ZAP supports the following script types:
| Name | Key / Examples | Description |
|---|---|---|
| Active Rules | active | Scripts that run as part of the Active Scanner to perform custom scan checks. |
| Authentication | authentication | Scripts invoked when performing authentication for a Context. |
| Encode / Decode | encode-decode | Scripts that provide custom data encoding and decoding. |
| Extender | extender | Scripts that add new functionality, including UI elements and API endpoints. |
| Fuzzer HTTP Processor | httpfuzzerprocessor | Scripts that process HTTP fuzzer messages before or after sending. |
| Fuzzer Websocket Processor | websocketfuzzerprocessor | Scripts that process WebSocket fuzzer messages. |
| HTTP Sender | httpsender | Scripts that run for every HTTP request and response processed by ZAP. |
| Input Vector | variant | Scripts that define exactly what the Active Scanner will attack. |
| Passive Rules | passive | Scripts that run as part of the Passive Scanner to perform custom checks. |
| Payload Generator | payloadgenerator | Scripts that generate payloads for fuzzing. |
| Payload Processor | payloadprocessor | Scripts that process or modify payloads during fuzzing. |
| Proxy | proxy | Scripts that run inline on proxied traffic and can modify and drop requests and responses. |
| Selenium | selenium | Scripts that automate browser interactions using browsers launched from ZAP. |
| Sequence | sequence | Scripts that define sequences of HTTP requests to model workflows. |
| Session Management | session | Scripts that define how sessions are managed for a Context. |
| Stand Alone | standalone | Scripts that are run manually. |
| Targeted | targeted | Scripts that are run manually against a specified target URL. |
| Websocket Passive | websocketpassive | Scripts that analyse WebSocket messages without modifying traffic. |
| Websocket Sender | websocketsender | Scripts that run for every Websocket message processed by ZAP. |
The links in the Key / Examples column point to the corresponding directories in the ZAP community-scripts repository, which contains example scripts contributed by the community for each script type.