The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
- Intercepting proxy
- Automated scanner
- Passive scanner
The next release of OWASP ZAP, planned for later this year, is expected to include:
- OWASP rebranding
- Improvements to the passive and active automated scanners
- Improvements the Spider
- The addition a basic port scanner
- The ability to brute force files and directories (using components from DirBuster)
ZAP is actually a fork from Paros Proxy.
You can download ZAP v1.0 here:
Or read more here.
- CMSmap – Content Management System Security Scanner
- Windows Credentials Editor (WCE) – List, Add & Change Logon Sessions
- Droopescan – Plugin Based CMS Security Scanner
- Zed Attack Proxy – ZAProxy v1.3.0 Released – Integrated Penetration Testing Tool
- OWASP (Open Web Application Security Project) Testing Guide v3 Released
- OWASP Bricks – Modular Deliberately Vulnerable Web Application
Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,891,661 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,101,802 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 635,179 views