2.17.0 D-2026-07-14 https://github.com/zaproxy/zaproxy/releases/download/w2026-07-14/ZAP_WEEKLY_D-2026-07-14.zip ZAP_WEEKLY_D-2026-07-14.zip SHA-256:73c130d82935b4fd7d5ce0ffddc0c5c992cdef4814f6db79dd878ccfb0631a87 336950044 https://github.com/zaproxy/zaproxy/releases/download/v2.17.0/ZAP_2_17_0_windows-x32.exe ZAP_2_17_0_windows-x32.exe SHA-256:125fc89c73d440141ce859109e23258700b863b94475d5461926ec757d99e94a 255836672 https://github.com/zaproxy/zaproxy/releases/download/v2.17.0/ZAP_2_17_0_windows.exe ZAP_2_17_0_windows.exe SHA-256:ebdaf6f00ffd9c21891d29360196e13a14091f84dde2bfa1e0b61213a93bc5ca 256013312 https://github.com/zaproxy/zaproxy/releases/download/v2.17.0/ZAP_2.17.0_Linux.tar.gz ZAP_2.17.0_Linux.tar.gz SHA-256:efe799aaa3627db683b43f00c9c210aea0b75c00cc8f0a0f0434d12bb3ddde5a 243895361 https://github.com/zaproxy/zaproxy/releases/download/v2.17.0/ZAP_2.17.0.dmg ZAP_2.17.0.dmg SHA-256:a3d246125dd6e576036af8fb29f90377fc72a0a5df8c89c54711972b449582c7 272195945 Bug fix and enhancement release. https://www.zaproxy.org/docs/desktop/releases/2.17.0/ accessControl Access Control Testing Adds a set of tools for testing access control in web applications. ZAP Dev Team 13 accessControl-alpha-13.zap alpha <h3>Changed</h3> <ul> <li>Formatted JavaScript files for consistency.</li> </ul> <h3>Fixed</h3> <ul> <li>Discrepancy between Sites tree node name &amp; Access Control recomputed node name made check silently fail and fallback to parent rule.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/accessControl-v13/accessControl-alpha-13.zap SHA-256:4c3cad240fc797f8e5a013236fd98e1256a03938fc31eb621e0bedf367760f07 https://www.zaproxy.org/docs/desktop/addons/access-control-testing/ https://github.com/zaproxy/zap-extensions/ 2026-06-26 625916 2.17.0 commonlib >= 1.40.0 & < 2.0.0 alertFilters Alert Filters Allows you to automate the changing of alert risk levels. ZAP Dev Team 26 alertFilters-release-26.zap release <h3>Changed</h3> <ul> <li>Update the automation framework template and help to include missing fields (<code>ruleName</code> and <code>methods</code>).</li> <li>Update minimum ZAP version to 2.17.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/alertFilters-v26/alertFilters-release-26.zap SHA-256:d6c9113aac962c31955627cda2683afe447cf9d84c0f803c6029180897c16648 https://www.zaproxy.org/docs/desktop/addons/alert-filters/ https://github.com/zaproxy/zap-extensions/ 2025-12-15 594584 2.17.0 pscan >= 0.1.0 & < 1.0.0 allinonenotes All In One Notes A simple extension to view all notes in one pane. David Vassallo 2 allinonenotes-alpha-2.zap alpha <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.11.0.</li> <li>Update link to repository.</li> <li>Maintenance changes.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/allinonenotes-v2/allinonenotes-alpha-2.zap SHA-256:9e70d6e76b72692e9c0cb64002a692b710710e688ea2d8834818086300632d2a https://www.zaproxy.org/docs/desktop/addons/all-in-one-notes/ https://github.com/zaproxy/zap-extensions/ 2021-10-07 249532 2.11.0 ascanrules Active scanner rules The release status Active Scanner rules ZAP Dev Team 83 ascanrules-release-83.zap release <h3>Changed</h3> <ul> <li>Updated a reference link for the XSLT Injection scan rule.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/ascanrules-v83/ascanrules-release-83.zap SHA-256:9c1b64c2fceda629f7c0ab0c21b5901035494f78da51d584972eaf85e94e91cc https://www.zaproxy.org/docs/desktop/addons/active-scan-rules/ https://github.com/zaproxy/zap-extensions/ 2026-06-26 5080128 2.17.0 commonlib >= 1.40.0 & < 2.0.0 network >= 0.3.0 oast >= 0.7.0 ascanrulesAlpha Active scanner rules (alpha) The alpha status Active Scanner rules ZAP Dev Team 58 ascanrulesAlpha-alpha-58.zap alpha <h3>Changed</h3> <ul> <li>Maintenance changes.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesAlpha-v58/ascanrulesAlpha-alpha-58.zap SHA-256:9cdc660e9ce7f1e5bc2ceb5b64955c0e5b05d61b9014029a3d93cc295ad23be1 https://www.zaproxy.org/docs/desktop/addons/active-scan-rules-alpha/ https://github.com/zaproxy/zap-extensions/ 2026-07-13 400230 2.17.0 commonlib >= 1.40.0 & < 2.0.0 ascanrulesBeta Active scanner rules (beta) The beta status Active Scanner rules ZAP Dev Team 66 ascanrulesBeta-beta-66.zap beta <h3>Changed</h3> <ul> <li>The following scan rules now include example alert functionality for documentation generation purposes (Issue 6119) and alert references (Issue 7100): <ul> <li>Insecure HTTP Method</li> <li>Session Fixation</li> <li>Proxy Disclosure</li> </ul> </li> <li>Dependency update.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/ascanrulesBeta-v66/ascanrulesBeta-beta-66.zap SHA-256:e5be0cee46abb673abdd3c5e2572e577454887aab00ea141da44856accd49a84 https://www.zaproxy.org/docs/desktop/addons/active-scan-rules-beta/ https://github.com/zaproxy/zap-extensions/ 2026-05-06 1810539 2.17.0 commonlib >= 1.40.0 & < 2.0.0 database >= 0.1.0 network >= 0.3.0 oast >= 0.7.0 attacksurfacedetector Attack Surface Detector The Attack Surface Detector analyzes web application source code to generate endpoints that can be used for penetration testing. Secure Decisions (Matthew DeLetto) 1.1.4 attacksurfacedetector-alpha-1.1.4.zap alpha Various incremental changes (see https://github.com/secdec/attack-surface-detector-zap/releases)<br> Fix un-handled exception when target unavailable & address various "house keeping" tasks.<br> https://github.com/zaproxy/zap-extensions/releases/download/2.7/attacksurfacedetector-alpha-1.1.4.zap SHA1:e21758c2cdcbc7806f44cc986a88360457eff82e https://github.com/secdec/attack-surface-detector-zap/wiki https://github.com/secdec/attack-surface-detector-zap/ 2019-03-07 15604948 2.7.0 authhelper Authentication Helper Helps identify and set up authentication handling ZAP Dev Team 0.40.0 authhelper-beta-0.40.0.zap beta <h3>Added</h3> <ul> <li>Support for handling the Microsoft login &quot;Permissions requested&quot; user consent screen.</li> </ul> <h3>Fixed</h3> <ul> <li>Handling of Ionic input elements, which can appear to not be displayed until they are clicked on.