSTI.py</li> </ul> </li> </ul> <h3>Fixed</h3> <ul> <li>Fix links to source files in zaproxy repo.</li> </ul> https://github.com/zaproxy/community-scripts/releases/download/v9/communityScripts-alpha-9.zap SHA-256:1ac9a02333962b6989872366912adfbb60720be4f98733ecfe27087b64a0c522 https://www.zaproxy.org/docs/desktop/addons/community-scripts/ https://github.com/zaproxy/community-scripts/ 2020-01-30 402074 2.9.0 custompayloads Custom Payloads Ability to add, edit or remove payloads that are used i.e. by active scanners ZAP Core Team 0.9.0 custompayloads-alpha-0.9.0.zap alpha <ul> <li>First version.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/custompayloads-v0.9.0/custompayloads-alpha-0.9.0.zap SHA-256:ddfade1c631b4151f66825e5f3b3bd64d11e4e612e9a85042eb00a5a5bc51f9d https://www.zaproxy.org/docs/desktop/addons/custom-payloads/ https://github.com/zaproxy/zap-extensions/ 2019-10-31 45786 2.8.0 customreport CustomReport New HTML report module allows users to customize report content. Chienli Ma 5 customreport-alpha-5.zap alpha <ul> <li>Improve layout/sizing of Generate Report dialogue (Issue 5521).</li> <li>Remove unused library.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/customreport-v5/customreport-alpha-5.zap SHA-256:437af7cf0e9517ec4efd2117ce6e601228471fb4e9493b2331820344e17e8e40 https://www.zaproxy.org/docs/desktop/addons/custom-report/ https://github.com/zaproxy/zap-extensions/ 2019-08-30 262137 2.5.0 diff Diff Displays a dialog showing the differences between 2 requests or responses. It uses diffutils and diff_match_patch ZAP Dev Team 10 diff-beta-10.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/diff-v10/diff-beta-10.zap SHA-256:49f3637cc752b588be6dea182ecf362007e37d70976fd0dadff61925ae0dfd7b https://www.zaproxy.org/docs/desktop/addons/diff/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 280367 2.7.0 directorylistv1 Directory List v1.0 List of directory names to be used with Forced Browse or Fuzzer add-on. ZAP Dev Team 4 directorylistv1-release-4.zap release <h3>Added</h3> <ul> <li>Add help.</li> <li>Add repo URL.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.5.0.</li> <li>Change info URL to link to the site.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/directorylistv1-v4/directorylistv1-release-4.zap SHA-256:37581b311526009a8c7f070c1b843c6798c81a90856b04e9b63fb35001ef1317 https://www.zaproxy.org/docs/desktop/addons/directory-list-v1.0/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 850997 2.5.0 directorylistv2_3 Directory List v2.3 Lists of directory names to be used with "Forced Browse" add-on. ZAP Dev Team 3 directorylistv2_3-release-3.zap release Removed repeated files.<br> Added strings for version control directories of Git, Mercurial, SVN, Bazaar.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/directorylistv2_3-release-3.zap SHA1:e3b9cb6a9bae87a0dbcf73ff52f7b4406486d5c0 https://www.zaproxy.org/docs/desktop/addons/directory-list-v2.3/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 8608734 2.4.0 directorylistv2_3_lc Directory List v2.3 LC Lists of lower case directory names to be used with "Forced Browse" add-on. ZAP Dev Team 3 directorylistv2_3_lc-release-3.zap release Added strings for version control directories of Git, Mercurial, SVN, Bazaar.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/directorylistv2_3_lc-release-3.zap SHA1:03a5ec11530203be6625633821ab3c05754b2daa https://www.zaproxy.org/docs/desktop/addons/directory-list-v2.3-lc/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 7454767 2.4.0 domxss DOM XSS Active scanner rule DOM XSS Active scanner rule ZAP Dev Team 9 domxss-alpha-9.zap alpha <h3>Fixed</h3> <ul> <li>Use default browser when no browser is specified in the configuration rule.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/domxss-v9/domxss-alpha-9.zap SHA-256:069505357e4b18ffa1bc47ae2ea10fd3ddd5845b5e94b3edaefee9eb2dede254 https://www.zaproxy.org/docs/desktop/addons/dom-xss-active-scan-rule/ https://github.com/zaproxy/zap-extensions/ 2019-06-12 213767 2.7.0 selenium 15.* encoder Encoder Adds encode/decode/hash dialog and support for scripted processors as well ZAP Dev Team 0.3.0 encoder-alpha-0.3.0.zap alpha <h3>Added</h3> <ul> <li>rot13.js example script.</li> <li>SHA256 predefined processor.</li> <li>Full URL Encode predefined processor (Issue 6171).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/encoder-v0.3.0/encoder-alpha-0.3.0.zap SHA-256:cdfa776b7e62ce0f2e1cb3e9c37d74e6b0cb4e85beb9abae85da5d7342365260 https://github.com/zaproxy/zap-extensions/ 2020-09-14 79669 2.9.0 exportreport Export Report Report Export module that allows users to customize content and export in a desired format. Goran Sarenkapa - JordanGS 6 exportreport-alpha-6.zap alpha <ul> <li>Remove API when uninstalling.</li> <li>Fix exception with Java 9+ (Issue 4214).