2.16.0
D-2025-02-10
https://github.com/zaproxy/zaproxy/releases/download/w2025-02-10/ZAP_WEEKLY_D-2025-02-10.zip
ZAP_WEEKLY_D-2025-02-10.zip
SHA-256:994b2ed7ac308e103051eeb3facb78750b7ca3ee686bab5b7c7d6d4e28a561a7
286845579
https://github.com/zaproxy/zaproxy/releases/download/v2.16.0/ZAP_2_16_0_windows-x32.exe
ZAP_2_16_0_windows-x32.exe
SHA-256:244140ecc85b9393ccab58df263741f271386ab3c301f26cdc5e06f8579f7d1a
244239872
https://github.com/zaproxy/zaproxy/releases/download/v2.16.0/ZAP_2_16_0_windows.exe
ZAP_2_16_0_windows.exe
SHA-256:0d2b9277fabb36b97c3344d1903eef57e50bbe93cb6aa4087b9a1dfd1705a62a
244416512
https://github.com/zaproxy/zaproxy/releases/download/v2.16.0/ZAP_2.16.0_Linux.tar.gz
ZAP_2.16.0_Linux.tar.gz
SHA-256:a0779509e702ec53d41074eaa0ce41f2a964a822aa5be0380255a482e2e7fe8d
234966964
https://github.com/zaproxy/zaproxy/releases/download/v2.16.0/ZAP_2.16.0.dmg
ZAP_2.16.0.dmg
SHA-256:dc353ddd98e4678cd545c174c717ce630ce76ae2f06f2dbebb107a813cf54b74
265546003
Bug fix and enhancement release.
https://www.zaproxy.org/docs/desktop/releases/2.16.0/
accessControl
Access Control Testing
Adds a set of tools for testing access control in web applications.
ZAP Dev Team
10
accessControl-alpha-10.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.14.0.</li>
<li>Maintenance changes.</li>
<li>Link website alert pages and help (Issues 8189).</li>
<li>The results table now presents the same context menu as other similar tables (History, Search, etc) facilitating copying URLs, etc (Issue 8356).</li>
<li>Now has a table export button (Issue 8356).</li>
<li>Adjusted some labels/titles to use title caps (Issue 2000 & 8356).</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Now uses the General Font (Issue 8356), as set in the Display options.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/accessControl-v10/accessControl-alpha-10.zap
SHA-256:8e068a789650cd31a5a4592cf57af3dbcb04b98f6fcd20bf752889c3843cbce8
https://www.zaproxy.org/docs/desktop/addons/access-control-testing/
https://github.com/zaproxy/zap-extensions/
2024-03-25
597028
2.14.0
commonlib
>= 1.17.0 & < 2.0.0
alertFilters
Alert Filters
Allows you to automate the changing of alert risk levels.
ZAP Dev Team
23
alertFilters-release-23.zap
release
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Fields with default or missing values are omitted for the <code>alertFilter</code> job in saved Automation Framework plans.</li>
<li>Depend on Passive Scanner add-on (Issue 7959).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/alertFilters-v23/alertFilters-release-23.zap
SHA-256:20effe0ea05bfe0939a2f4bde15ebe65c61d458b2f898441356ef11a65bb3fb8
https://www.zaproxy.org/docs/desktop/addons/alert-filters/
https://github.com/zaproxy/zap-extensions/
2025-01-09
568692
2.16.0
pscan
>= 0.1.0 & < 1.0.0
allinonenotes
All In One Notes
A simple extension to view all notes in one pane.
David Vassallo
2
allinonenotes-alpha-2.zap
alpha
<h3>Added</h3>
<ul>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Update link to repository.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/allinonenotes-v2/allinonenotes-alpha-2.zap
SHA-256:9e70d6e76b72692e9c0cb64002a692b710710e688ea2d8834818086300632d2a
https://www.zaproxy.org/docs/desktop/addons/all-in-one-notes/
https://github.com/zaproxy/zap-extensions/
2021-10-07
249532
2.11.0
ascanrules
Active scanner rules
The release status Active Scanner rules
ZAP Dev Team
70
ascanrules-release-70.zap
release
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Updated help with specific Category identifiers for use with the Custom Payloads add-on for rules:
<ul>
<li>Hidden File Finder</li>
<li>User Agent Fuzzer</li>
</ul>
</li>
<li>Now depends on minimum Common Library version 1.29.0.</li>
<li>Add the <code>OUT_OF_BAND</code> alert tag to the following scan rules:
<ul>
<li>Server Side Template Injection (Blind)</li>
<li>XML External Entity Attack</li>
</ul>
</li>
<li>Cloud Metadata Attack scan rule is improved to support GCP, Azure, and OCI.</li>
<li>Remove double dot in skipped message of a scan rule that uses the Active Scan OAST service.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>A situation where the Server-Side Template Injection (SSTI) scan rule might result in false positives related to the Go payloads (Issue 8622).</li>
<li>False Positives in Cloud Metadata Attack scan rule (Issue 8514).</li>
</ul>
<h3>Added</h3>
<ul>
<li>Standardized Scan Policy related alert tags on the rule.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v70/ascanrules-release-70.zap
SHA-256:236ae035feb96d24436af446086959cee1ebdf352ed32645783e26dff7130dcd
https://www.zaproxy.org/docs/desktop/addons/active-scan-rules/
https://github.com/zaproxy/zap-extensions/
2025-01-09
3323142
2.16.0
commonlib
>= 1.29.0 & < 2.0.0
network
>= 0.3.0
oast
>= 0.7.0
ascanrulesAlpha
Active scanner rules (alpha)
The alpha status Active Scanner rules
ZAP Dev Team
48
ascanrulesAlpha-alpha-48.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.15.0.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Alert text for various rules has been updated to more consistently use periods and spaces in a uniform manner.</li>
<li>Potential false positives in the LDAP Injection scan rule when the original message resulted in an error to start with (Issue 8519).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesAlpha-v48/ascanrulesAlpha-alpha-48.zap
SHA-256:59260c6445736290ed2c3c553a4a5e085a33226411009c6ad21ee157753f89fc
https://www.zaproxy.org/docs/desktop/addons/active-scan-rules-alpha/
https://github.com/zaproxy/zap-extensions/
2024-09-02
402920
2.15.0
commonlib
>= 1.22.0 & < 2.0.0
ascanrulesBeta
Active scanner rules (beta)
The beta status Active Scanner rules
ZAP Dev Team
57
ascanrulesBeta-beta-57.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>The following scan rules now use more specific CWE IDs:
<ul>
<li>Proxy Disclosure (Issue 8713)</li>
<li>Possible Username Enumeration (Issue 8715)</li>
</ul>
</li>
<li>Remove double dot in skipped message of scan rules that use the Active Scan OAST service.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Address exception when scanning a message without path with Possible Username Enumeration scan rule.</li>
<li>The WSTG alert tags on the HTTP Only Site scan rule.</li>
</ul>
<h3>Added</h3>
<ul>
<li>Standardized Scan Policy related alert tags on various rules.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v57/ascanrulesBeta-beta-57.zap
SHA-256:d2574f4a79137a5d3d0b1bb82563863a8c414bd13c9ef42e0084090e37337b03
https://www.zaproxy.org/docs/desktop/addons/active-scan-rules-beta/
https://github.com/zaproxy/zap-extensions/
2025-01-15
1777403
2.16.0
commonlib
>= 1.29.0 & < 2.0.0
database
>= 0.1.0
network
>= 0.3.0
oast
>= 0.7.0
attacksurfacedetector
Attack Surface Detector
The Attack Surface Detector analyzes web application source code to generate endpoints that can be used for penetration testing.
Secure Decisions (Matthew DeLetto)
1.1.4
attacksurfacedetector-alpha-1.1.4.zap
alpha
Various incremental changes (see https://github.com/secdec/attack-surface-detector-zap/releases)<br>
Fix un-handled exception when target unavailable & address various "house keeping" tasks.<br>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/attacksurfacedetector-alpha-1.1.4.zap
SHA1:e21758c2cdcbc7806f44cc986a88360457eff82e
https://github.com/secdec/attack-surface-detector-zap/wiki
https://github.com/secdec/attack-surface-detector-zap/
2019-03-07
15604948
2.7.0
authhelper
Authentication Helper
Helps identify and set up authentication handling
ZAP Dev Team
0.22.0
authhelper-beta-0.22.0.zap
beta
<h3>Added</h3>
<ul>
<li>Initial authentication report (JSON).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/authhelper-v0.22.0/authhelper-beta-0.22.0.zap
SHA-256:fd45568474fd3a41a4a51d649ea4d05a1b00d37c527e80988b2b973c10be3ef5
https://www.zaproxy.org/docs/desktop/addons/authentication-helper/
https://github.com/zaproxy/zap-extensions/
2025-02-12
983211
2.16.0
commonlib
>= 1.13.0 & < 2.0.0
network
>=0.6.0
pscan
>= 0.1.0 & < 1.0.0
selenium
15.*
zest
>=48.2.0
authstats
Authentication Statistics
Records logged in/out statistics for all contexts in scope.
ZAP Dev Team
2
authstats-alpha-2.zap
alpha
<h3>Added</h3>
<ul>
<li>Add repo URL.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Dynamically unload the add-on.</li>
<li>Change info URL to link to the site.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/authstats-v2/authstats-alpha-2.zap
SHA-256:cfb604c27f3a7a58e7b5aa55fe9f19a9ce5561fab3ef7d3f6c72845671fb5dcf
https://www.zaproxy.org/docs/desktop/addons/authentication-statistics/
https://github.com/zaproxy/zap-extensions/
2021-10-07
247499
2.11.0
automation
Automation Framework
Automation Framework.