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/authhelper-v0.40.0/authhelper-beta-0.40.0.zap SHA-256:8618464c4959dcb90b81e1770304a2a3a0dc4ba31c8a72e518fa95ff0ecf9c01 https://www.zaproxy.org/docs/desktop/addons/authentication-helper/ https://github.com/zaproxy/zap-extensions/ 2026-06-12 1560159 2.17.0 commonlib >= 1.35.0 & < 2.0.0 database >=0.8.0 & < 1.0.0 network >=0.23.0 pscan >= 0.1.0 & < 1.0.0 selenium >=15.44.0 zest >=48.10.0 authstats Authentication Statistics Records logged in/out statistics for all contexts in scope. ZAP Dev Team 2 authstats-alpha-2.zap alpha <h3>Added</h3> <ul> <li>Add repo URL.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.11.0.</li> <li>Dynamically unload the add-on.</li> <li>Change info URL to link to the site.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/authstats-v2/authstats-alpha-2.zap SHA-256:cfb604c27f3a7a58e7b5aa55fe9f19a9ce5561fab3ef7d3f6c72845671fb5dcf https://www.zaproxy.org/docs/desktop/addons/authentication-statistics/ https://github.com/zaproxy/zap-extensions/ 2021-10-07 247499 2.11.0 automation Automation Framework Automation Framework. ZAP Dev Team 0.60.0 automation-beta-0.60.0.zap beta <h3>Fixed</h3> <ul> <li>Fix exception during forced shutdown in the Active Scan job.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/automation-v0.60.0/automation-beta-0.60.0.zap SHA-256:e02c90abea15cb5802be1aa1adb959e5f76c4c517494087388732d71345e4ea9 https://www.zaproxy.org/docs/desktop/addons/automation-framework/ https://github.com/zaproxy/zap-extensions/ 2026-05-08 2172308 2.17.0 commonlib >= 1.38.0 & < 2.0.0 network >= 0.15.0 & < 1.0.0 beanshell BeanShell Console Provides a BeanShell Console ZAP Dev Team 7 beanshell-beta-7.zap beta <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.11.0.</li> <li>Maintenance changes.</li> <li>Improve permissions and space handling when saving.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/beanshell-v7/beanshell-beta-7.zap SHA-256:0a83cb7d0369ccef50768ccbda1e6c6d82b9f4e3bd9372b38fd32cc21f6a30fb https://www.zaproxy.org/docs/desktop/addons/bean-shell/ https://github.com/zaproxy/zap-extensions/ 2021-10-07 577838 2.11.0 browserView Browser View Adds an option to render HTML responses like a browser ZAP Dev Team 6 browserView-alpha-6.zap alpha <h3>Added</h3> <ul> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.12.0.</li> <li>Maintenance changes.</li> <li>Make missing JavaFX logging less verbose in regular use.</li> <li>Update help with the requirements to use the add-on.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/browserView-v6/browserView-alpha-6.zap SHA-256:e53cfde3a009a4be2e40c84ac02e05114505160bd2bab6cbb42416ab9a65b16c https://www.zaproxy.org/docs/desktop/addons/browser-view/ https://github.com/zaproxy/zap-extensions/ 2023-03-13 197667 2.12.0 bruteforce Forced Browse Forced browsing of files and directories using code from the OWASP DirBuster tool ZAP Dev Team 21 bruteforce-beta-21.zap beta <h3>Changed</h3> <ul> <li>Maintenance changes.</li> </ul> <h3>Fixed</h3> <ul> <li>Bug: tested the wrong condition when detecting &quot;file not found&quot; responses.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/bruteforce-v21/bruteforce-beta-21.zap SHA-256:54dfb10a64d35fbb829968f7fe53bff1cf8a30753d3e22b3172e478304facb86 https://www.zaproxy.org/docs/desktop/addons/forced-browse/ https://github.com/zaproxy/zap-extensions/ 2026-07-13 555053 2.17.0 commonlib >= 1.43.0 & < 2.0.0 bugtracker Bug Tracker Bug Tracker extension. ZAP Dev Team 4 bugtracker-alpha-4.zap alpha <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.11.1.</li> <li>Dependency updates.</li> <li>Maintenance changes.</li> <li>Updated to use PAT not password (https://github.blog/changelog/2021-08-12-git-password-authentication-is-shutting-down/).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/bugtracker-v4/bugtracker-alpha-4.zap SHA-256:37c57f8e7f4a1608500527ac1831f8b078427f804ea04ad5790a2970e3e1b722 https://www.zaproxy.org/docs/desktop/addons/bug-tracker/ https://github.com/zaproxy/zap-extensions/ 2022-09-23 3707425 2.11.1 callgraph Call Graph Allows the user to view a call graph of the selected resources Colm O'Flaherty 5 callgraph-alpha-5.zap alpha <h3>Added</h3> <ul> <li>Add help.</li> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.11.0.</li> <li>Maintenance changes.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/callgraph-v5/callgraph-alpha-5.zap SHA-256:0874ce5aad0c4bbf28f72627a4940759d328396e12b7d6a5596f2e41bf24dc4e https://www.zaproxy.org/docs/desktop/addons/call-graph/ https://github.com/zaproxy/zap-extensions/ 2021-10-07 925930 2.11.0 callhome Call Home Handles all of the calls to ZAP services. ZAP Dev Team 0.23.0 callhome-release-0.23.0.zap release <h3>Added</h3> <ul> <li>SSE stats to telemetry.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/callhome-v0.23.0/callhome-release-0.23.0.zap SHA-256:eadebd4ae60c1865f6811a276a643ebe954328e2e903447bf460d8b3ef691d7f https://www.zaproxy.org/docs/desktop/addons/call-home/ https://github.com/zaproxy/zap-extensions/ 2026-07-13 326771 2.17.0 client Client Side Integration Exposes client (browser) side information in ZAP using Firefox and Chrome extensions. ZAP Dev Team 0.30.0 client-alpha-0.30.0.zap alpha <h3>Changed</h3> <ul> <li>Wait always after component navigation while crawling.</li> <li>Follow any navigation component while crawling.</li> <li>Crawl component state changes.</li> <li>Help to show that the Client Spider is now the recommended option for modern apps.</li> </ul> <h3>Fixed</h3> <ul> <li>Normalise behaviour of Delete context menu item.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/client-v0.30.0/client-alpha-0.30.0.zap SHA-256:68a0602b64f736116cdffddbbb670ea10f74f434f68662e9451cba8ea52557ff https://www.zaproxy.org/docs/desktop/addons/client-side-integration/ https://github.com/zaproxy/zap-extensions/ 2026-07-06 5923546 2.17.0 commonlib >=1.33.0 database >=0.9.0 & < 1.0.0 network >=0.8.0 pscan >=0.4.0 selenium >=15.49.0 commonlib Common Library A common library, for use by other add-ons. ZAP Dev Team 1.43.0 commonlib-release-1.43.0.zap release <h3>Added</h3> <ul> <li>UriUtils class for standardising URI checking.</li> </ul> <h3>Changed</h3> <ul> <li>Update dependencies.</li> <li>Updated Bank Identification Number data from a new source (https://github.com/venelinkochev/bin-list-data/).</li> <li>Added help page documenting the BIN list data and how it is used by scan rules.