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/exportreport-v6/exportreport-alpha-6.zap SHA-256:18bcc0f55e0584489abce42bfc93db44ab370153b137c8322099879a046f2b14 https://www.zaproxy.org/docs/desktop/addons/export-report/ https://github.com/zaproxy/zap-extensions/ 2019-06-24 8224348 2.7.0 formhandler Form Handler This Form Handler Add-on allows a user to define field names and values to be used in a form's fields. Fields can be added, modified, enabled, and deleted for use in form fields. ZAP Dev Team 2 formhandler-alpha-2.zap alpha Add context menu to params panel. https://github.com/zaproxy/zap-extensions/releases/download/2.7/formhandler-alpha-2.zap SHA1:d7057d5b93bdd8f356a9814f30269b336c38c612 https://www.zaproxy.org/docs/desktop/addons/form-handler/ https://github.com/zaproxy/zap-extensions/ 2018-10-26 2200662 2.6.0 fuzz Fuzzer Advanced fuzzer for manual testing ZAP Dev Team 13.0.1 fuzz-beta-13.0.1.zap beta <h3>Fixed</h3> <ul> <li>Fix exception when saving the options with no default category selected (Issue 6136).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/fuzz-v13.0.1/fuzz-beta-13.0.1.zap SHA-256:a58e79c08ccbf5bc9be9ebf465ec82935da7324b18cca6c26eded966c838610d https://www.zaproxy.org/docs/desktop/addons/fuzzer/ https://github.com/zaproxy/zap-extensions/ 2020-09-08 1951108 2.9.0 fuzzdb FuzzDB Files FuzzDB files which can be used with the ZAP fuzzer ZAP Dev Team 7 fuzzdb-release-7.zap release <h3>Removed</h3> <ul> <li>Removed 'attack' sub-folder and content, all of which is being migrated to the 'FuzzDB Offensive' add-on due to AV triggers (Issue 5972).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/fuzzdb-v7/fuzzdb-release-7.zap SHA-256:7396a6f5db1e535d1fadf6bc2e88bf29240ceeacad9c7324c561ab0a7dcd9242 https://www.zaproxy.org/docs/desktop/addons/fuzzdb-files/ https://github.com/zaproxy/zap-extensions/ 2020-06-30 5923666 2.9.0 fuzzdboffensive FuzzDB Offensive FuzzDB web backdoors and attack files which can be used with the ZAP fuzzer or for manual penetration testing ZAP Dev Team 3 fuzzdboffensive-release-3.zap release <h3>Changed</h3> <ul> <li>Do not set the background colour of the help page.</li> <li>Migrated 'attack' directory and components from main FuzzDB add-on, due to anti-virus considerations (Issue 5972).</li> <li>Updated from upstream.</li> </ul> https://github.com/zaproxy/fuzzdb-offensive/releases/download/v3/fuzzdboffensive-release-3.zap SHA-256:99931859116f58fa7399eb136c157863b13041ce4d6a961a95b64d765438118d https://www.zaproxy.org/docs/desktop/addons/fuzzdb-offensive/ https://github.com/zaproxy/fuzzdb-offensive/ 2020-06-30 414470 2.9.0 gettingStarted Getting Started with ZAP Guide A short Getting Started with ZAP Guide ZAP Dev Team 11 gettingStarted-release-11.zap release <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Updated for 2.9.0</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/gettingStarted-v11/gettingStarted-release-11.zap SHA-256:83aad2a4df5f525db8acb620b3b39671cc97be6c8f3149d8b3807d4940f523cf https://www.zaproxy.org/docs/desktop/addons/getting-started-guide/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 703559 2.9.0 graaljs GraalVM JavaScript Provides the GraalVM JavaScript engine for ZAP scripting. ZAP Dev Team 0.1.0 graaljs-alpha-0.1.0.zap alpha <p>First version.</p> https://github.com/zaproxy/zap-extensions/releases/download/graaljs-v0.1.0/graaljs-alpha-0.1.0.zap SHA-256:0c4f7dd20388e4008e978ec25307dda57b3685dffae8e7288d8364d26a93ab7f https://github.com/zaproxy/zap-extensions/ 2020-11-17 19632933 2.9.0 graphql GraphQL Support Inspect and attack GraphQL endpoints. ZAP Dev Team 0.2.0 graphql-alpha-0.2.0.zap alpha <h3>Changed</h3> <ul> <li>Enhanced Support for Script Input Vectors.</li> <li>Options are now exposed through the API.</li> <li>Optional Arguments are enabled by default.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix clashes in variable names. See <a href="https://github.com/zaproxy/zap-extensions/pull/2550">PR#2550</a> for details.</li> <li>Fix a bug where the &quot;GraphQL Support.js&quot; script was enabled when ZAP was restarted even if it had been disabled and saved before.</li> <li>Fix a bug where sites tree entries were not showing parameters because of the script.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/graphql-v0.2.0/graphql-alpha-0.2.0.zap SHA-256:229a76b4e916aa5a226bb858a64a72368b22d04c707b765f6653a9f2113f5627 https://www.zaproxy.org/docs/desktop/addons/graphql-support/ https://github.com/zaproxy/zap-extensions/ 2020-11-19 2206546 2.9.0 groovy Groovy Scripting Allows Groovy to be used for ZAP scripting - templates included ZAP Dev Team 2 groovy-alpha-2.zap alpha Add help.<br> Added script templates.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/groovy-alpha-2.zap SHA1:7f0d54eaf987a435e941a422378c124f3fd29259 https://www.zaproxy.org/docs/desktop/addons/groovy-support/ https://github.com/zaproxy/zap-extensions/ 2018-04-19 7334399 2.7.0 help Help - English English version of the ZAP help file. ZAP Crowdin Team 10 help-release-10.zap release <ul> <li>Update for 2.9.0 release.