OWASP ZAP – ZAP Marketplace

ZAP Marketplace contains ZAP add-ons which have been written by the ZAP team and the community. The add-ons help to extend the functionalities of ZAP. If you are using the latest version of ZAP then you can browse and download add-ons from within ZAP by clicking on this button in the toolbar:

add-ons button

You can also import the add-ons that you have downloaded manually via the “File / Load Add-on File…” menu option in the ZAP desktop.

Name	Version	Status	Author	Last Updated
Access Control Testing Adds a set of tools for testing access control in web applications.	5	alpha	ZAP Dev Team	2018-11-02
Active scanner rules The release quality Active Scanner rules	34	release	ZAP Dev Team	2020-01-17
Active scanner rules (alpha) The alpha quality Active Scanner rules	27	alpha	ZAP Dev Team	2019-12-16
Active scanner rules (beta) The beta quality Active Scanner rules	27	beta	ZAP Dev Team	2019-12-16
Advanced SQLInjection Scanner An advanced active injection bundle for SQLi (derived by SQLMap)	13	beta	Andrea Pompili (Yhawke)	2019-06-07
AdvFuzzer Advanced fuzzer for manual testing	12	beta	ZAP Dev Team	2020-01-17
Ajax Spider Allows you to spider sites that make heavy use of JavaScript using Crawljax	23.1.0	release	ZAP Dev Team	2020-01-17
Alert Filters Allows you to automate the changing of alert risk levels.	10	release	ZAP Dev Team	2020-01-17
All In One Notes A simple extension to view all notes in one pane.	1	alpha	David Vassallo	2019-06-18
AMF Adds support for AMF messages	2	alpha	ZAP Dev Team	2017-11-28
Attack Surface Detector The Attack Surface Detector analyzes web application source code to generate endpoints that can be used for penetration testing.	1.1.4	alpha	Secure Decisions (Matthew DeLetto)	2019-03-07
Authentication Statistics Records logged in/out statistics for all contexts in scope.	1	alpha	ZAP Core Team	2017-11-28
BeanShell Console Provides a BeanShell Console	6	beta	ZAP Dev Team	2017-11-27
Browser View Adds an option to render HTML responses like a browser	5	alpha	ZAP Dev Team	2017-11-28
Bug Tracker Bug Tracker extension.	2	alpha	ZAP Dev Team	2017-11-28
Call Graph Allows the user to view a call graph of the selected resources	4	alpha	Colm O'Flaherty	2017-11-28
Code Dx Extension Includes request and response data in XML reports and provides the ability to upload reports directly to a Code Dx server	8	alpha	Code Dx, Inc.	2019-08-23
Community Scripts Useful ZAP scripts written by the ZAP community.	9	alpha	ZAP Community	2020-01-30
Custom Payloads Ability to add, edit or remove payloads that are used i.e. by active scanners	0.9.0	alpha	ZAP Core Team	2019-10-31
CustomReport New HTML report module allows users to customize report content.	5	alpha	Chienli Ma	2019-08-30
Diff Displays a dialog showing the differences between 2 requests or responses. It uses diffutils and diff_match_patch	10	beta	ZAP Dev Team	2020-01-17
Directory List v1.0 List of directory names to be used with "Forced Browse" add-on.	4	release	ZAP Dev Team	2020-01-17
Directory List v2.3 Lists of directory names to be used with "Forced Browse" add-on.	3	release	ZAP Dev Team	2017-11-27
Directory List v2.3 LC Lists of lower case directory names to be used with "Forced Browse" add-on.	3	release	ZAP Dev Team	2017-11-27
DOM XSS Active scanner rule DOM XSS Active scanner rule	9	alpha	ZAP Dev Team	2019-06-12