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/commonlib-v1.43.0/commonlib-release-1.43.0.zap SHA-256:f1c46d6c65434a2a54307065b558a87121eaa5b9b6bc6cfb10bf230b6335d1f5 https://www.zaproxy.org/docs/desktop/addons/common-library/ https://github.com/zaproxy/zap-extensions/ 2026-07-14 11694160 2.17.0 communityScripts Community Scripts Useful ZAP scripts written by the ZAP community. ZAP Community 19 communityScripts-alpha-19.zap alpha <h3>Added</h3> <ul> <li>extender/arpSyndicateSubdomainDiscovery.js - uses the API of <a href="https://www.subdomain.center/">ARPSyndicate's Subdomain Center</a> to find and add subdomains to the Sites Tree.</li> <li>passive/JavaDisclosure.js - Passive scan for Java error messages leaks</li> <li>httpsender/RsaEncryptPayloadForZap.py - A script that encrypts requests using RSA</li> <li>selenium/FillOTPInMFA.js - A script that fills the OTP in MFA</li> <li>authentication/KratosApiAuthentication.js - A script to authenticate with Kratos using the API flow</li> <li>authentication/KratosBrowserAuthentication.js - A script to authenticate with Kratos using the browser flow</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.15.0.</li> <li>Use Prettier to format all JavaScript scripts.</li> <li>Update the following scripts to implement the <code>getMetadata()</code> function with revised metadata: <ul> <li>active/Cross Site WebSocket Hijacking.js</li> <li>active/cve-2019-5418.js</li> <li>active/gof_lite.js</li> <li>active/JWT None Exploit.js</li> <li>active/SSTI.js</li> <li>passive/clacks.js</li> <li>passive/CookieHTTPOnly.js</li> <li>passive/detect_csp_notif_and_reportonly.js</li> <li>passive/detect_samesite_protection.js</li> <li>passive/f5_bigip_cookie_internal_ip.js</li> <li>passive/find base64 strings.js</li> <li>passive/Find Credit Cards.js</li> <li>passive/Find Emails.js</li> <li>passive/Find Hashes.js</li> <li>passive/Find HTML Comments.js</li> <li>passive/Find IBANs.js</li> <li>passive/Find Internal IPs.js</li> <li>passive/find_reflected_params.py</li> <li>passive/HUNT.py</li> <li>passive/Mutliple Security Header Check.js</li> <li>passive/google_api_keys_finder.js</li> <li>passive/JavaDisclosure.js</li> <li>passive/Report non static sites.js</li> <li>passive/RPO.js</li> <li>passive/s3.js</li> <li>passive/Server Header Disclosure.js</li> <li>passive/SQL injection detection.js</li> <li>passive/Telerik Using Poor Crypto.js</li> <li>passive/Upload form discovery.js</li> <li>passive/X-Powered-By_header_checker.js</li> </ul> </li> <li>httpsender/Alert on Unexpected Content Types.js now checks for common content-types (<code>json</code>, <code>xml</code>, and <code>yaml</code>) more consistently.</li> <li>targeted/request_to_xml.js no longer uses deprecated method to show the message in the editor dialogue.</li> </ul> https://github.com/zaproxy/community-scripts/releases/download/v19/communityScripts-alpha-19.zap SHA-256:f96502b471dd349ae2fceba4a68bde9465091580040ad8798e13bb176030bbba https://www.zaproxy.org/docs/desktop/addons/community-scripts/ https://github.com/zaproxy/community-scripts/ 2024-07-01 475346 2.15.0 coreLang Core Language Files Translations of the core language files ZAP Dev Team 15 coreLang-release-15.zap release <h3>Changed</h3> <ul> <li>Update the languages files from Crowdin.</li> <li>Update minimum ZAP version to 2.11.1.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/coreLang-v15/coreLang-release-15.zap SHA-256:d8258b914ffc95820dd045acf56677668a8cbbfc759290f72e30210056dfb88c https://crowdin.com/project/zaproxy https://github.com/zaproxy/zap-extensions/ 2022-02-14 4616009 2.11.1 custompayloads Custom Payloads Ability to add, edit or remove payloads that are used i.e. by active scanners ZAP Dev Team 0.16.0 custompayloads-release-0.16.0.zap release <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.17.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/custompayloads-v0.16.0/custompayloads-release-0.16.0.zap SHA-256:2bf60963f039dc9c47975026f9cec2c4c4161d4e0278c41e092a92ffb4b23543 https://www.zaproxy.org/docs/desktop/addons/custom-payloads/ https://github.com/zaproxy/zap-extensions/ 2025-12-15 335213 2.17.0 commonlib >= 1.17.0 & < 2.0.0 database Database Provides database engines and related infrastructure. ZAP Dev Team 0.9.0 database-alpha-0.9.0.zap alpha <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.17.0.</li> <li>Update dependencies.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/database-v0.9.0/database-alpha-0.9.0.zap SHA-256:4c58ca142288d9ddc6ae3fd8fe6815e3894462bae67eb0776e540a2d9ddaf87d https://www.zaproxy.org/docs/desktop/addons/database/ https://github.com/zaproxy/zap-extensions/ 2025-12-15 23342827 2.17.0 dev Dev Add-on An add-on to help with development of ZAP. ZAP Dev Team 0.10.0 dev-alpha-0.10.0.zap alpha <h3>Added</h3> <ul> <li>Basic CSRF test app.</li> <li>Page with input elements that appear after a delay and off the displayed screen.</li> <li>Auth app which uses multiple (faked) domains.</li> <li>An auth example where there's a div that may obscure the login fields.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/dev-v0.10.0/dev-alpha-0.10.0.zap SHA-256:f749b0ec8d593fc16ec5798ce1e3668ceeb7d965dcaf029ae039acf5ebabe09a https://www.zaproxy.org/docs/desktop/addons/dev-add-on/ https://github.com/zaproxy/zap-extensions/ 2025-05-15 182901 2.16.0 commonlib >=1.17.0 network >=0.7.0 diff Diff Displays a dialog showing the differences between 2 requests or responses. It uses diffutils and diff_match_patch ZAP Dev Team 18 diff-beta-18.zap beta <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.17.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/diff-v18/diff-beta-18.zap SHA-256:a0b1326c0d8a520cd3fd56cc422a73d2eba7b6a1853aad3e61a9f2ddf8dc0717 https://www.zaproxy.org/docs/desktop/addons/diff/ https://github.com/zaproxy/zap-extensions/ 2025-12-15 693652 2.17.0 commonlib >=1.23.0 directorylistv1 Directory List v1.0 List of directory names to be used with Forced Browse or Fuzzer add-on. ZAP Dev Team 9 directorylistv1-release-9.zap release <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.16.