ZAP Dev Team
0.47.0
automation-beta-0.47.0.zap
beta
<h3>Added</h3>
<ul>
<li>Method to get the YAML representation of a plan.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/automation-v0.47.0/automation-beta-0.47.0.zap
SHA-256:fb2e0fd3a28f122f9f0eec1bd3f6bfc6eb7ca2850ad253099250f467457297ed
https://www.zaproxy.org/docs/desktop/addons/automation-framework/
https://github.com/zaproxy/zap-extensions/
2025-02-12
1988906
2.16.0
commonlib
>= 1.17.0 & < 2.0.0
network
>= 0.15.0 & < 1.0.0
beanshell
BeanShell Console
Provides a BeanShell Console
ZAP Dev Team
7
beanshell-beta-7.zap
beta
<h3>Added</h3>
<ul>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Maintenance changes.</li>
<li>Improve permissions and space handling when saving.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/beanshell-v7/beanshell-beta-7.zap
SHA-256:0a83cb7d0369ccef50768ccbda1e6c6d82b9f4e3bd9372b38fd32cc21f6a30fb
https://www.zaproxy.org/docs/desktop/addons/bean-shell/
https://github.com/zaproxy/zap-extensions/
2021-10-07
577838
2.11.0
browserView
Browser View
Adds an option to render HTML responses like a browser
ZAP Dev Team
6
browserView-alpha-6.zap
alpha
<h3>Added</h3>
<ul>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.12.0.</li>
<li>Maintenance changes.</li>
<li>Make missing JavaFX logging less verbose in regular use.</li>
<li>Update help with the requirements to use the add-on.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/browserView-v6/browserView-alpha-6.zap
SHA-256:e53cfde3a009a4be2e40c84ac02e05114505160bd2bab6cbb42416ab9a65b16c
https://www.zaproxy.org/docs/desktop/addons/browser-view/
https://github.com/zaproxy/zap-extensions/
2023-03-13
197667
2.12.0
bruteforce
Forced Browse
Forced browsing of files and directories using code from the OWASP DirBuster tool
ZAP Dev Team
17
bruteforce-beta-17.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/bruteforce-v17/bruteforce-beta-17.zap
SHA-256:4c5828447d69da32e450e65a6b082284b56538383d5cf4036b743805115a9a90
https://www.zaproxy.org/docs/desktop/addons/forced-browse/
https://github.com/zaproxy/zap-extensions/
2025-01-09
552468
2.16.0
commonlib
>= 1.23.0 & < 2.0.0
bugtracker
Bug Tracker
Bug Tracker extension.
ZAP Dev Team
4
bugtracker-alpha-4.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.1.</li>
<li>Dependency updates.</li>
<li>Maintenance changes.</li>
<li>Updated to use PAT not password (https://github.blog/changelog/2021-08-12-git-password-authentication-is-shutting-down/).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/bugtracker-v4/bugtracker-alpha-4.zap
SHA-256:37c57f8e7f4a1608500527ac1831f8b078427f804ea04ad5790a2970e3e1b722
https://www.zaproxy.org/docs/desktop/addons/bug-tracker/
https://github.com/zaproxy/zap-extensions/
2022-09-23
3707425
2.11.1
callgraph
Call Graph
Allows the user to view a call graph of the selected resources
Colm O'Flaherty
5
callgraph-alpha-5.zap
alpha
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/callgraph-v5/callgraph-alpha-5.zap
SHA-256:0874ce5aad0c4bbf28f72627a4940759d328396e12b7d6a5596f2e41bf24dc4e
https://www.zaproxy.org/docs/desktop/addons/call-graph/
https://github.com/zaproxy/zap-extensions/
2021-10-07
925930
2.11.0
callhome
Call Home
Handles all of the calls to ZAP services.
ZAP Dev Team
0.14.0
callhome-release-0.14.0.zap
release
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
<h3>Added</h3>
<ul>
<li>Network stats to telemetry.</li>
<li>Sequence stats to telemetry.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/callhome-v0.14.0/callhome-release-0.14.0.zap
SHA-256:100870954c18d9f9c9ed2db5348eb069262a7c177bfbe158355c1b20e9fa5cef
https://www.zaproxy.org/docs/desktop/addons/call-home/
https://github.com/zaproxy/zap-extensions/
2025-01-09
322668
2.16.0
client
Client Side Integration
Exposes client (browser) side information in ZAP using Firefox and Chrome extensions.
ZAP Dev Team
0.13.0
client-alpha-0.13.0.zap
alpha
<h3>Added</h3>
<ul>
<li>Added support for Client Script Authentication when installed in conjunction with the Authentication Helper add-on.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/client-v0.13.0/client-alpha-0.13.0.zap
SHA-256:64be16089fc028badd969a4dc390f7b79d76e6332d14f19e43bef33a49e6df94
https://www.zaproxy.org/docs/desktop/addons/client-side-integration/
https://github.com/zaproxy/zap-extensions/
2025-02-04
2142810
2.16.0
commonlib
>=1.23.0
network
>=0.8.0
selenium
>=15.14.0
commonlib
Common Library
A common library, for use by other add-ons.
ZAP Dev Team
1.30.0
commonlib-release-1.30.0.zap
release
<h3>Added</h3>
<ul>
<li>Add solutions to Insufficient Process Validation vulnerability (Issue 8056).</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Improve solution and add more references to 'Information Leakage' vulnerability (Issue 8056).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.30.0/commonlib-release-1.30.0.zap
SHA-256:f178d4e48506fda85a70faf9346fc67fe0c895b98469dd02579b04b4c39c3dbc
https://www.zaproxy.org/docs/desktop/addons/common-library/
https://github.com/zaproxy/zap-extensions/
2025-01-09
15146336
2.16.0
communityScripts
Community Scripts
Useful ZAP scripts written by the ZAP community.
ZAP Community
19
communityScripts-alpha-19.zap
alpha
<h3>Added</h3>
<ul>
<li>extender/arpSyndicateSubdomainDiscovery.js - uses the API of <a href="https://www.subdomain.center/">ARPSyndicate's Subdomain Center</a>
to find and add subdomains to the Sites Tree.</li>
<li>passive/JavaDisclosure.js - Passive scan for Java error messages leaks</li>
<li>httpsender/RsaEncryptPayloadForZap.py - A script that encrypts requests using RSA</li>
<li>selenium/FillOTPInMFA.js - A script that fills the OTP in MFA</li>
<li>authentication/KratosApiAuthentication.js - A script to authenticate with Kratos using the API flow</li>
<li>authentication/KratosBrowserAuthentication.js - A script to authenticate with Kratos using the browser flow</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.15.0.</li>
<li>Use Prettier to format all JavaScript scripts.</li>
<li>Update the following scripts to implement the <code>getMetadata()</code> function with revised metadata:
<ul>
<li>active/Cross Site WebSocket Hijacking.js</li>
<li>active/cve-2019-5418.js</li>
<li>active/gof_lite.js</li>
<li>active/JWT None Exploit.js</li>
<li>active/SSTI.js</li>
<li>passive/clacks.js</li>
<li>passive/CookieHTTPOnly.js</li>
<li>passive/detect_csp_notif_and_reportonly.js</li>
<li>passive/detect_samesite_protection.js</li>
<li>passive/f5_bigip_cookie_internal_ip.js</li>
<li>passive/find base64 strings.js</li>
<li>passive/Find Credit Cards.js</li>
<li>passive/Find Emails.js</li>
<li>passive/Find Hashes.js</li>
<li>passive/Find HTML Comments.js</li>
<li>passive/Find IBANs.js</li>
<li>passive/Find Internal IPs.js</li>
<li>passive/find_reflected_params.py</li>
<li>passive/HUNT.py</li>
<li>passive/Mutliple Security Header Check.js</li>
<li>passive/google_api_keys_finder.js</li>
<li>passive/JavaDisclosure.js</li>
<li>passive/Report non static sites.js</li>
<li>passive/RPO.js</li>
<li>passive/s3.js</li>
<li>passive/Server Header Disclosure.js</li>
<li>passive/SQL injection detection.js</li>
<li>passive/Telerik Using Poor Crypto.js</li>
<li>passive/Upload form discovery.js</li>
<li>passive/X-Powered-By_header_checker.js</li>
</ul>
</li>
<li>httpsender/Alert on Unexpected Content Types.js now checks for common content-types (<code>json</code>, <code>xml</code>, and <code>yaml</code>) more consistently.</li>
<li>targeted/request_to_xml.js no longer uses deprecated method to show the message in the editor dialogue.</li>
</ul>
https://github.com/zaproxy/community-scripts/releases/download/v19/communityScripts-alpha-19.zap
SHA-256:f96502b471dd349ae2fceba4a68bde9465091580040ad8798e13bb176030bbba
https://www.zaproxy.org/docs/desktop/addons/community-scripts/
https://github.com/zaproxy/community-scripts/
2024-07-01
475346
2.15.0
coreLang
Core Language Files
Translations of the core language files
ZAP Dev Team
15
coreLang-release-15.zap
release
<h3>Changed</h3>
<ul>
<li>Update the languages files from Crowdin.</li>
<li>Update minimum ZAP version to 2.11.1.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/coreLang-v15/coreLang-release-15.zap
SHA-256:d8258b914ffc95820dd045acf56677668a8cbbfc759290f72e30210056dfb88c
https://crowdin.com/project/zaproxy
https://github.com/zaproxy/zap-extensions/
2022-02-14
4616009
2.11.1
custompayloads
Custom Payloads
Ability to add, edit or remove payloads that are used i.e. by active scanners
ZAP Dev Team
0.14.0
custompayloads-release-0.14.0.zap
release
<h3>Changed</h3>
<ul>
<li>Promoted to Release status.</li>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Maintenance changes.</li>
<li>The superfluous/unused ID element of the custom payloads has been removed from the GUI and config.</li>
<li>Now depends on the Common Library add-on.</li>
</ul>
<h3>Added</h3>
<ul>
<li>Add help button to Options panel and add further detailed Help content.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>The add-on will no longer attempt to save or load Payloads for which there is no Category.</li>
<li>Ensure file is selected, exists, and is readable when attempting to import multiple payloads.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/custompayloads-v0.14.0/custompayloads-release-0.14.0.zap
SHA-256:fe99e67a3a456c70a25c35e5d25961c1dca417d2c94124316c2ea26965009ec2
https://www.zaproxy.org/docs/desktop/addons/custom-payloads/
https://github.com/zaproxy/zap-extensions/
2025-01-15
292156
2.16.0
commonlib
>= 1.17.0 & < 2.0.0
database
Database
Provides database engines and related infrastructure.