</li> <li>Update for new website</li> </ul> https://github.com/zaproxy/zap-core-help/releases/download/help-v10/help-release-10.zap SHA-256:aaa34b8844680c07fedcd606eec9b1edd52b496004fdaefbdff2b0285601a657 https://www.zaproxy.org/docs/desktop/ https://github.com/zaproxy/zap-core-help/ 2020-01-17 756939 2.9.0 help_bs_BA Help - Bosnian Bosnian version of the ZAP help file. ZAP Crowdin Team 9 help_bs_BA-alpha-9.zap alpha Updated with the latest files from crowdin https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_bs_BA-alpha-9.zap SHA1:d33a3277e877da4734e6bf9c911c61c4e6ce2f3f 2018-02-08 747536 2.7.0 help_es_ES Help - Spanish Spanish version of the ZAP help file. ZAP Crowdin Team 9 help_es_ES-release-9.zap release Updated with the latest files from crowdin, promoted to release https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_es_ES-release-9.zap SHA1:c17a1d63de54a99feb5344ea3f07e66dcbd7d4d1 2018-02-08 810573 2.7.0 help_fil_PH Help Filipino Filipino version of the ZAP help file. ZAP Crowdin Team 2 help_fil_PH-alpha-2.zap alpha Updated with the latest files from crowdin https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_fil_PH-alpha-2.zap SHA1:76ae4fe9931d187aac7e5c4a4dd7bfbc13d262e4 2018-02-08 818996 2.7.0 help_fr_FR Help - French French version of the ZAP help file. ZAP Crowdin Team 9 help_fr_FR-alpha-9.zap alpha Updated with the latest files from crowdin https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_fr_FR-alpha-9.zap SHA1:05aa37ec86966990fa33190c65a53d1c5a6dc955 2018-02-08 752466 2.7.0 help_id_ID Help Indonesian Indonesian version of the ZAP help file. ZAP Crowdin Team 2 help_id_ID-beta-2.zap beta Updated with the latest files from crowdin https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_id_ID-beta-2.zap SHA1:7b7ba465a1eecac23781582a1f1d7dfbaef2d347 2018-02-08 775452 2.7.0 help_ja_JP Help - Japanese Japanese version of the ZAP help file. ZAP Crowdin Team 9 help_ja_JP-beta-9.zap beta Updated with the latest files from crowdin https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_ja_JP-beta-9.zap SHA1:d91450eef7e4f3ce19fa9ad9f318fb80cc337ec1 2018-02-08 774034 2.7.0 help_pt_BR Help - Portuguese, Brazilian Portuguese, Brazilian version of the ZAP help file. ZAP Crowdin Team 10 help_pt_BR-release-10.zap release Updated with the latest files from crowdin https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_pt_BR-release-10.zap SHA1:43ef048b4faff32e6ed59dfbd07174ceec71bbdb 2018-02-08 793044 2.7.0 help_tr_TR Help - Turkish Turkish version of the ZAP help file. ZAP Crowdin Team 1 help_tr_TR-release-1.zap release First version https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_tr_TR-release-1.zap SHA1:2d4c3c115e0f401c37049dd1802f413b42f88e5e 2018-02-08 815439 2.7.0 help_zh_CN Help Chinese Simplified Chinese Simplified version of the ZAP help file. ZAP Crowdin Team 2 help_zh_CN-beta-2.zap beta Updated with the latest files from crowdin https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_zh_CN-beta-2.zap SHA1:bf58e29e3813b20df90e1691e81119e4a1a2e4f2 2018-02-08 761680 2.7.0 highlighter Highlighter Allows you to highlight strings in the request and response tabs. ZAP Dev Team 7 highlighter-alpha-7.zap alpha Fix help related exception in the Highlighter panel.<br> Correct resizing of Highlighter panel.<br> Update minimum ZAP version to 2.5.0.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/highlighter-alpha-7.zap SHA1:6b3cbf8939c2dfc5eb0c6e74e407d3674048fe93 https://www.zaproxy.org/docs/desktop/addons/highlighter/ https://github.com/zaproxy/zap-extensions/ 2018-05-30 9210 2.5.0 httpsInfo HttpsInfo Displays HTTPS configuration information. ZAP Dev Team 12 httpsInfo-alpha-12.zap alpha <ul> <li>New tabbed UI.</li> <li>Update to DeepViolet 5.1.16.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/httpsInfo-v12/httpsInfo-alpha-12.zap SHA1:c9c44e815522b32f3870bae898ed4e76e9011207 https://www.zaproxy.org/docs/desktop/addons/https-info/ https://github.com/zaproxy/zap-extensions/ 2019-04-26 7690429 2.7.0 hud HUD - Heads Up Display Display information from ZAP in browser. ZAP Dev Team 0.12.0 hud-beta-0.12.0.zap beta <h3>Fixed</h3> <ul> <li>Problems with Firefox 81 due to referer header not being set cross domain. <a href="https://github.com/zaproxy/zap-hud/issues/815">#815</a></li> </ul> https://github.com/zaproxy/zap-hud/releases/download/v0.12.0/hud-beta-0.12.0.zap SHA-256:a72ba697769a4cf3232cb7e312950f16635fa9489abb7cd4faf1b39d53ff7d96 https://www.zaproxy.org/docs/desktop/addons/hud/ https://github.com/zaproxy/zap-hud/ 2020-10-15 907643 2.9.0 websocket imagelocationscanner Image Location and Privacy Scanner Image Location and Privacy Passive Scanner Jay Ball (veggiespam) and the ZAP Dev Team 2 imagelocationscanner-beta-2.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> <li>Updated to Image Location and Privacy Scanner version 1.1; merged from <a href="https://github.com/veggiespam/ImageLocationScanner">source</a></li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.9.0.</li> <li>Maintenance changes.</li> <li>Correct repository URL in about help page.