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/directorylistv1-v9/directorylistv1-release-9.zap SHA-256:71e5b57bcf89774267375426f2e67f789cf13a4b69c97c8946a325fa321d18ce https://www.zaproxy.org/docs/desktop/addons/directory-list-v1.0/ https://github.com/zaproxy/zap-extensions/ 2025-01-09 961164 2.16.0 directorylistv2_3 Directory List v2.3 Lists of directory names to be used with Forced Browse or Fuzzer add-on. ZAP Dev Team 4 directorylistv2_3-release-4.zap release <h3>Added</h3> <ul> <li>Add help.</li> <li>Add repo URL.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.11.0.</li> <li>Change info URL to link to the site.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/directorylistv2_3-v4/directorylistv2_3-release-4.zap SHA-256:3a8b04b9363b57acd9cf8cd67abce4c630f986e2b492a1ebd01eaa9587a0a199 https://www.zaproxy.org/docs/desktop/addons/directory-list-v2.3/ https://github.com/zaproxy/zap-extensions/ 2021-10-07 8722229 2.11.0 directorylistv2_3_lc Directory List v2.3 LC Lists of lower case directory names to be used with Forced Browse or Fuzzer add-on. ZAP Dev Team 4 directorylistv2_3_lc-release-4.zap release <h3>Added</h3> <ul> <li>Add help.</li> <li>Add repo URL.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.11.0.</li> <li>Change info URL to link to the site.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/directorylistv2_3_lc-v4/directorylistv2_3_lc-release-4.zap SHA-256:2603580ba53673c31800ef7373e7cc09de759369b6f8fb43cc9e5024ad5d9af4 https://www.zaproxy.org/docs/desktop/addons/directory-list-v2.3-lc/ https://github.com/zaproxy/zap-extensions/ 2021-10-07 7569974 2.11.0 domxss DOM XSS Active scanner rule DOM XSS Active scanner rule Aabha Biyani, ZAP Dev Team 24 domxss-release-24.zap release <h3>Changed</h3> <ul> <li>The scan rule now has new tags for the OWASP Top 10 2025.</li> <li>Depends on an updated version of the Common Library add-on.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/domxss-v24/domxss-release-24.zap SHA-256:6f99b18d4af4a9f5277369b802ecf333b337ecce4e972d7dc08827253b604108 https://www.zaproxy.org/docs/desktop/addons/dom-xss-active-scan-rule/ https://github.com/zaproxy/zap-extensions/ 2026-04-14 286625 2.17.0 commonlib >= 1.40.0 & < 2.0.0 network >=0.1.0 selenium >= 15.39.0 encoder Encoder Adds encode/decode/hash dialog and support for scripted processors as well ZAP Dev Team 1.9.0 encoder-release-1.9.0.zap release <h3>Changed</h3> <ul> <li>Main dialog input area is now resizable via a draggable divider between input and output panels, the position is saved and restored when the dialog is opened.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/encoder-v1.9.0/encoder-release-1.9.0.zap SHA-256:5f826627a98cfa368b8b7e178850bebde73447f91eec852fa7f0af81ddd6a76c https://www.zaproxy.org/docs/desktop/addons/encode-decode-hash/ https://github.com/zaproxy/zap-extensions/ 2026-03-02 508364 2.17.0 commonlib >=1.23.0 evalvillain Eval Villain Adds the Eval Villain extension to Firefox when launched from ZAP. Dennis Goodlett and the ZAP Dev Team 0.4.0 evalvillain-alpha-0.4.0.zap alpha <h3>Changed</h3> <ul> <li>Updated with new version of Eval Villain.</li> <li>Update minimum ZAP version to 2.15.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/evalvillain-v0.4.0/evalvillain-alpha-0.4.0.zap SHA-256:dedb6245cee2383b13eb4c0c58301ee2518c6e0af36359559f2e1638a8a076e3 https://www.zaproxy.org/docs/desktop/addons/eval-villain/ https://github.com/zaproxy/zap-extensions/ 2024-11-25 4957040 2.15.0 selenium >=15.5.0 exim Import/Export Import and Export functionality ZAP Dev Team & thatsn0tmysite 0.21.0 exim-beta-0.21.0.zap beta <h3>Added</h3> <ul> <li>Allow to import HAR data directly through the API.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/exim-v0.21.0/exim-beta-0.21.0.zap SHA-256:e98e64f1a2259c3e018d59c1bcdce8ea96bbb3433463b0182bcad3947eea7beb https://www.zaproxy.org/docs/desktop/addons/import-export/ https://github.com/zaproxy/zap-extensions/ 2026-07-06 1159059 2.17.0 commonlib >= 1.38.0 & < 2.0.0 fileupload FileUpload Detect File upload requests and scan them to find related vulnerabilities KSASAN preetkaran20@gmail.com 1.2.1 fileupload-alpha-1.2.1.zap alpha https://github.com/zaproxy/zap-extensions/releases/download/2.7/fileupload-alpha-1.2.1.zap SHA-256:84734320ed04f6e287cc0458897e99e80fe16d632d071e73187e446448b5fa7f https://www.zaproxy.org/blog/2021-08-20-zap-fileupload-addon/ https://github.com/SasanLabs/owasp-zap-fileupload-addon/ 2023-10-23 78272 2.11.0 formhandler Value Generator This Value Generator Add-on allows a user to define field names and values to be used when submitting values to an app. Fields can be added, modified, enabled/disabled, and deleted. ZAP Dev Team 6.8.0 formhandler-beta-6.8.0.zap beta <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.17.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/formhandler-v6.8.0/formhandler-beta-6.8.0.zap SHA-256:ba044f9ca74171bbb0a14a4fab804a278fab8989124ab6a543da9e57a34c0210 https://www.zaproxy.org/docs/desktop/addons/value-generator/ https://github.com/zaproxy/zap-extensions/ 2025-12-15 2128991 2.17.0 commonlib >= 1.29.0 & < 2.0.0 foxhound Foxhound ZAP Add-on Capture and analysis of client-side data flows from the Foxhound browser. Thomas Barber 0.1.0 foxhound-alpha-0.1.0.zap alpha <h3>Added</h3> <ul> <li>First addition of Foxhound files</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/foxhound-v0.1.0/foxhound-alpha-0.1.0.zap SHA-256:e105d6e5c2c2b074d7a4e5ee4950a4efed0208f6f4259030858c31dd3c81b72e https://www.zaproxy.org/docs/desktop/addons/foxhound/ https://github.com/zaproxy/zap-extensions/ 2025-12-08 119381 2.16.0 commonlib >= 1.29.0 & < 2.0.0 network >=0.1.0 pscan >= 0.1.0 & < 1.0.0 selenium >=15.14.0 fuzz Fuzzer Advanced fuzzer for manual testing ZAP Dev Team 13.16.0 fuzz-beta-13.16.0.zap beta <h3>Changed</h3> <ul> <li>Maintenance changes.</li> <li>Use a scrollbar in the Default Category combo box instead of making the options panel larger (Issue 8923).