Export Report Report Export module that allows users to customize content and export in a desired format.	6	alpha	Goran Sarenkapa - JordanGS	2019-06-24
Forced Browse Forced browsing of files and directories using code from the OWASP DirBuster tool	9	beta	ZAP Dev Team	2020-01-17
Form Handler This Form Handler Add-on allows a user to define field names and values to be used in a form's fields. Fields can be added, modified, enabled, and deleted for use in form fields.	2	alpha	ZAP Dev Team	2018-10-26
FuzzDB files FuzzDB files which can be used with the ZAP fuzzer	5	release	ZAP Dev Team	2019-06-27
FuzzDB Web Backdoors FuzzDB web backdoors which can be used with the ZAP fuzzer	2	release	ZAP Dev Team	2020-01-30
Getting Started with ZAP Guide A short Getting Started with ZAP Guide	11	release	ZAP Dev Team	2020-01-17
Groovy Scripting Allows Groovy to be used for ZAP scripting - templates included	2	alpha	ZAP Dev Team	2018-04-19
Help - Bosnian Bosnian version of the ZAP help file.	9	alpha	ZAP Crowdin Team	2018-02-08
Help - English English version of the ZAP help file.	10	release	ZAP Crowdin Team	2020-01-17
Help - French French version of the ZAP help file.	9	alpha	ZAP Crowdin Team	2018-02-08
Help - Japanese Japanese version of the ZAP help file.	9	beta	ZAP Crowdin Team	2018-02-08
Help - Portuguese, Brazilian Portuguese, Brazilian version of the ZAP help file.	10	release	ZAP Crowdin Team	2018-02-08
Help - Spanish Spanish version of the ZAP help file.	9	release	ZAP Crowdin Team	2018-02-08
Help - Turkish Turkish version of the ZAP help file.	1	release	ZAP Crowdin Team	2018-02-08
Help Chinese Simplified Chinese Simplified version of the ZAP help file.	2	beta	ZAP Crowdin Team	2018-02-08
Help Filipino Filipino version of the ZAP help file.	2	alpha	ZAP Crowdin Team	2018-02-08
Help Indonesian Indonesian version of the ZAP help file.	2	beta	ZAP Crowdin Team	2018-02-08
Highlighter Allows you to highlight strings in the request and response tabs.	7	alpha	ZAP Dev Team	2018-05-30
HttpsInfo Displays HTTPS configuration information.	12	alpha	ZAP Dev Team	2019-04-26
HUD - Heads Up Display Display information from ZAP in browser.	0.10.0	beta	ZAP Dev Team	2020-02-04
Image Location and Privacy Scanner Image Location and Privacy Passive Scanner	1	beta	Veggiespam and the ZAP Dev Team	2018-02-27
Import files containing URLs Adds an option to import a file of URLs. The file must be plain text with one URL per line.	7	beta	ZAP Dev Team	2020-01-17
Invoke Applications Invoke external applications passing context related information such as URLs and parameters	10	beta	ZAP Dev Team	2020-01-17
Json view Adds a view that shows JSON messages nicely formatted	1	alpha	Juha Kivekäs	2018-02-08
Linux WebDrivers Linux WebDrivers for Firefox and Chrome.	16	release	ZAP Dev Team	2020-01-17
Log File Importer Allows you to import log files from ModSecurity and files previously exported from ZAP	4	alpha	ZAP Dev Team	2017-11-28
MacOS WebDrivers MacOS WebDrivers for Firefox and Chrome.	15	release	ZAP Dev Team	2020-01-17
Neonmarker Colors history table items based on tags	1.1.0	alpha	Juha Kivekäs, Kingthorin	2020-01-02
Online menus ZAP Online menu items	7	release	ZAP Dev Team	2020-01-17
OpenAPI Support Imports and spiders OpenAPI definitions.	15	beta	ZAP Core Team plus Joanna Bona, Nathalie Bouchahine, Artur Grzesica, Mohammad Kamar, Markus Kiss, Michal Materniak and Marcin Spiewak	2020-01-17
