Posted 231 Words

You want to find out as much info about a URL as possible really quickly.

Why? Well, you could be:

  • A pentester just starting your week looking at a new set of apps
  • A security professional who has just found out about a new public web app from your company you were not previously aware of
  • A developer who has just been given an existing web app to maintain

So … ZAPit!

ZAP Chat Video

ZAPit is a new feature in 2.14.0 which performs a quick ‘reconnaissance’ scan of the URL specified. It currently only runs from the command line.

For more details see the ZAPit help page.

ZAP Chat Video Commands

The commands I used in the above video were:

Download and run bash in the ZAP stable docker image (not required if you have ZAP installed locally):

docker pull softwaresecurityproject/zap-stable
docker run -it softwaresecurityproject/zap-stable bash

Update ZAP and install Wappalyzer and the Beta Passive Scan Rules:

./ -cmd -addonupdate -addoninstall wappalyzer -addoninstall pscanrulesBeta

Run ZAP against (or any other URL you specify):

./ -cmd -zapit


Do you think ZAPit will be useful to you?

Would you like it to do anything else?

Let us know via the ZAP User Group.


The social media background image is “A bright and powerful lightning bolt streaks across the sky.” by and is licensed under CC by 2.0.