ZAP Marketplace

ZAP Marketplace contains ZAP add-ons which have been written by the ZAP team and the community. The add-ons help to extend the functionalities of ZAP. If you are using the latest version of ZAP then you can browse and download add-ons from within ZAP by clicking on this button in the toolbar:

add-ons button

You can also import the add-ons that you have downloaded manually via the “File / Load Add-on File…” menu option in the ZAP desktop.

Name ID Version Status Author Last Updated
Access Control Testing Repository Download
Adds a set of tools for testing access control in web applications.
accessControl 6 alpha ZAP Dev Team 2020-10-06
Active scanner rules Repository Download
The release quality Active Scanner rules
ascanrules 40 release ZAP Dev Team 2021-06-17
Active scanner rules (alpha) Repository Download
The alpha quality Active Scanner rules
ascanrulesAlpha 31 alpha ZAP Dev Team 2021-06-17
Active scanner rules (beta) Repository Download
The beta quality Active Scanner rules
ascanrulesBeta 36 beta ZAP Dev Team 2021-09-17
Advanced SQLInjection Scanner Repository Download
An advanced active injection bundle for SQLi (derived by SQLMap)
sqliplugin 13 beta Andrea Pompili (Yhawke) 2019-06-07
Ajax Spider Repository Download
Allows you to spider sites that make heavy use of JavaScript using Crawljax
spiderAjax 23.5.0 release ZAP Dev Team 2021-09-16
Alert Filters Repository Download
Allows you to automate the changing of alert risk levels.
alertFilters 12 release ZAP Dev Team 2021-09-16
All In One Notes Repository Download
A simple extension to view all notes in one pane.
allinonenotes 1 alpha David Vassallo 2019-06-18
AMF Repository Download
Adds support for AMF messages
amf 2 alpha ZAP Dev Team 2017-11-28
Attack Surface Detector Repository Download
The Attack Surface Detector analyzes web application source code to generate endpoints that can be used for penetration testing.
attacksurfacedetector 1.1.4 alpha Secure Decisions (Matthew DeLetto) 2019-03-07
Authentication Statistics Repository Download
Records logged in/out statistics for all contexts in scope.
authstats 1 alpha ZAP Core Team 2017-11-28
Automation Framework Repository Download
Automation Framework.
automation 0.6.0 alpha ZAP Dev Team 2021-09-16
BeanShell Console Repository Download
Provides a BeanShell Console
beanshell 6 beta ZAP Dev Team 2017-11-27
Browser View Repository Download
Adds an option to render HTML responses like a browser
browserView 5 alpha ZAP Dev Team 2017-11-28
Bug Tracker Repository Download
Bug Tracker extension.
bugtracker 2 alpha ZAP Dev Team 2017-11-28
Call Graph Repository Download
Allows the user to view a call graph of the selected resources
callgraph 4 alpha Colm O'Flaherty 2017-11-28
Code Dx Extension Repository Download
Includes request and response data in XML reports and provides the ability to upload reports directly to a Code Dx server
codedx 8 alpha Code Dx, Inc. 2019-08-23
Common Library Repository Download
A common library, for use by other add-ons.
commonlib 1.4.0 release ZAP Dev Team 2021-06-23
Community Scripts Repository Download
Useful ZAP scripts written by the ZAP community.
communityScripts 11 alpha ZAP Community 2021-09-07
Custom Payloads Repository Download
Ability to add, edit or remove payloads that are used i.e. by active scanners
custompayloads 0.10.0 alpha ZAP Dev Team 2021-06-17
CustomReport Repository Download
New HTML report module allows users to customize report content.
customreport 6 alpha Chienli Ma 2020-12-15
Diff Repository Download
Displays a dialog showing the differences between 2 requests or responses. It uses diffutils and diff_match_patch
diff 10 beta ZAP Dev Team 2020-01-17
Directory List v1.0 Repository Download
List of directory names to be used with Forced Browse or Fuzzer add-on.