ZAP Dev Team
0.7.0
database-alpha-0.7.0.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/database-v0.7.0/database-alpha-0.7.0.zap
SHA-256:12e4a7bb69aa5d7fa359da44406f5dfcd085cdc77110244cc5f1a38dfeee11d4
https://www.zaproxy.org/docs/desktop/addons/database/
https://github.com/zaproxy/zap-extensions/
2025-01-09
23094350
2.16.0
dev
Dev Add-on
An add-on to help with development of ZAP.
ZAP Dev Team
0.9.0
dev-alpha-0.9.0.zap
alpha
<h3>Added</h3>
<ul>
<li>Link which is only shown if a localStorage item is set, for testing in browser spider authentication.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/dev-v0.9.0/dev-alpha-0.9.0.zap
SHA-256:88bdc80a59a0efb7d6b7d85fc7aded3037c712e0a8460f743fb70e66107be322
https://www.zaproxy.org/docs/desktop/addons/dev-add-on/
https://github.com/zaproxy/zap-extensions/
2025-01-31
155773
2.16.0
commonlib
>=1.17.0
network
>=0.7.0
diff
Diff
Displays a dialog showing the differences between 2 requests or responses. It uses diffutils and diff_match_patch
ZAP Dev Team
17
diff-beta-17.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/diff-v17/diff-beta-17.zap
SHA-256:6629fdcd55e509dfaf1e1004204b3dca5a75bfb1593c11bd8281bd7c7fd367b9
https://www.zaproxy.org/docs/desktop/addons/diff/
https://github.com/zaproxy/zap-extensions/
2025-01-09
693148
2.16.0
commonlib
>=1.23.0
directorylistv1
Directory List v1.0
List of directory names to be used with Forced Browse or Fuzzer add-on.
ZAP Dev Team
9
directorylistv1-release-9.zap
release
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/directorylistv1-v9/directorylistv1-release-9.zap
SHA-256:71e5b57bcf89774267375426f2e67f789cf13a4b69c97c8946a325fa321d18ce
https://www.zaproxy.org/docs/desktop/addons/directory-list-v1.0/
https://github.com/zaproxy/zap-extensions/
2025-01-09
961164
2.16.0
directorylistv2_3
Directory List v2.3
Lists of directory names to be used with Forced Browse or Fuzzer add-on.
ZAP Dev Team
4
directorylistv2_3-release-4.zap
release
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add repo URL.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Change info URL to link to the site.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/directorylistv2_3-v4/directorylistv2_3-release-4.zap
SHA-256:3a8b04b9363b57acd9cf8cd67abce4c630f986e2b492a1ebd01eaa9587a0a199
https://www.zaproxy.org/docs/desktop/addons/directory-list-v2.3/
https://github.com/zaproxy/zap-extensions/
2021-10-07
8722229
2.11.0
directorylistv2_3_lc
Directory List v2.3 LC
Lists of lower case directory names to be used with Forced Browse or Fuzzer add-on.
ZAP Dev Team
4
directorylistv2_3_lc-release-4.zap
release
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add repo URL.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Change info URL to link to the site.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/directorylistv2_3_lc-v4/directorylistv2_3_lc-release-4.zap
SHA-256:2603580ba53673c31800ef7373e7cc09de759369b6f8fb43cc9e5024ad5d9af4
https://www.zaproxy.org/docs/desktop/addons/directory-list-v2.3-lc/
https://github.com/zaproxy/zap-extensions/
2021-10-07
7569974
2.11.0
domxss
DOM XSS Active scanner rule
DOM XSS Active scanner rule
Aabha Biyani, ZAP Dev Team
21
domxss-release-21.zap
release
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Handle exceptions while obtaining the XPath of an element.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/domxss-v21/domxss-release-21.zap
SHA-256:4902e5d519c7b4a68441d9fb3ae2edc1df3d1c4086333a2e4844279e65ea96ec
https://www.zaproxy.org/docs/desktop/addons/dom-xss-active-scan-rule/
https://github.com/zaproxy/zap-extensions/
2025-01-09
284336
2.16.0
commonlib
>= 1.29.0 & < 2.0.0
network
>=0.1.0
selenium
>= 15.13.0
encoder
Encoder
Adds encode/decode/hash dialog and support for scripted processors as well
ZAP Dev Team
1.6.0
encoder-release-1.6.0.zap
release
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
<h3>Added</h3>
<ul>
<li>A predefined processor "ASCify" which converts text removing accents/diacritics/ligatures (perhaps not fully, due to operation in compatibility mode) leaving only ASCII characters.</li>
<li>Predefined processors for encoding and decoding Morse Code.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/encoder-v1.6.0/encoder-release-1.6.0.zap
SHA-256:1d8194472413b02de94f14db73e5cf6ebfad3b73ab35679cb166217f585713e8
https://www.zaproxy.org/docs/desktop/addons/encode-decode-hash/
https://github.com/zaproxy/zap-extensions/
2025-01-09
477920
2.16.0
commonlib
>=1.23.0
evalvillain
Eval Villain
Adds the Eval Villain extension to Firefox when launched from ZAP.
Dennis Goodlett and the ZAP Dev Team
0.4.0
evalvillain-alpha-0.4.0.zap
alpha
<h3>Changed</h3>
<ul>
<li>Updated with new version of Eval Villain.</li>
<li>Update minimum ZAP version to 2.15.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/evalvillain-v0.4.0/evalvillain-alpha-0.4.0.zap
SHA-256:dedb6245cee2383b13eb4c0c58301ee2518c6e0af36359559f2e1638a8a076e3
https://www.zaproxy.org/docs/desktop/addons/eval-villain/
https://github.com/zaproxy/zap-extensions/
2024-11-25
4957040
2.15.0
selenium
>=15.5.0
exim
Import/Export
Import and Export functionality
ZAP Dev Team & thatsn0tmysite
0.13.0
exim-beta-0.13.0.zap
beta
<h3>Added</h3>
<ul>
<li>Add Automation Framework job to export data (e.g. HAR, URLs).</li>
<li>Support for Sites Tree export and prune.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Update dependency.</li>
<li>Maintenance changes.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Import HAR entry sent and elapsed time.</li>
<li>Duplicate or missing "Save URLs..." entries in the Export menu.</li>
<li>The "Save All URLs..." export option was saving only the selected URLs.</li>
<li>Correct bundled dependencies to avoid conflicts with core logging libraries.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/exim-v0.13.0/exim-beta-0.13.0.zap
SHA-256:c2322edb3c5a29e2a844a36ba23e3f5d8202c77d16610a323b6ff3b69914eb7c
https://www.zaproxy.org/docs/desktop/addons/import-export/
https://github.com/zaproxy/zap-extensions/
2025-01-09
940208
2.16.0
commonlib
>= 1.28.0 & < 2.0.0
fileupload
FileUpload
Detect File upload requests and scan them to find related vulnerabilities
KSASAN preetkaran20@gmail.com
1.2.1
fileupload-alpha-1.2.1.zap
alpha
https://github.com/zaproxy/zap-extensions/releases/download/2.7/fileupload-alpha-1.2.1.zap
SHA-256:84734320ed04f6e287cc0458897e99e80fe16d632d071e73187e446448b5fa7f
https://www.zaproxy.org/blog/2021-08-20-zap-fileupload-addon/
https://github.com/SasanLabs/owasp-zap-fileupload-addon/
2023-10-23
78272
2.11.0
formhandler
Value Generator
This Value Generator Add-on allows a user to define field names and values to be used when submitting values to an app. Fields can be added, modified, enabled/disabled, and deleted.
ZAP Dev Team
6.7.0
formhandler-beta-6.7.0.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Depend on Common Library add-on, to provide the default/custom values to the other add-ons (Issue 8016).</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fixed an issue in the help which may cause images to be displayed inline impacting the flow of the text.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/formhandler-v6.7.0/formhandler-beta-6.7.0.zap
SHA-256:2adb0a7f60f7c43861cdeac14d0d72cde139abcaf12fdd6cb82cf4739e52bd81
https://www.zaproxy.org/docs/desktop/addons/value-generator/
https://github.com/zaproxy/zap-extensions/
2025-01-09
2128203
2.16.0
commonlib
>= 1.29.0 & < 2.0.0
fuzz
Fuzzer
Advanced fuzzer for manual testing
ZAP Dev Team
13.15.0
fuzz-beta-13.15.0.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/fuzz-v13.15.0/fuzz-beta-13.15.0.zap
SHA-256:d8171808ac8e04395575aeca0f11469c79d93fa8e4327b8c7a82f4d0fd6119da
https://www.zaproxy.org/docs/desktop/addons/fuzzer/
https://github.com/zaproxy/zap-extensions/
2025-01-09
2014110
2.16.0
commonlib
>= 1.23.0 & < 2.0.0
fuzzai
FuzzAI Files
FuzzAI files which can be used with the ZAP fuzzer
ZAP Dev Team
0.0.1
fuzzai-release-0.0.1.zap
release
<h3>Added</h3>
<ul>
<li>First version</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/fuzzai-v0.0.1/fuzzai-release-0.0.1.zap
SHA-256:7d60565b5814b8523514c5d8001d0bdf1f30f6d96cae9b4ac0abb45ee7abcaea
https://www.zaproxy.org/docs/desktop/addons/fuzzai-files/
https://github.com/zaproxy/zap-extensions/
2024-09-24
50063
2.15.0
fuzzdb
FuzzDB Files
FuzzDB files which can be used with the ZAP fuzzer
ZAP Dev Team
9
fuzzdb-release-9.zap
release
<h3>Changed</h3>
<ul>
<li>Updated RAFT lists based on more recent SecLists contributions</li>
<li>Update minimum ZAP version to 2.11.1.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/fuzzdb-v9/fuzzdb-release-9.zap
SHA-256:c79537362cd6b383f447359685e3bd51795600b97ca0c1fadc4ba74828a7d4f4
https://www.zaproxy.org/docs/desktop/addons/fuzzdb-files/
https://github.com/zaproxy/zap-extensions/
2022-09-23
6167205
2.11.1
fuzzdboffensive
FuzzDB Offensive
FuzzDB web backdoors and attack files which can be used with the ZAP fuzzer or for manual penetration testing - contains files that may well be flagged by anti-virus tools
ZAP Dev Team
5
fuzzdboffensive-release-5.zap
release
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.14.0.</li>
<li>Updated help and description to say this may cause problems with anti-virus tools (Issue 8297).</li>
</ul>
https://github.com/zaproxy/fuzzdb-offensive/releases/download/v5/fuzzdboffensive-release-5.zap
SHA-256:9d7bf6f8df62e5ee56e72b47785e6027674127ae70604d9c4f6dc0cea1f536dc
https://www.zaproxy.org/docs/desktop/addons/fuzzdb-offensive/
https://github.com/zaproxy/fuzzdb-offensive/
2024-01-11
523693
2.14.0
gettingStarted
Getting Started with ZAP Guide
A short Getting Started with ZAP Guide
ZAP Dev Team
19
gettingStarted-release-19.zap
release
<h3>Changed</h3>
<ul>
<li>Update Getting Started Guide for 2.16.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/gettingStarted-v19/gettingStarted-release-19.zap
SHA-256:74ca76fbe518917005828d3b4f4392d8d91b5e11d1d6517a1ae9fc19f16bfd9b
https://www.zaproxy.org/docs/desktop/addons/getting-started-guide/
https://github.com/zaproxy/zap-extensions/
2025-01-09
968572
2.16.0
graaljs
GraalVM JavaScript
Provides the GraalVM JavaScript engine for ZAP scripting.