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/imagelocationscanner-v2/imagelocationscanner-beta-2.zap SHA-256:80c3f7c71854fc573f376a3bb2b38f8a4ce2ee57ae1adc7bac0ebf0e75645adc https://www.zaproxy.org/docs/desktop/addons/image-location-and-privacy-scanner/ https://github.com/zaproxy/zap-extensions/ 2020-07-03 891854 2.9.0 importLogFiles Log File Importer Allows you to import log files from ModSecurity and files previously exported from ZAP ZAP Dev Team 4 importLogFiles-alpha-4.zap alpha Use API actions when importing files. https://github.com/zaproxy/zap-extensions/releases/download/2.7/importLogFiles-alpha-4.zap SHA1:81d9d50c879301d8ce40b8b39d5e1953f95ba9ab https://www.zaproxy.org/docs/desktop/addons/log-file-importer/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 152736 2.4.0 importurls Import files containing URLs Adds an option to import a file of URLs. The file must be plain text with one URL per line. ZAP Dev Team 7 importurls-beta-7.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.8.0.</li> <li>Add import menu to (new) top level Import menu instead of Tools menu.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/importurls-v7/importurls-beta-7.zap SHA-256:5f21011e2b91ccc1503a6fbec67464d597c6026893624bc52a3d1bc7c31afbf8 https://www.zaproxy.org/docs/desktop/addons/import-urls/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 235133 2.8.0 invoke Invoke Applications Invoke external applications passing context related information such as URLs and parameters ZAP Dev Team 10 invoke-beta-10.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Maintenance changes.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/invoke-v10/invoke-beta-10.zap SHA-256:67b8817a8ebd224eba16ab24f1190602b57cae328f2d051c7c8ad0fd5a3effca https://www.zaproxy.org/docs/desktop/addons/invoke-applications/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 315904 2.7.0 jruby Ruby scripting Allows Ruby to be used for ZAP scripting - templates included ZAP Dev Team 6 jruby-beta-6.zap beta Updated for 2.7.0.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/jruby-beta-6.zap SHA1:99166f0e9f4337329ae8452da032986214f1eb73 https://www.zaproxy.org/docs/desktop/addons/ruby-scripting/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 22477473 2.7.0 jsonview Json view Adds a view that shows JSON messages nicely formatted Juha Kivekäs 1 jsonview-alpha-1.zap alpha Initial release https://github.com/zaproxy/zap-extensions/releases/download/2.7/jsonview-alpha-1.zap SHA1:be9a95e39722ff42af1160a195a56c9af9e285c1 https://www.zaproxy.org/docs/desktop/addons/json-view/ https://github.com/zaproxy/zap-extensions/ 2018-02-08 10796 2.6.0 jwt JWT Support Detect JWT requests and scan them to find related vulnerabilities KSASAN preetkaran20@gmail.com 1.0.0 jwt-alpha-1.0.0.zap alpha <ul> <li>First version of JWT Support. <ul> <li>Contains scanning rules for basic JWT related vulnerabilities.</li> <li>Contains JWT Fuzzer for fuzzing the JWT's present in the request.</li> </ul> </li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/2.7/jwt-alpha-1.0.0.zap SHA-256:7431723b5735fa0eb82f848cb981b7c4c135f22996943d1d5f57ea100dff4ff7 https://github.com/SasanLabs/owasp-zap-jwt-addon/ 2020-09-03 672579 2.9.0 commonlib fuzz 13.* jython Python Scripting Allows Python to be used for ZAP scripting - templates included ZAP Dev Team 10 jython-beta-10.zap beta Correctly set path module defined in the options and address UI hang (Issue 4651).<br> Minor tweak in extender template.<br> Add default template for Script Input Vector.<br> Add help page for the options.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/jython-beta-10.zap SHA1:fedf4e6c30dfb52543d851bb668ab1c8101dd58f https://www.zaproxy.org/docs/desktop/addons/python-scripting/ https://github.com/zaproxy/zap-extensions/ 2018-05-08 41738465 2.7.0 kotlin Kotlin Support Allows Kotlin to be used for ZAP scripting StackHawk Engineering 1.0.0 kotlin-alpha-1.0.0.zap alpha <ul> <li>Kotlin scripting for the JVM</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/kotlin-v1.0.0/kotlin-alpha-1.0.0.zap SHA-256:0e86e69a41110b2f6bd901fce73cd1e0b8be81b2848f51f2e1123b73fc931f65 https://www.zaproxy.org/docs/desktop/addons/kotlin-support/ https://github.com/zaproxy/zap-extensions/ 2020-09-14 48700873 2.9.0 neonmarker Neonmarker Colors history table items based on tags Juha Kivekäs, Kingthorin 1.3.0 neonmarker-alpha-1.3.0.zap alpha <h3>Fixed</h3> <ul> <li>Fixed an exception which was occurring when the tab was shown during install.</li> <li>Fixed an exception when ZAP is used in CLI mode.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/2.7/neonmarker-alpha-1.3.0.zap SHA-256:e5b3862035342062feef8d0c906a5f0d758df0d1ad4b162c71a01d0c1357ffe4 https://www.zaproxy.org/docs/desktop/addons/neonmarker/ https://github.com/kingthorin/neonmarker 2020-09-30 26825 2.8.0 onlineMenu Online menus ZAP Online menu items ZAP Dev Team 7 onlineMenu-release-7.zap release <h3>Added</h3> <ul> <li>Add repo URL.</li> </ul> <h3>Changed</h3> <ul> <li>Maintenance changes.</li> <li>Updated to point to the new ZAP website</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/onlineMenu-v7/onlineMenu-release-7.zap SHA-256:59973f69b5173bf8c3ca37ff2692bc093cf5a23d0b9869d436b4140d4467e729 https://www.zaproxy.org/docs/desktop/addons/online-menu/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 215277 2.7.0 openapi OpenAPI Support Imports and spiders OpenAPI definitions. ZAP Dev Team plus Joanna Bona, Nathalie Bouchahine, Artur Grzesica, Mohammad Kamar, Markus Kiss, Michal Materniak, Marcin Spiewak, and SDA SE Open Industry Solutions 16 openapi-beta-16.zap beta <h3>Added</h3> <ul> <li>Map Structure support for OpenAPI v3.0 (Issue 5863).