directorylistv1 4 release ZAP Dev Team 2020-01-17
Directory List v2.3 Repository Download
Lists of directory names to be used with "Forced Browse" add-on.
directorylistv2_3 3 release ZAP Dev Team 2017-11-27
Directory List v2.3 LC Repository Download
Lists of lower case directory names to be used with "Forced Browse" add-on.
directorylistv2_3_lc 3 release ZAP Dev Team 2017-11-27
DOM XSS Active scanner rule Repository Download
DOM XSS Active scanner rule
domxss 10 beta Aabha Biyani, ZAP Dev Team 2020-12-15
Encoder Repository Download
Adds encode/decode/hash dialog and support for scripted processors as well
encoder 0.5.0 beta ZAP Dev Team 2021-02-09
Export Report Repository Download
Report Export module that allows users to customize content and export in a desired format.
exportreport 7 alpha Goran Sarenkapa - JordanGS 2020-12-15
Forced Browse Repository Download
Forced browsing of files and directories using code from the OWASP DirBuster tool
bruteforce 10 beta ZAP Dev Team 2020-12-15
Form Handler Repository Download
This Form Handler Add-on allows a user to define field names and values to be used in a form's fields. Fields can be added, modified, enabled, and deleted for use in form fields.
formhandler 3 beta ZAP Dev Team 2020-12-15
FuzzDB Files Repository Download
FuzzDB files which can be used with the ZAP fuzzer
fuzzdb 7 release ZAP Dev Team 2020-06-30
FuzzDB Offensive Repository Download
FuzzDB web backdoors and attack files which can be used with the ZAP fuzzer or for manual penetration testing
fuzzdboffensive 4 release ZAP Dev Team 2021-06-11
Fuzzer Repository Download
Advanced fuzzer for manual testing
fuzz 13.2.0 beta ZAP Dev Team 2021-06-01
Getting Started with ZAP Guide Repository Download
A short Getting Started with ZAP Guide
gettingStarted 12 release ZAP Dev Team 2020-12-15
GraalVM JavaScript Repository Download
Provides the GraalVM JavaScript engine for ZAP scripting.
graaljs 0.1.0 alpha ZAP Dev Team 2020-11-17
GraphQL Support Repository Download
Inspect and attack GraphQL endpoints.
graphql 0.5.0 alpha ZAP Dev Team 2021-09-16
Groovy Support Repository Download
Adds Groovy support to ZAP
groovy 3.0.0 beta ZAP Dev Team 2020-12-15
Help - Bosnian Download
Bosnian version of the ZAP help file.
help_bs_BA 9 alpha ZAP Crowdin Team 2018-02-08
Help - English Repository Download
English version of the ZAP help file.
help 11 release ZAP Crowdin Team 2020-12-16
Help - French Download
French version of the ZAP help file.
help_fr_FR 9 alpha ZAP Crowdin Team 2018-02-08
Help - Japanese Download
Japanese version of the ZAP help file.
help_ja_JP 9 beta ZAP Crowdin Team 2018-02-08
Help - Portuguese, Brazilian Download
Portuguese, Brazilian version of the ZAP help file.
help_pt_BR 10 release ZAP Crowdin Team 2018-02-08
Help - Spanish Download
Spanish version of the ZAP help file.
help_es_ES 9 release ZAP Crowdin Team 2018-02-08
Help - Turkish Download
Turkish version of the ZAP help file.
help_tr_TR 1 release ZAP Crowdin Team 2018-02-08
Help Chinese Simplified Download
Chinese Simplified version of the ZAP help file.
help_zh_CN 2 beta ZAP Crowdin Team 2018-02-08
Help Filipino Download
Filipino version of the ZAP help file.
help_fil_PH 2 alpha ZAP Crowdin Team 2018-02-08
Help Indonesian Download
Indonesian version of the ZAP help file.
help_id_ID 2 beta ZAP Crowdin Team 2018-02-08
Highlighter Repository Download
Allows you to highlight strings in the request and response tabs.