ZAP Dev Team
0.9.0
graaljs-alpha-0.9.0.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/graaljs-v0.9.0/graaljs-alpha-0.9.0.zap
SHA-256:8abec96df1ff90177953d5fffd4dfd57228c1a8d8e140a521e81ea80a256ca19
https://www.zaproxy.org/docs/desktop/addons/graalvm-javascript/
https://github.com/zaproxy/zap-extensions/
2025-01-09
24540532
2.16.0
commonlib
>=1.24.0
scripts
>=45.2.0
graphql
GraphQL Support
Inspect and attack GraphQL endpoints.
ZAP Dev Team
0.26.0
graphql-alpha-0.26.0.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Depend on newer version of Common Library add-on (Issue 8016).</li>
<li>Maintenance changes.</li>
</ul>
<h3>Added</h3>
<ul>
<li>Fingerprinting checks for the following engines:
<ul>
<li>pg_graphql</li>
<li>tailcall</li>
<li>Hot Chocolate</li>
<li>Inigo</li>
</ul>
</li>
<li>Support for importing an introspection query response from a file (Issue 8569).</li>
<li>If the Tech Detection (Wappalyzer) add-on is installed and a GraphQL engine is successfully fingerprinted, it is added to the Technology tab/data.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/graphql-v0.26.0/graphql-alpha-0.26.0.zap
SHA-256:7578897dd3e517d653d779f90b1565a6cac7c6c838f4107dd44d01f6233faae8
https://www.zaproxy.org/docs/desktop/addons/graphql-support/
https://github.com/zaproxy/zap-extensions/
2025-01-09
5475010
2.16.0
commonlib
>= 1.29.0 & < 2.0.0
groovy
Groovy Support
Adds Groovy support to ZAP
ZAP Dev Team
3.2.0
groovy-beta-3.2.0.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.14.0.</li>
<li>Maintenance changes.</li>
<li>Replace usage of singletons with injected variables (e.g. <code>model</code>, <code>control</code>) in scripts.</li>
<li>Dependency updates.</li>
<li>Update Active and Passive Script Templates to include a <code>getMetadata</code> function. This will allow them to be used as regular scan rules.</li>
<li>Depend on the <code>commonlib</code> and <code>scripts</code> add-ons for scan rule scripts.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Updated encode-decode script template to conform to the latest method signatures.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/groovy-v3.2.0/groovy-beta-3.2.0.zap
SHA-256:2603bcff3728308c6dab09135def96a1209ce8219b0d1f9d861c59b5a8fc522e
https://www.zaproxy.org/docs/desktop/addons/groovy-support/
https://github.com/zaproxy/zap-extensions/
2024-04-11
20168743
2.14.0
commonlib
>=1.24.0
scripts
>=45.2.0
grpc
gRPC Support
Inspect, attack gRPC endpoints, and decode protobuf messages.
ZAP Dev Team
0.2.0
grpc-alpha-0.2.0.zap
alpha
<h3>Added</h3>
<ul>
<li>gRPC WebSocket Support Added</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Do not try to decode non-gRPC responses when active scanning, which would lead to unnecessary warnings.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/grpc-v0.2.0/grpc-alpha-0.2.0.zap
SHA-256:028464ebc6c80f36fd32088c7aede870f68940dcbb2064a0ed6bfe2bb93f37e1
https://www.zaproxy.org/docs/desktop/addons/grpc-support/
https://github.com/zaproxy/zap-extensions/
2024-07-02
8202269
2.15.0
help
Help - English
English version of the ZAP help file.
ZAP Crowdin Team
19
help-release-19.zap
release
<h3>Added</h3>
<ul>
<li>Details for setting Gnome proxy settings.</li>
<li>History -> Alert tag details.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Updated for 2.16.0.</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help-v19/help-release-19.zap
SHA-256:5bc6bf5bca3f0f146c4922eecf06d5d1b0d5a63ea41707190008e692735613e7
https://www.zaproxy.org/docs/desktop/
https://github.com/zaproxy/zap-core-help/
2025-01-10
637180
2.15.0
help_ar_SA
Help - Arabic
Arabic version of the ZAP help file.
ZAP Crowdin Team
1
help_ar_SA-alpha-1.zap
alpha
<ul>
<li>First version.</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_ar_SA-v1/help_ar_SA-alpha-1.zap
SHA-256:8208b0c788d5e29a2bb34f3c44c07db613faefb17d8d9cfb60adc02629c2b3f1
https://github.com/zaproxy/zap-core-help/
2022-01-18
649333
2.11.0
help_bs_BA
Help - Bosnian
Bosnian version of the ZAP help file.
ZAP Crowdin Team
9
help_bs_BA-alpha-9.zap
alpha
Updated with the latest files from crowdin
https://github.com/zaproxy/zap-extensions/releases/download/2.7/help_bs_BA-alpha-9.zap
SHA1:d33a3277e877da4734e6bf9c911c61c4e6ce2f3f
2018-02-08
747536
2.7.0
help_es_ES
Help - Spanish
Spanish version of the ZAP help file.
ZAP Crowdin Team
10
help_es_ES-release-10.zap
release
<h3>Changed</h3>
<ul>
<li>Updated with the latest files from crowdin</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_es_ES-v10/help_es_ES-release-10.zap
SHA-256:63cc24e180374cf038d6aefe31b3f62e170437958ad61d2d3e65d2722fbedc1a
https://github.com/zaproxy/zap-core-help/
2022-01-18
697066
2.11.0
help_fil_PH
Help - Filipino
Filipino version of the ZAP help file.
ZAP Crowdin Team
3
help_fil_PH-alpha-3.zap
alpha
<h3>Changed</h3>
<ul>
<li>Updated with the latest files from crowdin</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_fil_PH-v3/help_fil_PH-alpha-3.zap
SHA-256:64bbeb0f9404b70c0d49e9fd5da789b8d3902a20f518c7305eb412242831a180
https://github.com/zaproxy/zap-core-help/
2022-01-18
710027
2.11.0
help_fr_FR
Help - French
French version of the ZAP help file.
ZAP Crowdin Team
10
help_fr_FR-alpha-10.zap
alpha
<h3>Changed</h3>
<ul>
<li>Updated with the latest files from crowdin</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_fr_FR-v10/help_fr_FR-alpha-10.zap
SHA-256:f1ede9441e5de48170fdef598eb543ef6ad0813eed2e838d2c4803ea114fcb1a
https://github.com/zaproxy/zap-core-help/
2022-01-18
646717
2.11.0
help_id_ID
Help - Indonesian
Indonesian version of the ZAP help file.
ZAP Crowdin Team
3
help_id_ID-beta-3.zap
beta
<h3>Changed</h3>
<ul>
<li>Updated with the latest files from crowdin</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_id_ID-v3/help_id_ID-beta-3.zap
SHA-256:ef50363872d783c3c49417bc821b28256cf35d8390004c48f6d4e030ceb8a7c5
https://github.com/zaproxy/zap-core-help/
2022-01-18
671009
2.11.0
help_ja_JP
Help - Japanese
Japanese version of the ZAP help file.
ZAP Crowdin Team
10
help_ja_JP-beta-10.zap
beta
<h3>Changed</h3>
<ul>
<li>Updated with the latest files from crowdin</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_ja_JP-v10/help_ja_JP-beta-10.zap
SHA-256:11d310352e8719fe50587c5b97dd5eeb3a2e2ab23e450a7c1d0fad013d003536
https://github.com/zaproxy/zap-core-help/
2022-01-18
661964
2.11.0
help_ms_MY
Help - Malay
Malay version of the ZAP help file.
ZAP Crowdin Team
1
help_ms_MY-alpha-1.zap
alpha
<ul>
<li>First version.</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_ms_MY-v1/help_ms_MY-alpha-1.zap
SHA-256:6407990b8ebaa2e401c3addc47081c742ab7fce25cec107ef49b4e627ad3ceae
https://github.com/zaproxy/zap-core-help/
2022-01-18
636908
2.11.0
help_pt_BR
Help - Portuguese, Brazilian
Portuguese, Brazilian version of the ZAP help file.
ZAP Crowdin Team
11
help_pt_BR-release-11.zap
release
<h3>Changed</h3>
<ul>
<li>Updated with the latest files from crowdin</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_pt_BR-v11/help_pt_BR-release-11.zap
SHA-256:3fdf92763c1c851848df6b3588c97bbeb22837002351fd00c8208d8ab01ff710
https://github.com/zaproxy/zap-core-help/
2022-01-18
682092
2.11.0
help_ru_RU
Help - Russian
Russian version of the ZAP help file.
ZAP Crowdin Team
2
help_ru_RU-release-2.zap
release
<h3>Changed</h3>
<ul>
<li>Promote to Release</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_ru_RU-v2/help_ru_RU-release-2.zap
SHA-256:3fd5d8e6af7453a3a16e7c38a19ec941a330d0fd050f562ecebdc4638ae52c80
https://github.com/zaproxy/zap-core-help/
2022-02-24
779171
2.11.0
help_tr_TR
Help - Turkish
Turkish version of the ZAP help file.