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/fuzz-v13.16.0/fuzz-beta-13.16.0.zap SHA-256:c39125db01a774b19b5f224d504a301a0f25a213e87a3ce58d90306a79a70701 https://www.zaproxy.org/docs/desktop/addons/fuzzer/ https://github.com/zaproxy/zap-extensions/ 2025-06-20 2014901 2.16.0 commonlib >= 1.23.0 & < 2.0.0 fuzzai FuzzAI Files FuzzAI files which can be used with the ZAP fuzzer!!! Marios Gyftos & Yiannis Pavlosoglou 0.0.3 fuzzai-alpha-0.0.3.zap alpha https://github.com/zaproxy-addons/fuzzai/releases/download/v0.0.3/fuzzai-alpha-0.0.3.zap SHA-256:1356a20180b37b92a8a39ff95b510a9b4eb08304afab8edbdd4e0cbd180bd956 https://www.zaproxy.org/docs/desktop/addons/fuzzai-files/ https://github.com/CyberRiskEngineering/zap-fuzzai-addon 2025-11-06 441441 2.16.0 fuzzdb FuzzDB Files FuzzDB files which can be used with the ZAP fuzzer ZAP Dev Team 9 fuzzdb-release-9.zap release <h3>Changed</h3> <ul> <li>Updated RAFT lists based on more recent SecLists contributions</li> <li>Update minimum ZAP version to 2.11.1.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/fuzzdb-v9/fuzzdb-release-9.zap SHA-256:c79537362cd6b383f447359685e3bd51795600b97ca0c1fadc4ba74828a7d4f4 https://www.zaproxy.org/docs/desktop/addons/fuzzdb-files/ https://github.com/zaproxy/zap-extensions/ 2022-09-23 6167205 2.11.1 fuzzdboffensive FuzzDB Offensive FuzzDB web backdoors and attack files which can be used with the ZAP fuzzer or for manual penetration testing - contains files that may well be flagged by anti-virus tools ZAP Dev Team 5 fuzzdboffensive-release-5.zap release <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.14.0.</li> <li>Updated help and description to say this may cause problems with anti-virus tools (Issue 8297).</li> </ul> https://github.com/zaproxy/fuzzdb-offensive/releases/download/v5/fuzzdboffensive-release-5.zap SHA-256:9d7bf6f8df62e5ee56e72b47785e6027674127ae70604d9c4f6dc0cea1f536dc https://www.zaproxy.org/docs/desktop/addons/fuzzdb-offensive/ https://github.com/zaproxy/fuzzdb-offensive/ 2024-01-11 523693 2.14.0 gettingStarted Getting Started with ZAP Guide A short Getting Started with ZAP Guide ZAP Dev Team 20 gettingStarted-release-20.zap release <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.17.0.</li> <li>Update Getting Started Guide for 2.17.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/gettingStarted-v20/gettingStarted-release-20.zap SHA-256:2f48cfe5b0bff4973279ef812510a4e61f064952aed215855c4358ad94ee7e07 https://www.zaproxy.org/docs/desktop/addons/getting-started-guide/ https://github.com/zaproxy/zap-extensions/ 2025-12-15 968767 2.17.0 graaljs GraalVM JavaScript Provides the GraalVM JavaScript engine for ZAP scripting. ZAP Dev Team 0.14.0 graaljs-alpha-0.14.0.zap alpha <h3>Added</h3> <ul> <li>Document script engine lifecycle in the help.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/graaljs-v0.14.0/graaljs-alpha-0.14.0.zap SHA-256:1e196453fe9f660eb92e8debd6d0e07993741b52123a920c619c3bc5013c5020 https://www.zaproxy.org/docs/desktop/addons/graalvm-javascript/ https://github.com/zaproxy/zap-extensions/ 2026-03-02 27825430 2.17.0 commonlib >=1.37.0 scripts >=45.15.0 graphql GraphQL Support Inspect and attack GraphQL endpoints. ZAP Dev Team 0.33.0 graphql-alpha-0.33.0.zap alpha <h3>Changed</h3> <ul> <li>The alerts now have new tags for the OWASP Top 10 2025, and API Top 10 2023. <ul> <li>The &quot;OWASP_2023_API4&quot; tag was dropped in favor of the new unified mapping entry &quot;API_2023_API4_UNRESTRICTED_RESOURCE_CONSUMPTION&quot;. This may be a breaking change for users that depended on the tag to define scan policies.</li> </ul> </li> <li>Depends on an updated version of the Common Library add-on.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/graphql-v0.33.0/graphql-alpha-0.33.0.zap SHA-256:22f1246a302ef42b7eec9af340cc732494025a5fd6a0322d717dfccb44c5b8b3 https://www.zaproxy.org/docs/desktop/addons/graphql-support/ https://github.com/zaproxy/zap-extensions/ 2026-04-14 5698463 2.17.0 commonlib >= 1.40.0 & < 2.0.0 groovy Groovy Support Adds Groovy support to ZAP ZAP Dev Team 4.0.0 groovy-beta-4.0.0.zap beta <h3>Added</h3> <ul> <li>Document the engine name in the help page.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.17.0.</li> <li>Update Groovy from 3.0.14 to 5.0.3.<br /> Existing Groovy scripts should work without issues, but if you encounter problems, please refer to the following. <ul> <li><a href="https://groovy-lang.org/releasenotes/groovy-4.0.html">Groovy 4 Release Notes</a></li> <li><a href="https://groovy-lang.org/releasenotes/groovy-5.0.html#Groovy5.0-breaking">Groovy 5 Release Notes</a></li> </ul> </li> <li>Update script templates: <ul> <li>authentication/AuthenticationDefaultTemplate.groovy - remove outdated example code.</li> <li>httpsender/HttpSenderDefaultTemplate.groovy - update documentation.</li> <li>encode-decode/EncodeDecodeDefaultTemplate.groovy - remove the <code>final</code> modifier from the <code>test</code> field.</li> <li>httpfuzzerprocessor/FuzzerHttpProcessorDefaultTemplate.groovy - remove the <code>final</code> modifier from the <code>count</code> field.<br /> <strong>NOTE:</strong> The last two changes were required due to the Groovy update.</li> </ul> </li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/groovy-v4.0.0/groovy-beta-4.0.0.zap SHA-256:ac5092d443f8f472b69a19ca8a1ff204a0b00c12830dd2df0c0d764bee0352cf https://www.zaproxy.org/docs/desktop/addons/groovy-support/ https://github.com/zaproxy/zap-extensions/ 2025-12-15 25285011 2.17.0 commonlib >=1.24.0 scripts >=45.2.0 grpc gRPC Support Inspect, attack gRPC endpoints, and decode protobuf messages. ZAP Dev Team 0.2.0 grpc-alpha-0.2.0.zap alpha <h3>Added</h3> <ul> <li>gRPC WebSocket Support Added</li> </ul> <h3>Fixed</h3> <ul> <li>Do not try to decode non-gRPC responses when active scanning, which would lead to unnecessary warnings.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/grpc-v0.2.0/grpc-alpha-0.2.0.zap SHA-256:028464ebc6c80f36fd32088c7aede870f68940dcbb2064a0ed6bfe2bb93f37e1 https://www.zaproxy.org/docs/desktop/addons/grpc-support/ https://github.com/zaproxy/zap-extensions/ 2024-07-02 8202269 2.15.0 help Help - English English version of the ZAP help file. ZAP Crowdin Team 22 help-release-22.zap release <h3>Fixed</h3> <ul> <li>Fix a typo in Breakpoints features page.</li> </ul> <h3>Changed</h3> <ul> <li>Updated for 2.17.0.</li> </ul> https://github.com/zaproxy/zap-core-help/releases/download/help-v22/help-release-22.zap SHA-256:a99fcf18187ae3e232fafbe8150d3d65cbdd328c2284bd04016d82f2d2a5c945 https://www.zaproxy.org/docs/desktop/ https://github.com/zaproxy/zap-core-help/ 2025-12-15 647250 2.16.0 help_ar_SA Help - Arabic Arabic version of the ZAP help file. ZAP Crowdin Team 2 help_ar_SA-alpha-2.zap alpha <h3>Changed</h3> <ul> <li>Updated for 2.16.1.