A set of add-ons that we think are ideal for pentesters. You can just install this add-on which will automatically install all of the add-ons below.
This add-on includes the ZAP fuzzer which is included by default in the main release but is not included in the Core release.
|Access Control Testing||Adds a set of tools for testing access control in web applications.|
|Attack Surface Detector||The Attack Surface Detector analyzes web application source code to generate endpoints that can be used for penetration testing.|
|Custom Payloads||Ability to add, edit or remove payloads that are used i.e. by active scan rules|
|Eval Villain||Adds the Eval Villain extension to Firefox when launched from ZAP.|
|FileUpload||Detect File upload requests and scan them to find related vulnerabilities|
|FuzzDb Files||FuzzDB files which can be used with the ZAP fuzzer|
|Fuzzer||Advanced fuzzer for manual testing|
|JSON View||Adds a view that shows JSON messages nicely formatted|
|JWT Support||Detect JWT requests and scan them to find related vulnerabilities|
|Requester||Request numbered panel.|
|SVN Digger Files||SVN Digger files which can be used with ZAP forced browsing|
|ViewState||ASP/JSF ViewState Decoder and Editor|
|Wappalyzer - Technology Detection||Technology detection using Wappalyzer: wappalyzer.com|
If your favourite pentesting add-on is not included then let us know via the ZAP User Group.