[Software] OWASP Zed Attack Proxy Project - ZAP 1.3.3

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Some of ZAP’s features:

  1. Intercepting Proxy

  2. Automated scanner

  3. Passive scanner

  4. Brute Force scanner

  5. Spider

  6. Fuzzer

  7. Port scanner

  8. Dynamic SSL certificates

  9. API

  10. . Beanshell integration

Some of ZAP’s characteristics:

  1. Easy to install (just requires java 1.6)

  2. Ease of use a priority

  3. Comprehensive help pages

  4. Fully internationalized

  5. Under active development

  6. Open source

  7. Free (no paid for ‘Pro’ version)

  8. Cross platform

  9. Involvement actively encouraged

ZAP is a fork of the well regarded Paros Proxy.

Screenshot 1 Screenshot 2

Release notes:

Version 1.3.3 has just been released, which is the third bugfix release of the 1.3.x branch. Compared to previous releases, the 1.3.x branch adds the following main features:

  • Fuzzing (using components from JBroFuzz)

  • Dynamic SSL Certificates

  • Daemon mode and API to allow other tools to interact with ZAP

  • BeanShell integration

  • Full internationalization

  • Out of the box support for 10 languages

Download: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project