</li> </ul> https://github.com/zaproxy/zap-core-help/releases/download/help_ar_SA-v2/help_ar_SA-alpha-2.zap SHA-256:938663e7a1ff6a36bb7336bc80eec07366af3ff36acf817b472c2e959f8eb0fe https://www.zaproxy.org/docs/contribute/translate/ https://github.com/zaproxy/zap-core-help/ 2025-08-21 700495 2.16.0 help_bs_BA Help - Bosnian Bosnian version of the ZAP help file. ZAP Crowdin Team 10 help_bs_BA-alpha-10.zap alpha <h3>Changed</h3> <ul> <li>Updated for 2.16.1.</li> </ul> https://github.com/zaproxy/zap-core-help/releases/download/help_bs_BA-v10/help_bs_BA-alpha-10.zap SHA-256:f61b6df64dfaf669942899843f8f8eedd6d02fa4f980883276bfaca22ffefadd https://www.zaproxy.org/docs/contribute/translate/ https://github.com/zaproxy/zap-core-help/ 2025-08-21 688882 2.16.0 help_es_ES Help - Spanish Spanish version of the ZAP help file. ZAP Crowdin Team 11 help_es_ES-release-11.zap release <h3>Changed</h3> <ul> <li>Updated for 2.16.1.</li> </ul> https://github.com/zaproxy/zap-core-help/releases/download/help_es_ES-v11/help_es_ES-release-11.zap SHA-256:d85348dd51a2110ef9be994d2df39af675666f13682114d5161895ecbbaff7d5 https://www.zaproxy.org/docs/contribute/translate/ https://github.com/zaproxy/zap-core-help/ 2025-08-21 750150 2.16.0 help_fil_PH Help - Filipino Filipino version of the ZAP help file. ZAP Crowdin Team 4 help_fil_PH-release-4.zap release <h3>Changed</h3> <ul> <li>Updated for 2.16.1.</li> </ul> https://github.com/zaproxy/zap-core-help/releases/download/help_fil_PH-v4/help_fil_PH-release-4.zap SHA-256:e19ef5a3645e528a44c4508e682b1d1d2b9bda104518e2c765a0586797f384d0 https://www.zaproxy.org/docs/contribute/translate/ https://github.com/zaproxy/zap-core-help/ 2025-08-21 756582 2.16.0 help_fr_FR Help - French French version of the ZAP help file. ZAP Crowdin Team 11 help_fr_FR-alpha-11.zap alpha <h3>Changed</h3> <ul> <li>Updated for 2.16.1.</li> </ul> https://github.com/zaproxy/zap-core-help/releases/download/help_fr_FR-v11/help_fr_FR-alpha-11.zap SHA-256:49b144d2fb7a31d55b69df0834f82efb24c1ac541da1fe271aa7c896c4b02c63 https://www.zaproxy.org/docs/contribute/translate/ https://github.com/zaproxy/zap-core-help/ 2025-08-21 695730 2.16.0 help_id_ID Help - Indonesian Indonesian version of the ZAP help file. ZAP Crowdin Team 4 help_id_ID-release-4.zap release <h3>Changed</h3> <ul> <li>Updated for 2.16.1.</li> </ul> https://github.com/zaproxy/zap-core-help/releases/download/help_id_ID-v4/help_id_ID-release-4.zap SHA-256:636f1bf1a6c8c344243a99dc45010060da1a343ee67312901a9a76e2c9dea129 https://www.zaproxy.org/docs/contribute/translate/ https://github.com/zaproxy/zap-core-help/ 2025-08-21 721864 2.16.0 help_ja_JP Help - Japanese Japanese version of the ZAP help file. ZAP Crowdin Team 11 help_ja_JP-beta-11.zap beta <h3>Changed</h3> <ul> <li>Updated for 2.16.1.</li> </ul> https://github.com/zaproxy/zap-core-help/releases/download/help_ja_JP-v11/help_ja_JP-beta-11.zap SHA-256:16bbeabe913f66105c1a7de32aa670e20a76d3bec6d20d28c6175043c068c7bd https://www.zaproxy.org/docs/contribute/translate/ https://github.com/zaproxy/zap-core-help/ 2025-08-21 712619 2.16.0 help_ms_MY Help - Malay Malay version of the ZAP help file. ZAP Crowdin Team 2 help_ms_MY-alpha-2.zap alpha <h3>Changed</h3> <ul> <li>Updated for 2.16.1.</li> </ul> https://github.com/zaproxy/zap-core-help/releases/download/help_ms_MY-v2/help_ms_MY-alpha-2.zap SHA-256:f640cb80be1859aef002e6717e9549f1d08e89f8614a9c53db049b06baa74164 https://www.zaproxy.org/docs/contribute/translate/ https://github.com/zaproxy/zap-core-help/ 2025-08-21 687911 2.16.0 help_pt_BR Help - Portuguese, Brazilian Portuguese, Brazilian version of the ZAP help file. ZAP Crowdin Team 12 help_pt_BR-release-12.zap release <h3>Changed</h3> <ul> <li>Updated for 2.16.1.</li> </ul> https://github.com/zaproxy/zap-core-help/releases/download/help_pt_BR-v12/help_pt_BR-release-12.zap SHA-256:98e5d9911bb25718a373ecd9c37388224e8b59ecb203c2ec3d91b84eaf8c1e5c https://www.zaproxy.org/docs/contribute/translate/ https://github.com/zaproxy/zap-core-help/ 2025-08-21 732259 2.16.0 help_ru_RU Help - Russian Russian version of the ZAP help file. ZAP Crowdin Team 3 help_ru_RU-release-3.zap release <h3>Changed</h3> <ul> <li>Updated for 2.16.1.</li> </ul> https://github.com/zaproxy/zap-core-help/releases/download/help_ru_RU-v3/help_ru_RU-release-3.zap SHA-256:ec0e82c2e805b028f1fd38963b88aa82126c3f1fc95d5c0562e0e0bc026f4207 https://www.zaproxy.org/docs/contribute/translate/ https://github.com/zaproxy/zap-core-help/ 2025-08-21 829148 2.16.0 help_tr_TR Help - Turkish Turkish version of the ZAP help file. ZAP Crowdin Team 3 help_tr_TR-release-3.zap release <h3>Changed</h3> <ul> <li>Updated for 2.16.1.</li> </ul> https://github.com/zaproxy/zap-core-help/releases/download/help_tr_TR-v3/help_tr_TR-release-3.zap SHA-256:7623354df0309798953860fbf4650d7a771d5beb8355a287da58b5c51371080f https://www.zaproxy.org/docs/contribute/translate/ https://github.com/zaproxy/zap-core-help/ 2025-08-21 759564 2.16.0 help_zh_CN Help - Chinese Simplified Chinese Simplified version of the ZAP help file. ZAP Crowdin Team 4 help_zh_CN-release-4.zap release <h3>Changed</h3> <ul> <li>Updated for 2.16.1.</li> </ul> https://github.com/zaproxy/zap-core-help/releases/download/help_zh_CN-v4/help_zh_CN-release-4.zap SHA-256:18937e5678c949ff15f55e213cf9b0da8da03ed61774308d2fc5257fecad77b2 https://www.zaproxy.org/docs/contribute/translate/ https://github.com/zaproxy/zap-core-help/ 2025-08-21 708657 2.16.0 highlighter Highlighter Allows you to highlight strings in the request and response tabs. ZAP Dev Team 8 highlighter-alpha-8.zap alpha <h3>Added</h3> <ul> <li>Add help.</li> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.11.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/highlighter-v8/highlighter-alpha-8.zap SHA-256:4c4852bb2f42eb20dbe19a091e9025667947c73967a65770658333bedd01fccf https://www.zaproxy.org/docs/desktop/addons/highlighter/ https://github.com/zaproxy/zap-extensions/ 2021-10-07 115527 2.11.0 httpsInfo HTTPS Info Displays HTTPS configuration information. ZAP Dev Team 16 httpsInfo-alpha-16.zap alpha <h3>Added</h3> <ul> <li>HTTPS Configuration alerts now have tags for OWASP Top 10, WSTG, systemic, and policies.