</li> <li>Using OpenAPI Example values for value generation in request bodies and urls (Issue 5168).</li> </ul> <h3>Changed</h3> <ul> <li>Improve content checks when spidering for specifications (Issue 5725).</li> <li>Update minimum ZAP version to 2.9.0.</li> <li>Maintenance changes.</li> </ul> <h3>Fixed</h3> <ul> <li>Notify all redirects followed for proper passive scanning.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/openapi-v16/openapi-beta-16.zap SHA-256:3dc1b93b5be3e642be62862dc9dadc069751454c10adc34ff1d19e13b4f1df20 https://www.zaproxy.org/docs/desktop/addons/openapi-support/ https://github.com/zaproxy/zap-extensions/ 2020-06-09 11514652 2.9.0 plugnhack Plug-n-Hack Configuration Supports the Mozilla Plug-n-Hack standard: https://developer.mozilla.org/en-US/docs/Plug-n-Hack. ZAP Dev Team 11 plugnhack-beta-11.zap beta Code changes for Java 9 (Issue 2602).<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/plugnhack-beta-11.zap SHA1:e3243495919a8d1a7f4bd69e60b7147690bb9836 https://www.zaproxy.org/docs/desktop/addons/plug-n-hack/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 722977 2.4.0 portscan Port Scanner Allows to port scan a target server ZAP Dev Team 8 portscan-beta-8.zap beta Code changes for Java 9 (Issue 2602).<br> Issue 3513: Options panel UI fixes.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/portscan-beta-8.zap SHA1:85b7377c65778d22a4c78fe1ff79b82245abc4c9 https://www.zaproxy.org/docs/desktop/addons/port-scan/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 632994 2.4.0 pscanrules Passive scanner rules The release quality Passive Scanner rules ZAP Dev Team 30 pscanrules-release-30.zap release <h3>Changed</h3> <ul> <li>The CSP scan rule now checks if the form-action directive allows wildcards.</li> <li>The CSP scan rule now includes further information in the description of allowed wildcard directives alerts when the impacted directive is one (or more) which doesn't fallback to default-src.</li> <li>Maintenance changes.</li> <li>Changed ViewState and XFrameOption rules to return example alerts for the docs.</li> <li>Handle an IllegalArgumentException that could occur in the CSP scan rule if multiple CSP headers were present and one (or more) had a report-uri directive when trying to merge them.</li> <li>Allow to ignore cookies in same site and loosely scoped scan rules.</li> <li>The Application Error scan rule will not alert on web assembly responses.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v30/pscanrules-release-30.zap SHA-256:628939b0f08d1d1641ede143cbecdf252a8dfbe4137f0004850ddaa4ff3231f6 https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules/ https://github.com/zaproxy/zap-extensions/ 2020-11-26 761620 2.9.0 commonlib pscanrulesAlpha Passive scanner rules (alpha) The alpha quality Passive Scanner rules ZAP Dev Team 29 pscanrulesAlpha-alpha-29.zap alpha <h3>Added</h3> <ul> <li>Add rule for Site Isolation (CORP/COEP/COOP).</li> </ul> <h3>Changed</h3> <ul> <li>Maintenance changes.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesAlpha-v29/pscanrulesAlpha-alpha-29.zap SHA-256:4eae60e511a4a3c4994893d1a1c074bc8f382e82d9bf84ab01ab164cf4b4cf56 https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules-alpha/ https://github.com/zaproxy/zap-extensions/ 2020-11-16 1039420 2.9.0 pscanrulesBeta Passive scanner rules (beta) The beta quality Passive Scanner rules ZAP Dev Team 23 pscanrulesBeta-beta-23.zap beta <h3>Changed</h3> <ul> <li>Update RE2/J library to latest version (1.5).</li> <li>Maintenance changes.</li> <li>Content Security Policy header missing scan rule changed to Medium risk in order to align with other CSP findings, and confidence to High (Issue 6301).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesBeta-v23/pscanrulesBeta-beta-23.zap SHA-256:56468802b24c98d5540f1a387b55c976fe21739cdc8905503c60b01d27372409 https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules-beta/ https://github.com/zaproxy/zap-extensions/ 2020-11-18 730125 2.9.0 commonlib quickstart Quick Start Provides a tab which allows you to quickly test a target application ZAP Dev Team 28 quickstart-release-28.zap release <h3>Added</h3> <ul> <li>Warning when HUD is enabled only in scope</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/quickstart-v28/quickstart-release-28.zap SHA-256:5be97d69fbb9fe7b68565dec6111778fb0c34b08329dc7cba48635bbfbf734db https://www.zaproxy.org/docs/desktop/addons/quick-start/ https://github.com/zaproxy/zap-extensions/ 2020-02-04 536541 2.7.0 reflect Reflect Finds reflected parameters Caleb Kinney 0.0.8 reflect-alpha-0.0.8.zap alpha https://github.com/zaproxy/zap-extensions/releases/download/2.7/reflect-alpha-0.0.8.zap SHA-256:49f88cebddc0aaf97bd326eecda111e583755bf4006e5fc5461fb43b63a27909 2020-06-11 1570946 2.9.0 regextester Regular Expression Tester Allows to test Regular Expressions ZAP Dev Team 1 regextester-alpha-1.zap alpha <ul> <li>Initial Release.