ZAP Crowdin Team
2
help_tr_TR-release-2.zap
release
<h3>Changed</h3>
<ul>
<li>Updated with the latest files from crowdin</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_tr_TR-v2/help_tr_TR-release-2.zap
SHA-256:a92b43beab5e196341d8ddf40d594f1596c225c74f0f5b9280e223acc9a8535c
https://github.com/zaproxy/zap-core-help/
2022-01-18
710766
2.11.0
help_zh_CN
Help - Chinese Simplified
Chinese Simplified version of the ZAP help file.
ZAP Crowdin Team
3
help_zh_CN-beta-3.zap
beta
<h3>Changed</h3>
<ul>
<li>Updated with the latest files from crowdin</li>
</ul>
https://github.com/zaproxy/zap-core-help/releases/download/help_zh_CN-v3/help_zh_CN-beta-3.zap
SHA-256:959b718a307ca32c7807c0d327533765eeb6a0a799b9bc98a2a1e22b3b47bc5a
https://github.com/zaproxy/zap-core-help/
2022-01-18
656718
2.11.0
highlighter
Highlighter
Allows you to highlight strings in the request and response tabs.
ZAP Dev Team
8
highlighter-alpha-8.zap
alpha
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/highlighter-v8/highlighter-alpha-8.zap
SHA-256:4c4852bb2f42eb20dbe19a091e9025667947c73967a65770658333bedd01fccf
https://www.zaproxy.org/docs/desktop/addons/highlighter/
https://github.com/zaproxy/zap-extensions/
2021-10-07
115527
2.11.0
hud
HUD - Heads Up Display
Display information from ZAP in browser.
ZAP Dev Team
0.19.0
hud-beta-0.19.0.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.15.0.</li>
<li>Disable the HUD by default - it still works but its flaky, and currently not a focus for us.</li>
</ul>
https://github.com/zaproxy/zap-hud/releases/download/v0.19.0/hud-beta-0.19.0.zap
SHA-256:737239ce1b765ff32f9351a647594f22d725d319b94f7a2ef2cb153aadf832df
https://www.zaproxy.org/docs/desktop/addons/hud/
https://github.com/zaproxy/zap-hud/
2024-05-07
1382692
2.15.0
network
>= 0.1.0
websocket
imagelocationscanner
Image Location and Privacy Scanner
Image Location and Privacy Passive Scanner
Jay Ball (veggiespam) and the ZAP Dev Team
5
imagelocationscanner-beta-5.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.14.0.</li>
<li>Maintenance changes.</li>
</ul>
<h3>Added</h3>
<ul>
<li>Website alert links (Issue 8189).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/imagelocationscanner-v5/imagelocationscanner-beta-5.zap
SHA-256:4d95a4e8c09fbae9372a28b2501c57ac3789b2357f4988fc0dcdc3c11f3f0fe8
https://www.zaproxy.org/docs/desktop/addons/image-location-and-privacy-scanner/
https://github.com/zaproxy/zap-extensions/
2024-04-11
1147406
2.14.0
commonlib
>= 1.6.0 & < 2.0.0
invoke
Invoke Applications
Invoke external applications passing context related information such as URLs and parameters
ZAP Dev Team
16
invoke-beta-16.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/invoke-v16/invoke-beta-16.zap
SHA-256:439fd2ff1d090779bc9f874696286d1685dffa7b83624254c2b92a2daa943464
https://www.zaproxy.org/docs/desktop/addons/invoke-applications/
https://github.com/zaproxy/zap-extensions/
2025-01-09
323503
2.16.0
commonlib
>=1.23.0
jruby
Ruby Scripting
Allows Ruby to be used for ZAP scripting - templates included
ZAP Dev Team
8
jruby-beta-8.zap
beta
<h3>Changed</h3>
<ul>
<li>Update links to zaproxy repo.</li>
<li>Rename reliability to confidence in active/passive templates.</li>
<li>Maintenance changes.</li>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/jruby-v8/jruby-beta-8.zap
SHA-256:f5bb450a165f6c407b8d24f7b2776bdc7a2edb0b4b42aea385f8a6ad1ae605ca
https://www.zaproxy.org/docs/desktop/addons/ruby-scripting/
https://github.com/zaproxy/zap-extensions/
2021-10-07
21968128
2.11.0
jsonview
JSON View
Adds a view that shows JSON messages nicely formatted
Juha Kivekäs
3
jsonview-alpha-3.zap
alpha
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Update minimum ZAP version to 2.13.0.</li>
<li>Depend on Common Library add-on to reuse libraries (Issue 7961).</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Use other library to format the JSON bodies (Issue 7798).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/jsonview-v3/jsonview-alpha-3.zap
SHA-256:ddafbbced033cc937ef37182e3650119dee3c7e5f1ac4ded73ea42125467184d
https://www.zaproxy.org/docs/desktop/addons/json-view/
https://github.com/zaproxy/zap-extensions/
2023-09-07
120558
2.13.0
commonlib
>= 1.16.0 & < 2.0.0
jwt
JWT Support
Detect JWT requests and scan them to find related vulnerabilities
KSASAN preetkaran20@gmail.com
1.0.3
jwt-alpha-1.0.3.zap
alpha
<ul>
<li>First version of JWT Support.
<ul>
<li>Contains scanning rules for basic JWT related vulnerabilities.</li>
<li>Contains JWT Fuzzer for fuzzing the JWT's present in the request.</li>
</ul>
</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/jwt-alpha-1.0.3.zap
SHA-256:d3df8480010ad2df230cbdb99619aafdb869861349455c3da0129a99b132d204
https://github.com/SasanLabs/owasp-zap-jwt-addon/
2023-01-02
751748
2.11.1
commonlib
fuzz
13.*
jython
Python Scripting
Allows Python to be used for ZAP scripting - templates included
ZAP Dev Team
15
jython-beta-15.zap
beta
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Update Active and Passive Script Templates to include a <code>getMetadata</code> function. This will allow them to be used as regular scan rules.</li>
<li>Depend on the <code>commonlib</code> add-on for scan rule scripts.</li>
<li>Update minimum <code>scripts</code> add-on version to 45.1.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/jython-v15/jython-beta-15.zap
SHA-256:019a64ba85cc9021a841e7253ae14f619129b603ab2048bec9593f5d59c1da02
https://www.zaproxy.org/docs/desktop/addons/python-scripting/
https://github.com/zaproxy/zap-extensions/
2024-04-11
43315501
2.14.0
commonlib
>=1.24.0
scripts
>=45.2.0
kotlin
Kotlin Support
Allows Kotlin to be used for ZAP scripting
StackHawk Engineering
1.1.0
kotlin-alpha-1.1.0.zap
alpha
<h3>Changed</h3>
<ul>
<li>Use appropriate syntax style for highlighting of code.</li>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/kotlin-v1.1.0/kotlin-alpha-1.1.0.zap
SHA-256:85a47ea7199b77cfb09081302c277de2ba5e2102ef79907573ebcfa6425302e9
https://www.zaproxy.org/docs/desktop/addons/kotlin-support/
https://github.com/zaproxy/zap-extensions/
2021-10-07
48865539
2.11.0
levoai
Levo.ai
Build OpenAPI Specs with ZAP traffic using Levo.ai.
Levo.ai
0.3.0
levoai-zap-addon-alpha-0.3.0.zap
alpha
<h3>Added</h3>
<ul>
<li>Option to configure an organization ID that is added as a header in the requests made to the Satellite.</li>
<li>Option to specify the environment under which the discovered apps will be shown in the Levo dashboard.</li>
<li>Set the sensor type in the requests made to the Satellite.</li>
</ul>
https://github.com/levoai/levoai-zap-addon/releases/download/v0.3.0/levoai-zap-addon-alpha-0.3.0.zap
SHA-256:1a86d7c288bf4284e83f54203f4ed8dd7d40b2bd47fbb8f8f853da67676269d2
https://levo.ai
https://github.com/levoai/levoai-zap-addon
2024-07-10
2465951
2.12.0
maplocal
Map Local
Allows mapping of responses to content of a chosen local file.
Keindel (Andrey Maksimov)
0.0.1
maplocal-alpha-0.0.1.zap
alpha
<ul>
<li>First version of Map Local extension. Provides feature to map Response Body to a content of chosen local file.
<ul>
<li>Has status panel in UI with 3 columns: Enabled / URL / Local Path.</li>
<li>Has add / edit dialog with browse button to choose file.</li>
<li>Has file choice verification check.</li>
<li>Popup menus in sites and history, edit / remove - popups in status panel.</li>
<li>Persists to session DB.</li>
</ul>
</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/2.7/maplocal-alpha-0.0.1.zap
SHA-256:d3ecd2a6e23b06ffed8646ee2314d921a1c1925c3ab08070a624a090734ebdca
https://github.com/Keindel/owasp-zap-maplocal-addon
2023-10-05
49040
2.12.0
neonmarker
Neonmarker
Colors history table items based on tags
Juha Kivekäs, Kingthorin
1.8.0
neonmarker-alpha-1.8.0.zap
alpha
<h3>Changed</h3>
<ul>
<li>Adjust initialization of the Tags list</li>
</ul>
https://github.com/kingthorin/neonmarker/releases/download/v1.8.0/neonmarker-alpha-1.8.0.zap
SHA-256:b4a52ab49d887fa1772b4b371d9ec9e48f2bb5dd0add25f21130b9e58e053e0b
https://www.zaproxy.org/docs/desktop/addons/neonmarker/
https://github.com/kingthorin/neonmarker
2025-02-14
35958
2.16.0
pscan
>=0.2.0
network
Network
Provides core networking capabilities.
