OWASP Zed Attack Proxy ZAP V- released.

OWASP Zed Attack Proxy (ZAP) is an easy-to-use integrated penetration testing tool for finding vulnerabilities in Web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester’s toolbox. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Platform: Windows, MacOS & Unix/Linux

ChangesLog V-1.4.0:

  1. Add Syntax highlighting to Response Panel – The HTML panels now support switchable syntax highlighting.
  2. fuzzdb integration  – The fuzzer includes fuzzdb (http://code.google.com/p/fuzzdb/) fuzzing files. Note that some fuzzdb files have been left out as they cause common anti virus scanners to flag them as containing viruses. You can replace them (and upgrade fuzzdb) by downloading the latest version of fuzzdb and expanding it in the ‘fuzzers’ library.
  3.  Parameter analysis – A new Params tab shows a summary of all of the parameters a site has used.
  4. Enhanced XSS scanner – The Cross Site Scripting active scanner has been rewritten from scratch to find more potential XSS issues and report fewer false positives.
  5. Port the Watcher passive checks
  6. Plugable extensions
  7. And Some minor Bug Fixes.

Some of ZAP’s features:

  • Intercepting Proxy
  • Active scanner
  • Passive scanner
  • Brute Force scanner
  • Spider
  • Fuzzer
  • Port Scanner
  • Dynamic SSL certificates
  • API
  • Beanshell integration

Download Latest Update :
Mac OS :   ZAP_1.4.0.1_Mac_OS_X.zip (39.5 MB)
Windows :  ZAP_1.4.0.1_Windows.exe (35.4 MB)
Unix/Linux : ZAP_1.4.0.1_Linux.tar.gz (38.0 MB)

Find Other Version |