The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
Features
- Intercepting proxy
- Automated scanner
- Passive scanner
- Spider
Next Release
The next release of OWASP ZAP, planned for later this year, is expected to include:
- OWASP rebranding
- Improvements to the passive and active automated scanners
- Improvements the Spider
- The addition a basic port scanner
- The ability to brute force files and directories (using components from DirBuster)
ZAP is actually a fork from Paros Proxy.
You can download ZAP v1.0 here:
Cross Platform – ZAP_1.0.0b_installation.tar.gz
Windows Installer – ZAP_1.0.0_installer.exe
Or read more here.