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/regextester-v1/regextester-alpha-1.zap SHA-256:433618046ca07eb3d45ee87f065790c1617921f5997943bafa4c8939a85e784f https://www.zaproxy.org/docs/desktop/addons/regular-expression-tester/ https://github.com/zaproxy/zap-extensions/ 2019-06-20 21420 2.8.0 replacer Replacer Easy way to replace strings in requests and responses. ZAP Dev Team 8 replacer-beta-8.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> <li>Allow byte replacement using hexadecimal escapes (Issue 5328).</li> </ul> <h3>Fixed</h3> <ul> <li>Fix link in API endpoint description.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/replacer-v8/replacer-beta-8.zap SHA-256:eac8033705419ec939f2ed1ac50874f50f2cdabd12d7941b0c73389168bfd2a7 https://www.zaproxy.org/docs/desktop/addons/replacer/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 332794 2.7.0 requester Requester Request numbered panel. Surikato 4 requester-alpha-4.zap alpha <h3>Added</h3> <ul> <li>Add help.</li> <li>Add info and repo URLs.</li> <li>Allow to disable cookies (Issue 4934).</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.9.0.</li> </ul> <h3>Fixed</h3> <ul> <li>Add the requests to the Sites tree to be able to active scan them (Issue 5778).</li> <li>Enforce the mode when sending the request and following redirections.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/requester-v4/requester-alpha-4.zap SHA-256:5d6ef302b4b80cb9142e124d42bb1c890c3fc7801e89f7a3a24841311950d930 https://www.zaproxy.org/docs/desktop/addons/requester/ https://github.com/zaproxy/zap-extensions/ 2020-07-15 65198 2.9.0 retire Retire.js Retire.js Nikita Mundhada and the ZAP Dev Team 0.5.0 retire-release-0.5.0.zap release <h3>Changed</h3> <ul> <li>Updated with upstream retire.js pattern changes.</li> <li>Add-on promoted to Release.</li> <li>Added example alert.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.5.0/retire-release-0.5.0.zap SHA-256:8bebbf5497de011ddf9c33dcbc35553343ad50d9e38a6555df8b0f741b112a3f https://www.zaproxy.org/docs/desktop/addons/retire.js/ https://github.com/zaproxy/zap-extensions/ 2020-10-29 297817 2.9.0 reveal Reveal Show hidden fields and enable disabled fields ZAP Dev Team 3 reveal-release-3.zap release <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Maintenance changes.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/reveal-v3/reveal-release-3.zap SHA-256:00007169079c8f62c29e7b879cb6162b0737d41e85607fa4541c601854cfe78a https://www.zaproxy.org/docs/desktop/addons/reveal/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 239480 2.7.0 revisit Revisit Revisit a site at any time in the past using the session history ZAP Dev Team 3 revisit-alpha-3.zap alpha Code changes for Java 9 (Issue 2602).<br> Updated for 2.7.0.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/revisit-alpha-3.zap SHA1:23655efe51113e48b8e2ff8bbe7e41a33235ff55 https://www.zaproxy.org/docs/desktop/addons/revisit/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 289297 2.7.0 saml SAML Extension Detect, Show, Edit, Fuzz SAML requests ZAP Dev Team 8 saml-alpha-8.zap alpha <ul> <li>Update minimum ZAP version to 2.5.0.</li> <li>Compressed SAMLMessage is not required</li> <li>Possibility to disable compression when sending</li> <li>Added SAML Passive Scanner</li> <li>Dynamically unload the add-on.</li> <li>Fix exception with Java 9+ (Issue 5032).</li> <li>Replaced joda.time.datetime with java.time.localtime (Java8).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/saml-v8/saml-alpha-8.zap SHA-256:5ac0f8d19ab7b4b7399496a3f7250177e2183c1fc3f622655ea9191c3f697dc7 https://www.zaproxy.org/docs/desktop/addons/saml-support/ https://github.com/zaproxy/zap-extensions/ 2019-08-30 1720102 2.5.0 saverawmessage Save Raw Message Allows to save content of HTTP messages as binary ZAP Dev Team 5 saverawmessage-release-5.zap release <h3>Added</h3> <ul> <li>Add help.</li> <li>Add info and repo URLs.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/saverawmessage-v5/saverawmessage-release-5.zap SHA-256:8e53f74fe5f4273c93eb2b63738590c0bef11d0d1f9b7b6366f333c1f6817b84 https://www.zaproxy.org/docs/desktop/addons/save-raw-message/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 33019 2.7.0 savexmlmessage Save XML Message Allows to save content of HTTP messages as XML thatsn0tmysite 0.1.0 savexmlmessage-alpha-0.1.0.zap alpha <h3>Added</h3> <ul> <li>Add help.</li> <li>Add info and repo URLs.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/savexmlmessage-v0.1.0/savexmlmessage-alpha-0.1.0.zap SHA-256:8d522e94426e6106f3d3e0e8a492f9f536590c3ce371b45b08be90362a91322c https://www.zaproxy.org/docs/desktop/addons/save-xml-message/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 16143 2.7.0 scripts Script Console Supports all JSR 223 scripting languages ZAP Dev Team 26 scripts-beta-26.zap beta <h3>Added</h3> <ul> <li>Add repo URL.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.8.0.</li> <li>Update help to mention custom script/global variables (Issue 3402).</li> <li>Move empty template entry to the top, for consistency with other fields in New Script dialogue.</li> <li>Save cursor position when switching between scripts.</li> <li>Change info URL to link to the site.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix links in script templates.