ZAP Dev Team
0.20.0
network-beta-0.20.0.zap
beta
<h3>Added</h3>
<ul>
<li>Set the local address where (e.g. server, proxy) the request header was received.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/network-v0.20.0/network-beta-0.20.0.zap
SHA-256:c1465cf14a3d9720735698808e17f79c1890d9f2931027eead65da208803ec9c
https://www.zaproxy.org/docs/desktop/addons/network/
https://github.com/zaproxy/zap-extensions/
2025-01-09
28127964
2.16.0
oast
OAST Support
Allows you to exploit out-of-band vulnerabilities
ZAP Dev Team
0.21.0
oast-beta-0.21.0.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Maintenance changes.</li>
<li>Include the handler and source when logging interactions not found in the permanent database.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/oast-v0.21.0/oast-beta-0.21.0.zap
SHA-256:397c614b2a668fb26c6b327c489ee1b6c580440d90ca966e7ce33811ee1dad60
https://www.zaproxy.org/docs/desktop/addons/oast-support/
https://github.com/zaproxy/zap-extensions/
2025-01-09
904504
2.16.0
database
>= 0.6.0
network
>= 0.1.0
onlineMenu
Online menus
ZAP Online menu items
ZAP Dev Team
14
onlineMenu-release-14.zap
release
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/onlineMenu-v14/onlineMenu-release-14.zap
SHA-256:da47b95478c008545f403ffc20640c12c6215211e93727118f0854a2e40c5794
https://www.zaproxy.org/docs/desktop/addons/online-menu/
https://github.com/zaproxy/zap-extensions/
2025-01-09
208647
2.16.0
openapi
OpenAPI Support
Imports and spiders OpenAPI definitions.
ZAP Dev Team plus Joanna Bona, Nathalie Bouchahine, Artur Grzesica, Mohammad Kamar, Markus Kiss, Michal Materniak, Marcin Spiewak, and SDA SE Open Industry Solutions
44
openapi-beta-44.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Depend on newer version of Common Library add-on (Issue 8016).</li>
<li>Fields with default or missing values are omitted for the <code>openapi</code> job in saved Automation Framework plans.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/openapi-v44/openapi-beta-44.zap
SHA-256:e0c15ccdf49c083b6992bc3ef0175e1aa24bc32912ec3dbdcc7b71beafe46a46
https://www.zaproxy.org/docs/desktop/addons/openapi-support/
https://github.com/zaproxy/zap-extensions/
2025-01-09
11575879
2.16.0
commonlib
>= 1.29.0 & < 2.0.0
packpentester
Collection: Pentester Pack
A collection of add-ons ideal for pentesters
ZAP Dev Team
0.1.0
packpentester-alpha-0.1.0.zap
alpha
<h3>Fixed</h3>
<ul>
<li>Corrected fuzz add-on name</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/packpentester-v0.1.0/packpentester-alpha-0.1.0.zap
SHA-256:0b8e7e4ddffdcacf46fdf9793bf84217738e281cbd5ccac732788c4b768d069c
https://www.zaproxy.org/docs/desktop/addons/collection-pentester-pack/
https://github.com/zaproxy/zap-extensions/
2022-05-12
6792
2.11.1
accessControl
attacksurfacedetector
custompayloads
evalvillain
fileupload
fuzz
fuzzdb
jsonview
jwt
requester
viewstate
wappalyzer
packscanrules
Collection: Scan Rules Pack
All of the add-ons just containing release, beta and alpha status scan rules
ZAP Dev Team
0.0.1
packscanrules-alpha-0.0.1.zap
alpha
<p>First version.</p>
https://github.com/zaproxy/zap-extensions/releases/download/packscanrules-v0.0.1/packscanrules-alpha-0.0.1.zap
SHA-256:5ad68f153379bd96f36a7bead61e884cc42e1409cdd262dffc682b5f7bf92da4
https://www.zaproxy.org/docs/desktop/addons/collection-scan-rules-pack/
https://github.com/zaproxy/zap-extensions/
2022-05-13
9244
2.11.1
ascanrules
ascanrulesAlpha
ascanrulesBeta
domxss
pscanrules
pscanrulesAlpha
pscanrulesBeta
retire
paramdigger
Parameter Digger
Identify hidden, unlinked parameters. Useful for finding web cache poisoning vulnerabilities.
ZAP Dev Team and Arkaprabha Chakraborty
0.3.0
paramdigger-alpha-0.3.0.zap
alpha
<h3>Added</h3>
<ul>
<li>Support for menu weights (Issue 8369)</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Update minimum ZAP version to 2.15.0.</li>
<li>The output panel is now properly reset on ZAP session change (part of Issue 7694).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/paramdigger-v0.3.0/paramdigger-alpha-0.3.0.zap
SHA-256:585e4853c7cbc3c925ea4d5e1cfbcd6d8a3d4a20b00bdd49f582743cc6a9e281
https://www.zaproxy.org/docs/desktop/addons/parameter-digger/
https://github.com/zaproxy/zap-extensions/
2024-07-15
561541
2.15.0
commonlib
>= 1.23.0 & < 2.0.0
plugnhack
Plug-n-Hack Configuration
Supports the Mozilla Plug-n-Hack standard: https://developer.mozilla.org/en-US/docs/Plug-n-Hack.
ZAP Dev Team
13
plugnhack-beta-13.zap
beta
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Update minimum ZAP version to 2.12.0.</li>
<li>Use Network add-on to obtain main proxy address/port.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/plugnhack-v13/plugnhack-beta-13.zap
SHA-256:8d74b572bb7e08d09ebcfd10da9f2f65f7970f9452feadb8bbe69c8037b80ee2
https://www.zaproxy.org/docs/desktop/addons/plug-n-hack/
https://github.com/zaproxy/zap-extensions/
2022-10-27
736005
2.12.0
network
>= 0.2.0
postman
Postman Support
Imports and spiders Postman collections.
ZAP Dev Team
0.6.0
postman-alpha-0.6.0.zap
alpha
<h3>Fixed</h3>
<ul>
<li>Correct deserialization of headers.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/postman-v0.6.0/postman-alpha-0.6.0.zap
SHA-256:ee4b5db5adaea09367730c05b544920c939dffbb44e0d9c343f7bb7b58d3ef10
https://www.zaproxy.org/docs/desktop/addons/postman-support/
https://github.com/zaproxy/zap-extensions/
2025-02-03
283411
2.16.0
commonlib
>= 1.16.0 & < 2.0.0
pscan
Passive Scanner
Provides core passive scanning capabilities.
ZAP Dev Team
0.2.0
pscan-alpha-0.2.0.zap
alpha
<h3>Added</h3>
<ul>
<li>Allow add-ons to obtain the auto tagging tags.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Correct help configuration to work with any language.</li>
<li>Maintenance changes.</li>
<li>Clarified passiveScan-wait > maxDuration documentation.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix broken link the help page.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/pscan-v0.2.0/pscan-alpha-0.2.0.zap
SHA-256:136d098e5ba3d3b2be71ee33fa3bd9cb0464a3f754fd5859763103d4ba12f354
https://www.zaproxy.org/docs/desktop/addons/passive-scanner/
https://github.com/zaproxy/zap-extensions/
2025-02-12
140324
2.16.0
pscanrules
Passive scanner rules
The release status Passive Scanner rules
ZAP Dev Team
62
pscanrules-release-62.zap
release
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Updated help with specific Category identifiers for use with the Custom Payloads add-on for rules:
<ul>
<li>Application Error Disclosure</li>
<li>Information Disclosure - Suspicious Comments</li>
<li>Username Hash Found</li>
</ul>
</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v62/pscanrules-release-62.zap
SHA-256:ff7b0c4590ed29c9a1fa60ef1c9acb9442ba9d9590e6d3af2ec90b048adadf32
https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules/
https://github.com/zaproxy/zap-extensions/
2025-01-10
1927785
2.16.0
commonlib
>= 1.17.0 & < 2.0.0
pscan
pscanrulesAlpha
Passive scanner rules (alpha)
The alpha status Passive Scanner rules
ZAP Dev Team
43
pscanrulesAlpha-alpha-43.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.15.0.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Alert text for various rules has been updated to more consistently use periods and spaces in a uniform manner.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesAlpha-v43/pscanrulesAlpha-alpha-43.zap
SHA-256:753feca8952877c7da72cbbdd54940d05f6b7e59324164e05aa9611d3f872746
https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules-alpha/
https://github.com/zaproxy/zap-extensions/
2024-09-02
560614
2.15.0
commonlib
>= 1.17.0 & < 2.0.0
pscanrulesBeta
Passive scanner rules (beta)
The beta status Passive Scanner rules
ZAP Dev Team
42
pscanrulesBeta-beta-42.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Updated help with specific Category identifier for use with the Custom Payloads add-on for the "Dangerous JS Functions" rule.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix typo in log message.</li>
<li>Fix Insufficient Site Isolation scan rule check that filters responses based on whether a response is a success or not.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesBeta-v42/pscanrulesBeta-beta-42.zap
SHA-256:91626262fbe76d097b508a2e85b3192c8b12645dfb82387715ac12358989d562
https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules-beta/
https://github.com/zaproxy/zap-extensions/
2025-01-15
678315
2.16.0
commonlib
>= 1.10.0 & < 2.0.0
quickstart
Quick Start
Provides a tab which allows you to quickly test a target application
ZAP Dev Team
51
quickstart-release-51.zap
release
<h3>Added</h3>
<ul>
<li>Stats counter to the main toolbar button (Issue 8375).</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Depend on Passive Scanner add-on (Issue 7959).</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>An exception that prevented the look and feel from changing completely.</li>
<li>Issues setting the AJAX Spider options.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/quickstart-v51/quickstart-release-51.zap
SHA-256:907d8ef64109a853974222b3a64d2021335d19db426f8670134e8d7312bdc0ce
https://www.zaproxy.org/docs/desktop/addons/quick-start/
https://github.com/zaproxy/zap-extensions/
2025-01-10
774568
2.16.0
callhome
>= 0.0.1
network
>= 0.3.0
pscan
>= 0.1.0 & < 1.0.0
reports
>= 0.4.0
reflect
Reflect
Finds reflected parameters
Caleb Kinney
0.0.11
reflect-alpha-0.0.11.zap
alpha
https://github.com/zaproxy/zap-extensions/releases/download/2.7/reflect-alpha-0.0.11.zap
SHA-256:c45307037042e4079546a5fcb17d1165475e5cdd5ba7e8abc0d2cf0a14866466
https://github.com/TypeError/reflect/
2021-02-19
1780219
2.9.0
regextester
Regular Expression Tester
Allows to test Regular Expressions
ZAP Dev Team
2
regextester-alpha-2.zap
alpha
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Close dialogues when the add-on is uninstalled.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/regextester-v2/regextester-alpha-2.zap
SHA-256:b4706709c16a45e8bedc0bd6f28dd09532d5dbf3f1fe2c2853e20dbf6160a584
https://www.zaproxy.org/docs/desktop/addons/regular-expression-tester/
https://github.com/zaproxy/zap-extensions/
2021-10-07
159441
2.11.0
replacer
Replacer
Easy way to replace strings in requests and responses.