highlighter 7 alpha ZAP Dev Team 2018-05-30
HttpsInfo Repository Download
Displays HTTPS configuration information.
httpsInfo 12 alpha ZAP Dev Team 2019-04-26
HUD - Heads Up Display Repository Download
Display information from ZAP in browser.
hud 0.12.0 beta ZAP Dev Team 2020-10-15
Image Location and Privacy Scanner Repository Download
Image Location and Privacy Passive Scanner
imagelocationscanner 2 beta Jay Ball (veggiespam) and the ZAP Dev Team 2020-07-03
Import files containing URLs Repository Download
Adds an option to import a file of URLs. The file must be plain text with one URL per line.
importurls 7 beta ZAP Dev Team 2020-01-17
Invoke Applications Repository Download
Invoke external applications passing context related information such as URLs and parameters
invoke 10 beta ZAP Dev Team 2020-01-17
Json view Repository Download
Adds a view that shows JSON messages nicely formatted
jsonview 1 alpha Juha Kivekäs 2018-02-08
JWT Support Repository Download
Detect JWT requests and scan them to find related vulnerabilities
jwt 1.0.1 alpha KSASAN [email protected] 2020-12-22
Kotlin Support Repository Download
Allows Kotlin to be used for ZAP scripting
kotlin 1.0.0 alpha StackHawk Engineering 2020-09-14
Linux WebDrivers Repository Download
Linux WebDrivers for Firefox and Chrome.
webdriverlinux 31 release ZAP Dev Team 2021-09-17
Log File Importer Repository Download
Allows you to import log files from ModSecurity and files previously exported from ZAP
importLogFiles 4 alpha ZAP Dev Team 2017-11-28
MacOS WebDrivers Repository Download
MacOS WebDrivers for Firefox and Chrome.
webdrivermacos 31 release ZAP Dev Team 2021-09-17
Neonmarker Repository Download
Colors history table items based on tags
neonmarker 1.4.0 alpha Juha Kivekäs, Kingthorin 2021-08-26
OAST Support Repository Download
Allows you to exploit out-of-band vulnerabilities
oast 0.4.0 alpha ZAP Dev Team 2021-09-22
Online menus Repository Download
ZAP Online menu items
onlineMenu 8 release ZAP Dev Team 2020-12-15
OpenAPI Support Repository Download
Imports and spiders OpenAPI definitions.
openapi 22 beta ZAP Dev Team plus Joanna Bona, Nathalie Bouchahine, Artur Grzesica, Mohammad Kamar, Markus Kiss, Michal Materniak, Marcin Spiewak, and SDA SE Open Industry Solutions 2021-09-16
Passive scanner rules Repository Download
The release quality Passive Scanner rules
pscanrules 35 release ZAP Dev Team 2021-07-06
Passive scanner rules (alpha) Repository Download
The alpha quality Passive Scanner rules
pscanrulesAlpha 33 alpha ZAP Dev Team 2021-07-07
Passive scanner rules (beta) Repository Download
The beta quality Passive Scanner rules
pscanrulesBeta 26 beta ZAP Dev Team 2021-07-29
Plug-n-Hack Configuration Repository Download
Supports the Mozilla Plug-n-Hack standard: https://developer.mozilla.org/en-US/docs/Plug-n-Hack.
plugnhack 11 beta ZAP Dev Team 2017-11-27
Port Scanner Repository Download
Allows to port scan a target server
portscan 8 beta ZAP Dev Team 2017-11-27
Python Scripting Repository Download
Allows Python to be used for ZAP scripting - templates included
jython 11 beta ZAP Dev Team 2020-12-15
Quick Start Repository Download
Provides a tab which allows you to quickly test a target application
quickstart 29 release ZAP Dev Team 2020-12-15
Reflect Download
Finds reflected parameters
reflect 0.0.11 alpha Caleb Kinney 2021-02-19
Regular Expression Tester Repository Download
Allows to test Regular Expressions
regextester 1 alpha ZAP Dev Team 2019-06-20
Replacer Repository Download
Easy way to replace strings in requests and responses.
