ZAP

  • Home
  • Blog
  • Videos
  • Documentation
  • Community
  • Sponsor
Download
  • Add-ons
    • Access Control Testing
      • Access Control Context Options
      • Access Control Status Tab
    • Active Scan Rules
    • Active Scan Rules - Alpha
    • Active Scan Rules - Beta
    • Advanced SQLInjection Add-on
    • AJAX Spider
      • Ajax Spider Automation Framework Support
      • Options AJAX Spider screen
      • AJAX Spider dialog
      • AJAX Spider tab
    • Alert Filters
      • Alert Filter Dialog
      • Alert Filter Automation Framework Support
      • Context Alert Filters
      • Options Global Alert Filters
    • All In One Notes
      • All In One Notes - About
    • AMF Support
    • Authentication Helper
      • Authentication Request Identification
      • Browser Based Authentication
      • Header Based Session Management
    • Authentication Statistics
    • Automation Framework
      • Automation Framework - About
      • Automation Framework - authentication
      • Automation Framework - Environment
      • Automation Framework - GUI
      • Automation Framework - addOns Job
      • Automation Framework - activeScan Job
      • Automation Framework - delay Job
      • Automation Framework - passiveScan-config Job
      • Automation Framework - passiveScan-wait Job
      • Automation Framework - requestor Job
      • Automation Framework - spider Job
      • Automation Framework - Options
      • Automation Framework - Alert Job Test
      • Automation Framework - Monitor Job Test
      • Automation Framework - Statistics Job Test
      • Automation Framework - URL Presence Job Tests
      • Automation Framework - Job Tests
    • Bean Shell Console
    • BIRT Reports
    • Browser View
    • Bug Tracker
    • Call Graph
    • Call Home
    • Code Dx
    • Collection: Pentester Pack
    • Collection: Scan Rules Pack
    • Common Library
    • Community Scripts
    • Custom Payloads
    • Custom Report
    • Database Add-on
    • Diff
    • Directory List v1.0
    • Directory List v2.3
    • Directory List v2.3 LC
    • DOM XSS Active Scan Rule
      • DOM XSS Active Scan Rule - About
    • Encode / Decode / Hash dialog
      • Options Encode/Decode screen
    • Eval Villain
    • Export Report
    • Forced Browse
      • Options Forced Browse screen
      • Forced Browse tab
    • Form Handler
    • FuzzDB Files
    • FuzzDB Offensive
    • FuzzDB Web Backdoors
    • Fuzzing
      • Fuzzer dialog
      • HTTP Message Processors
      • Fuzz Location Processors dialog
      • Options Fuzz screen
      • Payloads dialog
      • Payload Processors dialog
      • Fuzzer tab
    • Getting Started Guide
    • GraalVM JavaScript
    • GraphQL Support
      • GraphQL Automation Framework Support
      • GraphQL Options
      • GraphQL Support Script
    • Groovy Support
      • Groovy Support - About
    • Highlighter
    • HTTPS Info
    • The HUD
      • Options HUD screen
    • Import/Export
      • Automation Framework Support
    • Import URLs
    • Invoke Applications
      • Options Applications screen
    • JSON View
    • Kotlin Support
    • Linux WebDrivers
    • Log File Importer
    • MacOS WebDrivers
    • Neonmarker
    • Network Add-on
      • Network API
      • Command Line
      • Options
        • Client Certificates
        • Connection
        • Local Servers/Proxies
        • Server Certificates
    • Out-of-band Application Security Testing Support
      • OAST Options
      • OAST Services
        • BOAST
          • BOAST Options
        • Callbacks
          • Callback Options
        • Interactsh
          • Interactsh Options
      • OAST Tab
    • Online Menu
    • OpenAPI Support
      • OpenAPI Automation Framework Support
    • Parameter Digger
      • Parameter Digger - About
      • Param Digger dialog
      • Param Digger tab
    • Passive Scan Rules
    • Passive Scan Rules - Alpha
    • Passive Scan Rules - Beta
    • Plug-n-Hack
      • Plug-n-Hack Clients tab
    • Port Scan
      • Options Port Scan screen
      • Port Scan tab
    • Python Scripting
      • Options Jython screen
    • Quick Start
      • Command Line
      • Options Quick Start Launch screen
    • Regular Expression Tester
    • Replacer
    • Report Alert Generator
    • Report Generation
      • Report Generation - About
      • Report Generation API
      • Report Generation Automation Framework Support
      • Creating Reports
      • High Level Report Sample
      • Modern HTML Report with themes and options
      • Risk and Confidence HTML
      • SARIF JSON Report
      • Traditional HTML with Requests and Responses
      • Traditional HTML
      • Traditional JSON Report with Requests and Responses
      • Traditional JSON Report
      • Traditional Markdown Report
      • Traditional PDF
      • Traditional XML Report with Requests and Responses
      • Traditional XML Report
      • Report Templates
    • Requester Add-on
      • Manual Request Editor dialog