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/scripts-v26/scripts-beta-26.zap SHA-256:339f9e622f2d17d429435d41b1a6933b73cdee0cedba42b76d2c46170f3004b7 https://www.zaproxy.org/docs/desktop/addons/script-console/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 661061 2.8.0 selenium Selenium WebDriver provider and includes HtmlUnit browser ZAP Dev Team 15.2.0 selenium-release-15.2.0.zap release <h3>Added</h3> <ul> <li>Support for selenium scripts which are invoked when browsers are launched.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.9.0.</li> <li>Set Firefox browser.tabs.documentchannel pref to false to fix HUD issue</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.2.0/selenium-release-15.2.0.zap SHA-256:9d3ee836b05eb0ab47c3b6c793a3840ccb3d0297f310d3598cb74a8e924f4b43 https://www.zaproxy.org/docs/desktop/addons/selenium/ https://github.com/zaproxy/zap-extensions/ 2020-03-31 24408666 2.9.0 sequence Sequence Gives the possibility of defining a sequence of requests to be scanned. ZAP Dev Team 5 sequence-alpha-5.zap alpha Updated for 2.7.0.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/sequence-alpha-5.zap SHA1:24c62a7d59bec5035acc649bb0970de09fa05a4b https://www.zaproxy.org/docs/desktop/addons/sequence-scanner/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 1511222 2.7.0 zest spiderAjax Ajax Spider Allows you to spider sites that make heavy use of JavaScript using Crawljax ZAP Dev Team 23.2.0 spiderAjax-release-23.2.0.zap release <h3>Added</h3> <ul> <li>Allow to specify allowed resources (Issue 3236). The allowed resources are always fetched even if out of scope, allowing to include necessary resources (e.g. scripts) from 3rd-parties. By default it allows files with extension <code>.js</code> and <code>.css</code>.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.9.0.</li> <li>Maintenance changes.</li> </ul> <h3>Fixed</h3> <ul> <li>Unregister the event publisher when the add-on is uninstalled.</li> <li>Persist the state of &quot;Remove Without Confirmation&quot; of non-default elements to click.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/spiderAjax-v23.2.0/spiderAjax-release-23.2.0.zap SHA-256:e400d71bb80a6bf0854e6cc9ac5ea1a1c4ecaae341cdadc3886ca57c1d178430 https://www.zaproxy.org/docs/desktop/addons/ajax-spider/ https://github.com/zaproxy/zap-extensions/ 2020-11-09 2510914 2.9.0 selenium 15.* sqliplugin Advanced SQLInjection Scanner An advanced active injection bundle for SQLi (derived by SQLMap) Andrea Pompili (Yhawke) 13 sqliplugin-beta-13.zap beta <ul> <li>Update minimum ZAP version to 2.5.0.</li> <li>Bundle JDOM library instead of relying on core.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/sqliplugin-v13/sqliplugin-beta-13.zap SHA-256:caaf8a25330c4532f6d3ab33722b77e8389614876c721885382fb413802ee75f https://www.zaproxy.org/docs/desktop/addons/advanced-sqlinjection-scanner/ https://github.com/zaproxy/zap-extensions/ 2019-06-07 277848 2.5.0 sse Server-Sent Events Allows you to view Server-Sent Events (SSE) communication. ZAP Dev Team 9 sse-alpha-9.zap alpha https://github.com/zaproxy/zap-extensions/releases/download/2.7/sse-alpha-9.zap SHA1:d5cbc991befbf002b171b23419d26623ab93ef73 https://www.zaproxy.org/docs/desktop/addons/server-sent-events/ https://github.com/zaproxy/zap-extensions/ 2017-11-28 333669 2.4.0 svndigger SVN Digger files SVN Digger files which can be used with ZAP forced browsing ZAP Dev Team 3 svndigger-beta-3.zap beta Updated for ZAP 2.4 https://github.com/zaproxy/zap-extensions/releases/download/2.7/svndigger-beta-3.zap SHA1:8c7187180ed48466d6829e39469cc3d0915b1cbf https://www.zaproxy.org/docs/desktop/addons/svn-digger-files/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 615459 2.4.0 tips Tips and Tricks Display ZAP Tips and Tricks ZAP Dev Team 7 tips-beta-7.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Updated for move from irc.mozilla.org to freenode</li> </ul> <h3>Removed</h3> <ul> <li>Remove tips related to Filter functionality, it no longer exists.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/tips-v7/tips-beta-7.zap SHA-256:5aca2c5c85bfa68f6cf46bcb4d522cdb16c5168f056b88e6b81491853a9c714e https://www.zaproxy.org/docs/desktop/addons/tips-and-tricks/ https://github.com/zaproxy/zap-extensions/ 2020-01-17 559679 2.7.0 tlsdebug TLS Debug Provides a tab which allows to quickly debug a TLS/SSL connection P.M.J. Roth 3 tlsdebug-alpha-3.zap alpha Update minimum ZAP version to 2.5.0.<br> Change default accelerator for TLS Debug tab.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/tlsdebug-alpha-3.zap SHA1:1cbbbeca9e1681c968cddf612c7938c0dd6e1181 https://www.zaproxy.org/docs/desktop/addons/tls-debug/ https://github.com/zaproxy/zap-extensions/ 2018-10-15 244231 2.5.0 tokengen Token Generation and Analysis Allows you to generate and analyze pseudo random tokens, such as those used for session handling or CSRF protection ZAP Dev Team 13 tokengen-beta-13.zap beta <ul> <li>Maintenance changes.</li> <li>Address problem from v12 where analysis dialog wasn't being shown after collection (this was due to a build issue).