Home
This project contains extensions for the OWASP Zed Attack Proxy (ZAP).
If you are using the latest version of ZAP then you can browse and download add-ons from within ZAP by clicking on this button in the toolbar:
You can also import add-ons you have downloaded manually via the "File / Load Add-on file..." menu option.
This project also contains example templates to help you get started when developing new ZAP extensions.
For a summary of the ways you can extend ZAP see https://github.com/zaproxy/zaproxy/wiki/DevExtending
For some general notes on developing ZAP see the wiki
If you have any questions about developing extensions for ZAP please ask them on the ZAP Developer forum.
We are happy to host the source code and/or release jars for your ZAP extensions in this project - please get in touch via the ZAP Developer forum.
- Introduction
-
2.0 Add-ons
- Add-ons: Release
- Add-ons: Beta
-
Add-ons: Alpha
-
Active Scan Rules - alpha
-
Access Control Testing
-
All In One Notes
-
Authentication Statistics
- Browser View
- Bug Tracker
-
Code Dx
-
Community Scripts
- Custom Payloads
- Custom Report
- DOM XSS Active Scan Rule
- Export Report
-
Form Handler
-
Groovy Scripting
-
HTTPS Info Add-on
-
Open API Specification Support
-
Passive Scan Rules - alpha
-
Replacer
-
Revisit
-
Server-Sent Events
-
Sequence Scanner
-
Simple Example
-
SOAP Scanner
-
SNI Terminator
-
Technology Detection
-
TLS Debug
-
- Add-on Development
- Add-on Structure
- Add-on Debugging
- Examples
- Upgrade
- Code Structure
- 1.4 Add-ons
(This is work in progress;)