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/httpsInfo-v16/httpsInfo-alpha-16.zap SHA-256:79b40d4a68c5322390afd0a4c5d119589c8e6886cc33a1e75c096106b47bfd8e https://www.zaproxy.org/docs/desktop/addons/https-info/ https://github.com/zaproxy/zap-extensions/ 2026-03-31 2331561 2.17.0 commonlib >= 1.40.0 & < 2.0.0 network >=0.26.0 hud HUD - Heads Up Display Display information from ZAP in browser. ZAP Dev Team 0.19.0 hud-beta-0.19.0.zap beta <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.15.0.</li> <li>Disable the HUD by default - it still works but its flaky, and currently not a focus for us.</li> </ul> https://github.com/zaproxy/zap-hud/releases/download/v0.19.0/hud-beta-0.19.0.zap SHA-256:737239ce1b765ff32f9351a647594f22d725d319b94f7a2ef2cb153aadf832df https://www.zaproxy.org/docs/desktop/addons/hud/ https://github.com/zaproxy/zap-hud/ 2024-05-07 1382692 2.15.0 network >= 0.1.0 websocket imagelocationscanner Image Location and Privacy Scanner Image Location and Privacy Passive Scanner Jay Ball (@veggiespam) and the ZAP Dev Team 8 imagelocationscanner-beta-8.zap beta <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.17.0.</li> <li>The scan rule now has new tags for the OWASP Top 10 2025.</li> <li>Depends on an updated version of the Common Library add-on.</li> <li>Update dependency.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/imagelocationscanner-v8/imagelocationscanner-beta-8.zap SHA-256:63c8d4fc6c7cbe47041519e86b7a363a1967ff9dfbd8ac9a0f7de1687650f4a6 https://www.zaproxy.org/docs/desktop/addons/image-location-and-privacy-scanner/ https://github.com/zaproxy/zap-extensions/ 2026-04-14 1424239 2.17.0 commonlib >= 1.40.0 & < 2.0.0 insights Insights An add-on providing additional insights into what ZAP finds. ZAP Dev Team 0.5.0 insights-alpha-0.5.0.zap alpha <h3>Added</h3> <ul> <li>Report data now exposes <code>stoppingInsight</code> to make it explicit which insight caused a stop. The built-in report templates render the stopping insight when present.</li> </ul> <h3>Changed</h3> <ul> <li>The Automation Framework stop message now identifies the triggering insight (key, reason, site, value) instead of a generic string. The same details are appended to the daemon-mode exit reason.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/insights-v0.5.0/insights-alpha-0.5.0.zap SHA-256:2071758a31fff0782b7188091b414f84aea31aa88510d1717ff5f40d32426724 https://github.com/zaproxy/zap-extensions/ 2026-06-12 394181 2.17.0 invoke Invoke Applications Invoke external applications passing context related information such as URLs and parameters ZAP Dev Team 17 invoke-beta-17.zap beta <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.17.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/invoke-v17/invoke-beta-17.zap SHA-256:8f016524b25a73aae7b50f13f91c53483e1ff43d7b15d96cf0917cfe580e3b46 https://www.zaproxy.org/docs/desktop/addons/invoke-applications/ https://github.com/zaproxy/zap-extensions/ 2025-12-15 322515 2.17.0 commonlib >=1.23.0 jruby Ruby Scripting Allows Ruby to be used for ZAP scripting - templates included ZAP Dev Team 8 jruby-beta-8.zap beta <h3>Changed</h3> <ul> <li>Update links to zaproxy repo.</li> <li>Rename reliability to confidence in active/passive templates.</li> <li>Maintenance changes.</li> <li>Update minimum ZAP version to 2.11.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/jruby-v8/jruby-beta-8.zap SHA-256:f5bb450a165f6c407b8d24f7b2776bdc7a2edb0b4b42aea385f8a6ad1ae605ca https://www.zaproxy.org/docs/desktop/addons/ruby-scripting/ https://github.com/zaproxy/zap-extensions/ 2021-10-07 21968128 2.11.0 jsonview JSON View Adds a view that shows JSON messages nicely formatted Juha Kivekäs 3 jsonview-alpha-3.zap alpha <h3>Changed</h3> <ul> <li>Maintenance changes.</li> <li>Update minimum ZAP version to 2.13.0.</li> <li>Depend on Common Library add-on to reuse libraries (Issue 7961).</li> </ul> <h3>Fixed</h3> <ul> <li>Use other library to format the JSON bodies (Issue 7798).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/jsonview-v3/jsonview-alpha-3.zap SHA-256:ddafbbced033cc937ef37182e3650119dee3c7e5f1ac4ded73ea42125467184d https://www.zaproxy.org/docs/desktop/addons/json-view/ https://github.com/zaproxy/zap-extensions/ 2023-09-07 120558 2.13.0 commonlib >= 1.16.0 & < 2.0.0 jwt JWT Support Detect JWT requests and scan them to find related vulnerabilities KSASAN preetkaran20@gmail.com 1.0.3 jwt-alpha-1.0.3.zap alpha <ul> <li>First version of JWT Support. <ul> <li>Contains scanning rules for basic JWT related vulnerabilities.</li> <li>Contains JWT Fuzzer for fuzzing the JWT's present in the request.</li> </ul> </li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/2.7/jwt-alpha-1.0.3.zap SHA-256:d3df8480010ad2df230cbdb99619aafdb869861349455c3da0129a99b132d204 https://github.com/SasanLabs/owasp-zap-jwt-addon/ 2023-01-02 751748 2.11.1 commonlib fuzz 13.* jython Python Scripting Allows Python to be used for ZAP scripting - templates included ZAP Dev Team 15 jython-beta-15.zap beta <h3>Changed</h3> <ul> <li>Maintenance changes.</li> <li>Update Active and Passive Script Templates to include a <code>getMetadata</code> function. This will allow them to be used as regular scan rules.</li> <li>Depend on the <code>commonlib</code> add-on for scan rule scripts.</li> <li>Update minimum <code>scripts</code> add-on version to 45.1.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/jython-v15/jython-beta-15.zap SHA-256:019a64ba85cc9021a841e7253ae14f619129b603ab2048bec9593f5d59c1da02 https://www.zaproxy.org/docs/desktop/addons/python-scripting/ https://github.com/zaproxy/zap-extensions/ 2024-04-11 43315501 2.14.0 commonlib >=1.24.0 scripts >=45.2.0 kotlin Kotlin Support Allows Kotlin to be used for ZAP scripting StackHawk Engineering 1.1.0 kotlin-alpha-1.1.0.zap alpha <h3>Changed</h3> <ul> <li>Use appropriate syntax style for highlighting of code.</li> <li>Update minimum ZAP version to 2.11.