Passive scanner rules The release quality Passive Scanner rules	26	release	ZAP Dev Team	2020-01-17
Passive scanner rules (alpha) The alpha quality Passive Scanner rules	26	alpha	ZAP Dev Team	2019-12-16
Passive scanner rules (beta) The beta quality Passive Scanner rules	21	beta	ZAP Dev Team	2019-12-16
Plug-n-Hack Configuration Supports the Mozilla Plug-n-Hack standard.	11	beta	ZAP Dev Team	2017-11-27
Port Scanner Allows to port scan a target server	8	beta	ZAP Dev Team	2017-11-27
Python Scripting Allows Python to be used for ZAP scripting - templates included	10	beta	ZAP Dev Team	2018-05-08
Quick Start Provides a tab which allows you to quickly test a target application	28	release	ZAP Dev Team	2020-02-04
Regular Expression Tester Allows to test Regular Expressions	1	alpha	ZAP Dev Team	2019-06-20
Replacer Easy way to replace strings in requests and responses.	8	beta	ZAP Dev Team	2020-01-17
Report alert generator Allows you to generate reports for alerts you specify in pdf or odt format	14	beta	Talsoft SRL	2017-11-27
Requester Request numbered panel.	3	alpha	Surikato	2018-10-15
Reveal Show hidden fields and enable disabled fields	3	release	ZAP Dev Team	2020-01-17
Revisit Revisit a site at any time in the past using the session history	3	alpha	ZAP Dev Team	2017-11-28
Ruby scripting Allows Ruby to be used for ZAP scripting - templates included	6	beta	ZAP Dev Team	2017-11-27
SAML Extension Detect, Show, Edit, Fuzz SAML requests	8	alpha	ZAP Dev Team	2019-08-30
Save Raw Message Allows to save content of HTTP messages as binary	5	release	ZAP Dev Team	2020-01-17
Save XML Message Allows to save content of HTTP messages as XML	0.1.0	alpha	thatsn0tmysite	2020-01-17
Script Console Supports all JSR 223 scripting languages	26	beta	ZAP Dev Team	2020-01-17
Selenium WebDriver provider and includes HtmlUnit browser	15.1.0	release	ZAP Dev Team	2020-01-17
Sequence Gives the possibility of defining a sequence of requests to be scanned.	5	alpha	ZAP Dev Team	2017-11-28
Server-Sent Events Allows you to view Server-Sent Events (SSE) communication.	9	alpha	ZAP Dev Team	2017-11-28
SVN Digger files SVN Digger files which can be used with ZAP forced browsing	3	beta	ZAP Dev Team	2017-11-27
Tips and Tricks Display ZAP Tips and Tricks	7	beta	ZAP Dev Team	2020-01-17
TLS Debug Provides a tab which allows to quickly debug a TLS/SSL connection	3	alpha	P.M.J. Roth	2018-10-15
Token Generation and Analysis Allows you to generate and analyze pseudo random tokens, such as those used for session handling or CSRF protection	13	beta	ZAP Dev Team	2019-07-15
TreeTools Tools to add functionality to the tree view.	7	beta	Carl Sampson	2017-11-27
ViewState ASP/JSF ViewState Decoder and Editor	1	alpha	Calum Hutton	2017-11-28
VulnCheck Extension list vulnerabilities from known databases	1	alpha	ZAP Dev Team	2017-11-28
WAFP Extension Fingerprint web applications	2	alpha	ZAP Dev Team	2017-11-28
Wappalyzer - Technology Detection Technology detection using Wappalyzer	16	alpha	ZAP Dev Team	2020-01-27
WebSockets Allows you to inspect WebSocket communication.	21	release	ZAP Dev Team	2020-01-17
Windows WebDrivers Windows WebDrivers for Firefox and Chrome.	16	release	ZAP Dev Team	2020-01-17
Zest - Graphical Security Scripting Language A graphical security scripting language, ZAPs macro language on steroids	32	beta	ZAP Dev Team	2020-01-24