      • Requester Options
      • Requester Tab
    • Retest
      • Retest - About
    • Retire.js
    • Reveal
    • Revisit
    • Ruby Scripting
    • SAML Support
    • Save Raw Message
    • Save XML Message
    • Script Console
      • Scripts Automation Framework Support
      • Script Console Tab
      • Scripts tree tab
    • Selenium
      • Selenium API
      • Options Selenium screen
    • Sequence Scanner
    • Server-Sent Events
      • Server-Sent Events tab
    • SOAP Support
      • SOAP Automation Framework Support
    • Spider
      • Spider Automation Framework Support
      • Spider dialog
      • Options Spider screen
      • Spider tab
    • SVN Digger Files
    • Technology Detection
      • Wappalyzer API
    • Tips and Tricks
    • TLS Debug
    • Token Generation and Analysis
      • Options Token Generator Screen
    • TreeTools
    • ViewState
    • WebSockets
      • Web Sockets - About
      • WebSocket API
      • WebSocket specific options
      • WebSocket Passive Scan Rules
      • WebSocket Scripts
      • WebSocket specific session properties
      • WebSocket tab
    • Windows WebDrivers
    • Zest
  • Releases
  • Getting Started
    • Scanner Rules
    • Features
      • Add-ons
      • Alerts
      • Anti CSRF Handling
      • API
      • Active Scan
      • Authentication
      • Authentication Methods
      • Authentication Verification Strategies
      • Breakpoints
      • Callbacks
      • Contexts
      • Custom Page
      • Data Driven Content
      • Globally Excluded URLs
      • HTTP Sessions
      • Manipulator-in-the-middle Proxy
      • Marketplace
      • Modes
      • Notes
      • Passive Scan
      • Scan Policy
      • Scope
      • Scripts
      • Session Management
      • Sites Tree
      • Spider
      • Statistics
      • Structural Modifiers
      • Structural Parameters
      • Tags
      • Users
    • A Basic Penetration Test
    • Configuring Proxies
  • Desktop UI Overview
    • Dialogs
      • Add Alert dialog
      • Add/Edit Breakpoint dialog
      • Add Note dialog
      • Active Scan dialog
      • Encode / Decode / Hash dialog
      • Find dialog
      • History Filter dialog
      • Manual Request Editor dialog
      • Manage Add-ons
      • Manage History Tags dialog
      • Options dialog
        • Options Alerts screen
        • Options Anti CRSF screen
        • Options API screen
        • Options Active Scan screen
        • Options Active Scan Input Vectors screen
        • Options Breakpoints screen
        • Options Callback Address screen
        • Options Client Certificate screen
        • Options Check for Updates screen
        • Options Connection screen
        • Options Database screen
        • Dynamic SSL Certificates
        • Options Extensions screen
        • Options Global Exclude URL screen
        • Options HTTP Sessions screen
        • Options JVM screen
        • Options Keyboard screen
        • Options language screen
        • Options Local Proxies screen
        • Options Passive Scan Tags screen
        • Options Passive Scanner Screen
        • Options Passive Scan Rules Screen
        • Options Rule Configuration screen
        • Options Scripts screen
        • Options Search screen
        • Options Spider screen
        • Options Statistics screen
        • Options Display screen
      • Persist Session dialog
      • Scan Policy Dialog
      • Scan Policy Manager dialog
      • Scan Progress Dialog
      • Session Properties dialog
        • Session Context Authentication screen
        • Session Context Structure screen
        • Session Context screens
      • Spider dialog
    • Footer
    • The Tabs
      • Alerts tab
      • Active Scan tab
      • Break tab
      • Breakpoints tab
      • Callbacks tab
      • History tab
      • HTTP Sessions tab
      • Output tab
      • Params tab
      • Request tab
      • Response tab
      • Search tab
      • Sites tab
      • Spider tab
    • Top Level Menu
      • The Analyse menu
      • The Edit menu
      • The File menu
      • The Help menu
      • The Import menu
      • The Online menu
      • The Report menu
      • The Tools menu
      • The View menu
    • Top Level Toolbar
    • Views
  1. Documentation
  2. The OWASP ZAP Desktop User Guide
  3. Getting Started
  4. Features

Features

ZAP provides the following features:

Active Scan
Add-ons
Alerts
Anti CSRF Tokens
API
Authentication
Authentication Methods
Authentication Verification Strategies
Breakpoints
Contexts
Data Driven Content
HTTP Sessions
Manipulator-in-the-middle Proxy
Marketplace
Modes
Notes
Passive Scan
Scan Policy
Scope
Scripts
Session Management
Sites Tree
Spider
Statistics
Structural Modifiers
Structural Parameters
Tags
Users

See also

UI Overview for an overview of the user interface
  • Home
  • Blog
  • Videos
  • Community
  • Sponsor
  • Statistics
ZAP is an OWASP Flagship project
© Copyright 2023 the ZAP Dev Team
OWASP is a registered trademark of the OWASP Foundation, Inc.