ZAP Dev Team
20
replacer-release-20.zap
release
<h3>Fixed</h3>
<ul>
<li>Typo in automation job help.</li>
<li>Address misleading warning <code>Unrecognised parameter</code> for <code>deleteAllRules</code> (Issue 8764).</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Fields with default or missing values are omitted for the <code>replacer</code> job in saved Automation Framework plans.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/replacer-v20/replacer-release-20.zap
SHA-256:632ffa3e1a323b86c873a92285a308d052c7090b52721fdbc5a507e8baa001e0
https://www.zaproxy.org/docs/desktop/addons/replacer/
https://github.com/zaproxy/zap-extensions/
2025-01-10
445124
2.16.0
reports
Report Generation
Official ZAP Reports.
ZAP Dev Team
0.36.0
reports-release-0.36.0.zap
release
https://github.com/zaproxy/zap-extensions/releases/download/reports-v0.36.0/reports-release-0.36.0.zap
SHA-256:d315cdbcf18acd9f76c3a7dae5e50dac9810d890de89a529354902b90578b462
https://www.zaproxy.org/docs/desktop/addons/report-generation/
https://github.com/zaproxy/zap-extensions/
2025-02-12
14871347
2.16.0
commonlib
>= 1.17.0 & < 2.0.0
requester
Requester
Allows to manually edit and send messages.
Surikato and the ZAP Dev Team
7.8.0
requester-beta-7.8.0.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/requester-v7.8.0/requester-beta-7.8.0.zap
SHA-256:b18fdf0717b90407b770d9bcdae9898fe2365935c03e6a133520750b1dd3e9a7
https://www.zaproxy.org/docs/desktop/addons/requester/
https://github.com/zaproxy/zap-extensions/
2025-01-10
763103
2.16.0
commonlib
>=1.23.0
retest
Retest
An add-on to retest for presence/absence of previously generated alerts.
ZAP Dev Team
0.11.0
retest-alpha-0.11.0.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>To handle automation class changes.</li>
<li>Depend on newer version of Passive Scanner add-on (Issue 7959).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/retest-v0.11.0/retest-alpha-0.11.0.zap
SHA-256:26ad328ba5bcb144c20076949aacacf6c352121ee74f5bf4a813ccdd8945e35f
https://www.zaproxy.org/docs/desktop/addons/retest/
https://github.com/zaproxy/zap-extensions/
2025-01-10
259775
2.16.0
automation
>=0.44.0
commonlib
>= 1.17.0 & < 2.0.0
pscan
>= 0.1.0 & < 1.0.0
retire
Retire.js
Use Retire.js to identify vulnerable or out-dated JavaScript packages.
Nikita Mundhada and the ZAP Dev Team
0.44.0
retire-release-0.44.0.zap
release
<h3>Changed</h3>
<ul>
<li>Updated with upstream retire.js pattern changes.</li>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.44.0/retire-release-0.44.0.zap
SHA-256:e232890eb35f0b1047e185bd7a72a3e2c7f741ce70641142e82194c799a7cbd0
https://www.zaproxy.org/docs/desktop/addons/retire.js/
https://github.com/zaproxy/zap-extensions/
2025-01-10
1000688
2.16.0
commonlib
>= 1.16.0 & < 2.0.0
reveal
Reveal
Show hidden fields and enable disabled fields
ZAP Dev Team
9
reveal-release-9.zap
release
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/reveal-v9/reveal-release-9.zap
SHA-256:d3559b0d4ed9a32a1423410a4fec3d48b7cdd85d138457d87cd4f0fade0efbbf
https://www.zaproxy.org/docs/desktop/addons/reveal/
https://github.com/zaproxy/zap-extensions/
2025-01-10
238840
2.16.0
revisit
Revisit
Revisit a site at any time in the past using the session history
ZAP Dev Team
5
revisit-alpha-5.zap
alpha
<h3>Changed</h3>
<ul>
<li>Maintenance changes.</li>
<li>Update minimum ZAP version to 2.14.0.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Prevent exception when processing history after deleting messages.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/revisit-v5/revisit-alpha-5.zap
SHA-256:cdaf29b98bab8f5f899840950974837122bab6f00a9dc7ec72aecdffd6b83c02
https://www.zaproxy.org/docs/desktop/addons/revisit/
https://github.com/zaproxy/zap-extensions/
2023-10-23
302425
2.14.0
saml
SAML Support
Detect, Show, Edit, Fuzz SAML requests
ZAP Dev Team
10
saml-alpha-10.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.12.0.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/saml-v10/saml-alpha-10.zap
SHA-256:097492271c7ec1d85def81091ffe897f4809927043844d1f5f0c7c598a0ad164
https://www.zaproxy.org/docs/desktop/addons/saml-support/
https://github.com/zaproxy/zap-extensions/
2022-10-28
1811985
2.12.0
scanpolicies
Scan Policies
A set of standard scan policies.
ZAP Dev Team
0.2.0
scanpolicies-alpha-0.2.0.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix link in the help page.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/scanpolicies-v0.2.0/scanpolicies-alpha-0.2.0.zap
SHA-256:44be8edf3017e42642c574f2628e078c8196ad92225ebfbcea8c0ed59deabe1e
https://www.zaproxy.org/docs/desktop/addons/scan-policies/
https://github.com/zaproxy/zap-extensions/
2025-01-10
278397
2.16.0
scripts
Script Console
Supports all JSR 223 scripting languages
ZAP Dev Team
45.8.0
scripts-release-45.8.0.zap
release
<h3>Added</h3>
<ul>
<li>Report indirect script errors while the Automation Framework plans are running (Issue 8586).</li>
<li>Standardized Policy Tags to the base Scripts Active Scanner.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Fields with default or missing values are omitted for the <code>script</code> job in saved Automation Framework plans.</li>
<li>Depends on an updated version of the Common Library add-on.</li>
<li>Depend on Passive Scanner add-on (Issue 7959).</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Correct auto-complete suggestions for parameters of Passive Rules.</li>
<li>Some script errors were not being propagated to the output correctly.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/scripts-v45.8.0/scripts-release-45.8.0.zap
SHA-256:64af074096d73a1caad2a73d4e0ee013a296aeb7a756cd76ec3ee7a89d941472
https://www.zaproxy.org/docs/desktop/addons/script-console/
https://github.com/zaproxy/zap-extensions/
2025-01-10
5197081
2.16.0
commonlib
>=1.29.0
pscan
>= 0.1.0 & < 1.0.0
selenium
Selenium
WebDriver provider and includes HtmlUnit browser
ZAP Dev Team
15.33.0
selenium-release-15.33.0.zap
release
<h3>Added</h3>
<ul>
<li>Allow to log browser's <code>console.log</code>, done at DEBUG level with the name <code>org.zaproxy.webdriver</code>.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Use WebDriver BiDi with Chrome.</li>
<li>Update Selenium to version 4.28.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.33.0/selenium-release-15.33.0.zap
SHA-256:14bd671497bec531c2fd884ea1fe255140bc473397c5cab1f8369ca52581e64b
https://www.zaproxy.org/docs/desktop/addons/selenium/
https://github.com/zaproxy/zap-extensions/
2025-01-23
34991613
2.16.0
commonlib
>=1.23.0
network
>=0.2.0
sequence
Sequence
Gives the possibility of defining a sequence of requests to be scanned.
ZAP Dev Team
8
sequence-beta-8.zap
beta
<h3>Added</h3>
<ul>
<li>Add Automation Framework jobs:
<ul>
<li><code>sequence-import</code> to import HARs as sequences.</li>
<li><code>sequence-activeScan</code> to active scan sequences.</li>
</ul>
</li>
<li>Data for reporting.</li>
<li>Stats for import automation and active scan.</li>
<li>Sequence active scan policy which will be used if neither a policy nor policyDefinition are set.</li>
<li>Add Import top level menu item to import HAR as sequence.</li>
<li>Active Scan Sequence dialog.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Depend on Import/Export add-on to allow to import HARs as sequences.</li>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Maintenance changes.</li>
<li>Sequence scan implementation.</li>
<li>Promoted to beta.</li>
</ul>
<h3>Removed</h3>
<ul>
<li>Sequence panel from the Active Scan dialog.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/sequence-v8/sequence-beta-8.zap
SHA-256:8419a137caf10cf117523db84f886142116f1e694ca1da44b4481567915e1d6d
https://www.zaproxy.org/docs/desktop/addons/sequence-scanner/
https://github.com/zaproxy/zap-extensions/
2025-01-10
1609867
2.16.0
exim
>= 0.13
network
zest
48.*
soap
SOAP Support
Imports and scans WSDL files containing SOAP endpoints.
Alberto (albertov91) + ZAP Dev Team
24
soap-beta-24.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Depend on newer version of Common Library add-on (Issue 8016).</li>
<li>Fields with default or missing values are omitted for the <code>soap</code> job in saved Automation Framework plans.</li>
</ul>
<h3>Added</h3>
<ul>
<li>Standardized Scan Policy related alert tags on scan rules.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/soap-v24/soap-beta-24.zap
SHA-256:93f1d7d0caa933d4e37658a43480804f94cb0365d8f2e94378cc56e3742a0b0e
https://www.zaproxy.org/docs/desktop/addons/soap-support/
https://github.com/zaproxy/zap-extensions/
2025-01-10
12911506
2.16.0
commonlib
>= 1.29.0 & < 2.0.0
spider
Spider
Spider used for automatically finding URIs on a site.