replacer 8 beta ZAP Dev Team 2020-01-17
Report alert generator Repository Download
Allows you to generate reports for alerts you specify in pdf or odt format
alertReport 14 beta Talsoft SRL 2017-11-27
Report Generation Repository Download
Official ZAP Reports.
reports 0.6.0 beta ZAP Dev Team 2021-09-16
Requester Repository Download
Request numbered panel.
requester 4 alpha Surikato 2020-07-15
Retest Repository Download
An add-on to retest for presence/absence of previously generated alerts.
retest 0.1.0 alpha ZAP Dev Team 2021-09-16
Retire.js Repository Download
Retire.js
retire 0.8.0 release Nikita Mundhada and the ZAP Dev Team 2021-08-25
Reveal Repository Download
Show hidden fields and enable disabled fields
reveal 3 release ZAP Dev Team 2020-01-17
Revisit Repository Download
Revisit a site at any time in the past using the session history
revisit 3 alpha ZAP Dev Team 2017-11-28
Ruby Scripting Repository Download
Allows Ruby to be used for ZAP scripting - templates included
jruby 7 beta ZAP Dev Team 2020-12-15
SAML Extension Repository Download
Detect, Show, Edit, Fuzz SAML requests
saml 8 alpha ZAP Dev Team 2019-08-30
Save Raw Message Repository Download
Allows to save content of HTTP messages as binary
saverawmessage 5 release ZAP Dev Team 2020-01-17
Save XML Message Repository Download
Allows to save content of HTTP messages as XML
savexmlmessage 0.1.0 alpha thatsn0tmysite 2020-01-17
Script Console Repository Download
Supports all JSR 223 scripting languages
scripts 28 beta ZAP Dev Team 2020-12-18
Selenium Repository Download
WebDriver provider and includes HtmlUnit browser
selenium 15.3.0 release ZAP Dev Team 2020-12-15
Sequence Repository Download
Gives the possibility of defining a sequence of requests to be scanned.
sequence 5 alpha ZAP Dev Team 2017-11-28
Server-Sent Events Repository Download
Allows you to view Server-Sent Events (SSE) communication.
sse 9 alpha ZAP Dev Team 2017-11-28
SOAP Support Repository Download
Imports and scans WSDL files containing SOAP endpoints.
soap 9 alpha Alberto (albertov91) + ZAP Dev Team 2021-09-16
SVN Digger files Repository Download
SVN Digger files which can be used with ZAP forced browsing
svndigger 3 beta ZAP Dev Team 2017-11-27
Tips and Tricks Repository Download
Display ZAP Tips and Tricks
tips 8 beta ZAP Dev Team 2021-05-28
TLS Debug Repository Download
Provides a tab which allows to quickly debug a TLS/SSL connection
tlsdebug 4 alpha P.M.J. Roth 2020-12-15
Token Generation and Analysis Repository Download
Allows you to generate and analyze pseudo random tokens, such as those used for session handling or CSRF protection
tokengen 14 beta ZAP Dev Team 2020-12-15
TreeTools Repository Download
Tools to add functionality to the tree view.
treetools 7 beta Carl Sampson 2017-11-27
ViewState Repository Download
ASP/JSF ViewState Decoder and Editor
viewstate 2 alpha Calum Hutton 2020-07-10
Wappalyzer - Technology Detection Repository Download
Technology detection using Wappalyzer: wappalyzer.com
wappalyzer 21.3.0 release ZAP Dev Team 2021-08-25
WebSockets Repository Download
Allows you to inspect WebSocket communication.
websocket 23 release ZAP Dev Team 2020-12-18
Windows WebDrivers Repository Download
Windows WebDrivers for Firefox and Chrome.
webdriverwindows 31 release ZAP Dev Team 2021-09-17
Zest - Graphical Security Scripting Language Repository Download
A graphical security scripting language, ZAPs macro language on steroids
zest 34 beta ZAP Dev Team 2021-04-22