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/tokengen-v13/tokengen-beta-13.zap SHA-256:d5bcf7649ccf5c88fcf5a7104990986d08b94eedfcd2d4d3b178d5945d5827df https://www.zaproxy.org/docs/desktop/addons/token-generator/ https://github.com/zaproxy/zap-extensions/ 2019-07-15 479372 2.6.0 treetools TreeTools Tools to add functionality to the tree view. Carl Sampson 7 treetools-beta-7.zap beta Code changes for Java 9 (Issue 2602) https://github.com/zaproxy/zap-extensions/releases/download/2.7/treetools-beta-7.zap SHA1:38fbc4d4e22c0da73a4048522d250fa4ac89bdab https://www.zaproxy.org/docs/desktop/addons/treetools/ https://github.com/zaproxy/zap-extensions/ 2017-11-27 18821 2.4.0 viewstate ViewState ASP/JSF ViewState Decoder and Editor Calum Hutton 2 viewstate-alpha-2.zap alpha <h3>Added</h3> <ul> <li>Add help.</li> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.9.0.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix memory leak.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/viewstate-v2/viewstate-alpha-2.zap SHA-256:0bdc5322cd46bdd4c759b4dbd97981c5fff752e078811533f5cda08a5776f111 https://www.zaproxy.org/docs/desktop/addons/viewstate/ https://github.com/zaproxy/zap-extensions/ 2020-07-10 49072 2.9.0 wappalyzer Wappalyzer - Technology Detection Technology detection using Wappalyzer: wappalyzer.com ZAP Dev Team 20.3.0 wappalyzer-beta-20.3.0.zap beta <h3>Changed</h3> <ul> <li>Updated with upstream Wappalyzer icon and pattern changes.</li> <li>Maintenance changes.</li> <li>When available the description of a given app/technology will show in the tooltip for a row in the table, and be included in detailed API responses.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/wappalyzer-v20.3.0/wappalyzer-beta-20.3.0.zap SHA-256:b82fceb04e7f24e26c33d57cda1b910b49e4753fa59a18da0fcedd2fdfb0405f https://www.zaproxy.org/docs/desktop/addons/technology-detection/ https://github.com/zaproxy/zap-extensions/ 2020-09-30 9586413 2.9.0 webdriverlinux Linux WebDrivers Linux WebDrivers for Firefox and Chrome. ZAP Dev Team 23 webdriverlinux-release-23.zap release <h3>Changed</h3> <ul> <li>Update ChromeDriver to 87.0.4280.20.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/webdriverlinux-v23/webdriverlinux-release-23.zap SHA-256:29b88504a0a235646003d28ce19cff78bc42e949698e19324d9cbffffbb4e516 https://www.zaproxy.org/docs/desktop/addons/linux-webdrivers/ https://github.com/zaproxy/zap-extensions/ 2020-11-18 11027029 2.9.0 webdrivermacos MacOS WebDrivers MacOS WebDrivers for Firefox and Chrome. ZAP Dev Team 22 webdrivermacos-release-22.zap release <h3>Changed</h3> <ul> <li>Update ChromeDriver to 87.0.4280.20.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/webdrivermacos-v22/webdrivermacos-release-22.zap SHA-256:c241e9527045c44e57ac2b86fe3d283a0c3a7ede111b9db149406ca8f174c2f7 https://www.zaproxy.org/docs/desktop/addons/macos-webdrivers/ https://github.com/zaproxy/zap-extensions/ 2020-11-18 9829081 2.9.0 webdriverwindows Windows WebDrivers Windows WebDrivers for Firefox and Chrome. ZAP Dev Team 23 webdriverwindows-release-23.zap release <h3>Changed</h3> <ul> <li>Update ChromeDriver to 87.0.4280.20.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/webdriverwindows-v23/webdriverwindows-release-23.zap SHA-256:3786129a29a066654ac2d92a6c3344748b1a9c8346e677af2f0edcfc4ecdc90d https://www.zaproxy.org/docs/desktop/addons/windows-webdrivers/ https://github.com/zaproxy/zap-extensions/ 2020-11-18 8387705 2.9.0 websocket WebSockets Allows you to inspect WebSocket communication. ZAP Dev Team 22 websocket-release-22.zap release <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.9.0.</li> <li>Allow to use newer versions of Fuzzer add-on.</li> <li>Maintenance changes.</li> </ul> <h3>Fixed</h3> <ul> <li>Correctly handle API request without parameters.</li> <li>Fixed an exception which was occurring when the tab was shown when a handshake response was first encountered during a ZAP session.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/websocket-v22/websocket-release-22.zap SHA-256:d3240ecdd3a8d09a3d64dee4b7b2b0e49449ba21cec558d7b8491e7d354ac18f https://www.zaproxy.org/docs/desktop/addons/websockets/ https://github.com/zaproxy/zap-extensions/ 2020-08-17 1030733 2.9.0 zest Zest - Graphical Security Scripting Language A graphical security scripting language, ZAPs macro language on steroids ZAP Dev Team 33 zest-beta-33.zap beta <h3>Added</h3> <ul> <li>Allow to create a screenshot from the browser, using the context menu <code>Add Zest Client</code> &gt; <code>Screenshot</code>.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.9.0.</li> <li>Update Zest library to 0.15.0: <ul> <li>Do not follow redirects when disabled;</li> <li>Reduce the changes done to the requests sent.</li> </ul> </li> <li>Maintenance changes.</li> </ul> <h3>Fixed</h3> <ul> <li>Make sure the header fields are separated with CRLF when edited in the UI.</li> <li>Handle client requests when authenticating (Issue 5940).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/zest-v33/zest-beta-33.zap SHA-256:99f7464b50d1b9d19975f56c1d465b12e5bbf6db5067285a2c9a5f52a663d556 https://www.zaproxy.org/docs/desktop/addons/zest/ https://github.com/zaproxy/zap-extensions/ 2020-11-27 13605335 2.9.0 selenium 15.*