ZAP Dev Team
0.13.0
spider-release-0.13.0.zap
release
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Depend on newer version of Common Library add-on (Issue 8016).</li>
<li>Updated automation framework documentation and templates for <code>spider</code> job to reflect changes to the default value of threadCount parameter</li>
<li>Fields with default or missing values are omitted for the <code>spider</code> job in saved Automation Framework plans.</li>
</ul>
<h3>Removed</h3>
<ul>
<li>Remove non-functional option "request wait time" from the API and Automation Framework.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/spider-v0.13.0/spider-release-0.13.0.zap
SHA-256:2a3fae4d5a1d10faf860cbd8a8d314d44e4688dacc54d32b9d876ae6ef00b65e
https://www.zaproxy.org/docs/desktop/addons/spider/
https://github.com/zaproxy/zap-extensions/
2025-01-10
1163083
2.16.0
commonlib
>= 1.29.0 & < 2.0.0
database
network
>=0.3.0
spiderAjax
Ajax Spider
Allows you to spider sites that make heavy use of JavaScript using Crawljax
ZAP Dev Team
23.22.0
spiderAjax-release-23.22.0.zap
release
<h3>Added</h3>
<ul>
<li>Option to enable browser extensions added by other add-ons, previously they were always enabled but now the default is false.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Updated automation framework documentation and templates for <code>spiderAjax</code> job to reflect changes to the default value of numberOfBrowsers parameter</li>
<li>Fields with default or missing values are omitted for the <code>spiderAjax</code> job in saved Automation Framework plans.</li>
<li>Default the number of browsers to the number of available cores.</li>
<li>Updated the job GUI to add an aditional "Elements" tab.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/spiderAjax-v23.22.0/spiderAjax-release-23.22.0.zap
SHA-256:7f19f8426d16ac694aa2bdaf30864f4dd28e90d00fca69c4d2bc505532873557
https://www.zaproxy.org/docs/desktop/addons/ajax-spider/
https://github.com/zaproxy/zap-extensions/
2025-01-10
7571393
2.16.0
commonlib
>= 1.23.0 & < 2.0.0
network
>=0.11.0
selenium
15.*
sqliplugin
Advanced SQLInjection Scanner
An advanced active injection bundle for SQLi (derived by SQLMap)
Andrea Pompili (Yhawke)
15
sqliplugin-beta-15.zap
beta
<h3>Fixed</h3>
<ul>
<li>Re-ordered variable initialization to prevent an NPE.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/sqliplugin-v15/sqliplugin-beta-15.zap
SHA-256:76e857bd2fea0b57b641862ea5bef46365ac1b03a19371c5e818a5401f7d9384
https://www.zaproxy.org/docs/desktop/addons/advanced-sqlinjection-scanner/
https://github.com/zaproxy/zap-extensions/
2021-10-20
534349
2.11.0
commonlib
>= 1.5.0 & < 2.0.0
sse
Server-Sent Events
Allows you to view Server-Sent Events (SSE) communication.
ZAP Dev Team
13
sse-alpha-13.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.15.0.</li>
<li>Maintenance changes.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>More gracefully handle missing value for "id" field (Issue 8320)</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/sse-v13/sse-alpha-13.zap
SHA-256:38cf84e00664287e691606f473343ba0c0db0711c4f895312d0d482c3354731b
https://www.zaproxy.org/docs/desktop/addons/server-sent-events/
https://github.com/zaproxy/zap-extensions/
2024-05-21
330079
2.15.0
svndigger
SVN Digger Files
SVN Digger files which can be used with ZAP forced browsing
ZAP Dev Team
4
svndigger-release-4.zap
release
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add repo URL.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Promote to release status.</li>
<li>Change info URL to link to the site.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/svndigger-v4/svndigger-release-4.zap
SHA-256:5556efdf3fdb84ebd6cf3e76ca31e3fb6fb57c002cf14b2cf2f05f67bf2b622a
https://www.zaproxy.org/docs/desktop/addons/svn-digger-files/
https://github.com/zaproxy/zap-extensions/
2021-10-07
713963
2.11.0
tips
Tips and Tricks
Display ZAP Tips and Tricks
ZAP Dev Team
14
tips-beta-14.zap
beta
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/tips-v14/tips-beta-14.zap
SHA-256:732458ced13378724804c26a84a31383fca18db397841b03a2e7e7743504e192
https://www.zaproxy.org/docs/desktop/addons/tips-and-tricks/
https://github.com/zaproxy/zap-extensions/
2025-01-10
572632
2.16.0
tokengen
Token Generation and Analysis
Allows you to generate and analyze pseudo random tokens, such as those used for session handling or CSRF protection
ZAP Dev Team
15
tokengen-beta-15.zap
beta
<h3>Changed</h3>
<ul>
<li>Now using 2.10 logging infrastructure (Log4j 2.x).</li>
<li>Maintenance changes.</li>
<li>Update minimum ZAP version to 2.11.0.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/tokengen-v15/tokengen-beta-15.zap
SHA-256:daef1d13d44a76b8735a30ed9e1e50fa87a85d02728bd7ae575197d173f942f9
https://www.zaproxy.org/docs/desktop/addons/token-generator/
https://github.com/zaproxy/zap-extensions/
2021-10-07
525206
2.11.0
treetools
TreeTools
Tools to add functionality to the tree view.
Carl Sampson
8
treetools-beta-8.zap
beta
<h3>Added</h3>
<ul>
<li>Add help.</li>
<li>Add info and repo URLs.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/treetools-v8/treetools-beta-8.zap
SHA-256:b7f61f8939937ebc120bce8deb72713d7676087056e88801df2573112e7642e4
https://www.zaproxy.org/docs/desktop/addons/treetools/
https://github.com/zaproxy/zap-extensions/
2021-10-07
128931
2.11.0
viewstate
ViewState
ASP/JSF ViewState Decoder and Editor
Calum Hutton
3
viewstate-alpha-3.zap
alpha
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.11.0.</li>
<li>Maintenance changes.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/viewstate-v3/viewstate-alpha-3.zap
SHA-256:715caefd591415e79b32195361fea82aa8c6357b24e69530c22fde0a1b6dad17
https://www.zaproxy.org/docs/desktop/addons/viewstate/
https://github.com/zaproxy/zap-extensions/
2021-10-07
148716
2.11.0
wappalyzer
Technology Detection
Technology detection using various fingerprints and identifiers.
ZAP Dev Team
21.44.0
wappalyzer-release-21.44.0.zap
release
<h3>Changed</h3>
<ul>
<li>Updated with enthec upstream icon and pattern changes.</li>
<li>Update minimum ZAP version to 2.16.0.</li>
<li>Depend on Passive Scanner add-on (Issue 7959).</li>
<li>The scan rule no longer sets a CWE for alerts (Issue 8733).</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/wappalyzer-v21.44.0/wappalyzer-release-21.44.0.zap
SHA-256:b740a362994d4d21ec06be7b96889bb82c9743b9c2baecd8682c3758dd9f82bc
https://www.zaproxy.org/docs/desktop/addons/technology-detection/
https://github.com/zaproxy/zap-extensions/
2025-01-15
20162575
2.16.0
commonlib
>= 1.17.0 & < 2.0.0
pscan
>= 0.1.0 & < 1.0.0
webdriverlinux
Linux WebDrivers
Linux WebDrivers for Firefox and Chrome.
ZAP Dev Team
124
webdriverlinux-release-124.zap
release
<h3>Changed</h3>
<ul>
<li>Update ChromeDriver to 133.0.6943.98.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/webdriverlinux-v124/webdriverlinux-release-124.zap
SHA-256:c74ad417e0eb00efa73e3ae26aa2878462d47e6e65d82ffb8ce3cdcf4bb4ccf8
https://www.zaproxy.org/docs/desktop/addons/linux-webdrivers/
https://github.com/zaproxy/zap-extensions/
2025-02-13
15499896
2.16.0
webdrivermacos
MacOS WebDrivers
MacOS WebDrivers for Firefox and Chrome.
ZAP Dev Team
124
webdrivermacos-release-124.zap
release
<h3>Changed</h3>
<ul>
<li>Update ChromeDriver to 133.0.6943.98.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/webdrivermacos-v124/webdrivermacos-release-124.zap
SHA-256:5391cb646e84b82b6241730a79b0a6079c2001c2325c78ccc7d71460e2fdc062
https://www.zaproxy.org/docs/desktop/addons/macos-webdrivers/
https://github.com/zaproxy/zap-extensions/
2025-02-13
20486487
2.16.0
webdriverwindows
Windows WebDrivers
Windows WebDrivers for Firefox and Chrome.
ZAP Dev Team
124
webdriverwindows-release-124.zap
release
<h3>Changed</h3>
<ul>
<li>Update ChromeDriver to 133.0.6943.98.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/webdriverwindows-v124/webdriverwindows-release-124.zap
SHA-256:d62cca9feec8a398d25d11a382da8701fea035b1ab396894077d2a502466c778
https://www.zaproxy.org/docs/desktop/addons/windows-webdrivers/
https://github.com/zaproxy/zap-extensions/
2025-02-13
21008834
2.16.0
websocket
WebSockets
Allows you to inspect WebSocket communication.
ZAP Dev Team
32
websocket-release-32.zap
release
<h3>Changed</h3>
<ul>
<li>Update minimum ZAP version to 2.16.0.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Correct location/function of New Context context menu item.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/websocket-v32/websocket-release-32.zap
SHA-256:13c71928791c0e101880621a10e597c8f69076b352891beb6b827392f5b3c2f0
https://www.zaproxy.org/docs/desktop/addons/websockets/
https://github.com/zaproxy/zap-extensions/
2025-01-10
1402521
2.16.0
commonlib
>=1.23.0
zest
Zest - Graphical Security Scripting Language
A graphical security scripting language, ZAPs macro language on steroids
ZAP Dev Team
48.3.0
zest-beta-48.3.0.zap
beta
<h3>Changed</h3>
<ul>
<li>Enable ZAP API in the authentication runner so ZAP browser extension callbacks work.</li>
</ul>
https://github.com/zaproxy/zap-extensions/releases/download/zest-v48.3.0/zest-beta-48.3.0.zap
SHA-256:c8ed8c347ee29d42044286c3d20d5d59f3b7ef63af5444db758e026f2d8c5a77
https://www.zaproxy.org/docs/desktop/addons/zest/
https://github.com/zaproxy/zap-extensions/
2025-02-07
3035514
2.16.0
commonlib
>=1.24.0
network
>=0.2.0
pscan
>= 0.1.0 & < 1.0.0
scripts
>=45.2.0
selenium
>= 15.13.0