Collection: Pentester Pack

A set of add-ons that we think are ideal for pentesters. You can just install this add-on which will automatically install all of the add-ons below.

This add-on includes the ZAP fuzzer which is included by default in the main release but is not included in the Core release.

Add-ons included:

Access Control Testing Adds a set of tools for testing access control in web applications.
Attack Surface Detector The Attack Surface Detector analyzes web application source code to generate endpoints that can be used for penetration testing.
Custom Payloads Ability to add, edit or remove payloads that are used i.e. by active scan rules
Eval Villain Adds the Eval Villain extension to Firefox when launched from ZAP.
FileUpload Detect File upload requests and scan them to find related vulnerabilities
FuzzDb Files FuzzDB files which can be used with the ZAP fuzzer
Fuzzer Advanced fuzzer for manual testing
JSON View Adds a view that shows JSON messages nicely formatted
JWT Support Detect JWT requests and scan them to find related vulnerabilities
Requester Request numbered panel.
SVN Digger Files SVN Digger files which can be used with ZAP forced browsing
ViewState ASP/JSF ViewState Decoder and Editor
Wappalyzer - Technology Detection Technology detection using Wappalyzer: wappalyzer.com

If your favourite pentesting add-on is not included then let us know via the ZAP User Group.