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/kotlin-v1.1.0/kotlin-alpha-1.1.0.zap SHA-256:85a47ea7199b77cfb09081302c277de2ba5e2102ef79907573ebcfa6425302e9 https://www.zaproxy.org/docs/desktop/addons/kotlin-support/ https://github.com/zaproxy/zap-extensions/ 2021-10-07 48865539 2.11.0 levoai Levo.ai Build OpenAPI Specs with ZAP traffic using Levo.ai. Levo.ai 0.3.0 levoai-zap-addon-alpha-0.3.0.zap alpha <h3>Added</h3> <ul> <li>Option to configure an organization ID that is added as a header in the requests made to the Satellite.</li> <li>Option to specify the environment under which the discovered apps will be shown in the Levo dashboard.</li> <li>Set the sensor type in the requests made to the Satellite.</li> </ul> https://github.com/levoai/levoai-zap-addon/releases/download/v0.3.0/levoai-zap-addon-alpha-0.3.0.zap SHA-256:1a86d7c288bf4284e83f54203f4ed8dd7d40b2bd47fbb8f8f853da67676269d2 https://levo.ai https://github.com/levoai/levoai-zap-addon 2024-07-10 2465951 2.12.0 maplocal Map Local Allows mapping of responses to content of a chosen local file. Keindel (Andrey Maksimov) 0.0.1 maplocal-alpha-0.0.1.zap alpha <ul> <li>First version of Map Local extension. Provides feature to map Response Body to a content of chosen local file. <ul> <li>Has status panel in UI with 3 columns: Enabled / URL / Local Path.</li> <li>Has add / edit dialog with browse button to choose file.</li> <li>Has file choice verification check.</li> <li>Popup menus in sites and history, edit / remove - popups in status panel.</li> <li>Persists to session DB.</li> </ul> </li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/2.7/maplocal-alpha-0.0.1.zap SHA-256:d3ecd2a6e23b06ffed8646ee2314d921a1c1925c3ab08070a624a090734ebdca https://github.com/Keindel/owasp-zap-maplocal-addon 2023-10-05 49040 2.12.0 mcp MCP Integration An add-on that integrates MCP in ZAP. ZAP Dev Team 0.2.0 mcp-alpha-0.2.0.zap alpha <h3>Changed</h3> <ul> <li>Content type to not include charset (some servers complain).</li> </ul> <h3>Fixed</h3> <ul> <li>Handling of multiple SSE events on import.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/mcp-v0.2.0/mcp-alpha-0.2.0.zap SHA-256:adc8692a30bf6f23e5b597b95726f1588f4bd7d34ab57280481a91cbe35aca88 https://github.com/zaproxy/zap-extensions/ 2026-06-12 814370 2.17.0 automation >=0.59.0 commonlib >=1.17.0 network >=0.1.0 pscan >=0.6.0 reports >=0.44.0 neonmarker Neonmarker Colors history table items based on tags Juha Kivekäs, Kingthorin 1.8.0 neonmarker-alpha-1.8.0.zap alpha <h3>Changed</h3> <ul> <li>Adjust initialization of the Tags list</li> </ul> https://github.com/kingthorin/neonmarker/releases/download/v1.8.0/neonmarker-alpha-1.8.0.zap SHA-256:b4a52ab49d887fa1772b4b371d9ec9e48f2bb5dd0add25f21130b9e58e053e0b https://www.zaproxy.org/docs/desktop/addons/neonmarker/ https://github.com/kingthorin/neonmarker 2025-02-14 35958 2.16.0 pscan >=0.2.0 network Network Provides core networking capabilities. ZAP Dev Team 0.28.0 network-beta-0.28.0.zap beta <h3>Changed</h3> <ul> <li>Update dependencies (Issue 9337).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/network-v0.28.0/network-beta-0.28.0.zap SHA-256:bce232c3f369237638bc545f0ac38203c71e2313cffd683bac0012490901f8c4 https://www.zaproxy.org/docs/desktop/addons/network/ https://github.com/zaproxy/zap-extensions/ 2026-05-21 28793774 2.17.0 oast OAST Support Allows you to exploit out-of-band vulnerabilities ZAP Dev Team 0.24.0 oast-beta-0.24.0.zap beta <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.17.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/oast-v0.24.0/oast-beta-0.24.0.zap SHA-256:f06ecea02e2c1df4a164e737dd632afba4430225b2fdc2feb6042bdb1e976b3d https://www.zaproxy.org/docs/desktop/addons/oast-support/ https://github.com/zaproxy/zap-extensions/ 2025-12-15 914676 2.17.0 database >= 0.6.0 network >= 0.1.0 onlineMenu Online menus ZAP Online menu items ZAP Dev Team 15 onlineMenu-release-15.zap release <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.17.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/onlineMenu-v15/onlineMenu-release-15.zap SHA-256:6d0c4706f0570f60143efaaaa86f98cb539fcf7279aa620af7e2934da43a141f https://www.zaproxy.org/docs/desktop/addons/online-menu/ https://github.com/zaproxy/zap-extensions/ 2025-12-15 208866 2.17.0 openapi OpenAPI Support Imports and spiders OpenAPI definitions. ZAP Dev Team plus Joanna Bona, Nathalie Bouchahine, Artur Grzesica, Mohammad Kamar, Markus Kiss, Michal Materniak, Marcin Spiewak, and SDA SE Open Industry Solutions 57 openapi-beta-57.zap beta <h3>Changed</h3> <ul> <li>Maintenance changes.</li> <li>Dependency update.</li> </ul> <h3>Fixed</h3> <ul> <li>Bug where values were used for objects, instead of just for primitives.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/openapi-v57/openapi-beta-57.zap SHA-256:fe87dd63cb310131c4e7d8c14b675c97f4b7707eda8ccc5fd6042628b6f19ccf https://www.zaproxy.org/docs/desktop/addons/openapi-support/ https://github.com/zaproxy/zap-extensions/ 2026-07-06 12014679 2.17.0 commonlib >= 1.40.0 & < 2.0.0 packpentester Collection: Pentester Pack A collection of add-ons ideal for pentesters ZAP Dev Team 0.1.0 packpentester-alpha-0.1.0.zap alpha <h3>Fixed</h3> <ul> <li>Corrected fuzz add-on name</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/packpentester-v0.1.0/packpentester-alpha-0.1.0.zap SHA-256:0b8e7e4ddffdcacf46fdf9793bf84217738e281cbd5ccac732788c4b768d069c https://www.zaproxy.org/docs/desktop/addons/collection-pentester-pack/ https://github.com/zaproxy/zap-extensions/ 2022-05-12 6792 2.11.1 accessControl attacksurfacedetector custompayloads evalvillain fileupload fuzz fuzzdb jsonview jwt requester viewstate wappalyzer packscanrules Collection: Scan Rules Pack All of the add-ons just containing release, beta and alpha status scan rules ZAP Dev Team 0.0.1 packscanrules-alpha-0.0.1.zap alpha <p>First version.</p> https://github.com/zaproxy/zap-extensions/releases/download/packscanrules-v0.0.1/packscanrules-alpha-0.0.1.zap SHA-256:5ad68f153379bd96f36a7bead61e884cc42e1409cdd262dffc682b5f7bf92da4 https://www.zaproxy.org/docs/desktop/addons/collection-scan-rules-pack/ https://github.com/zaproxy/zap-extensions/ 2022-05-13 9244 2.11.1 ascanrules ascanrulesAlpha ascanrulesBeta domxss pscanrules pscanrulesAlpha pscanrulesBeta retire paramdigger Parameter Digger Identify hidden, unlinked parameters. Useful for finding web cache poisoning vulnerabilities. ZAP Dev Team and Arkaprabha Chakraborty 0.3.0 paramdigger-alpha-0.3.0.zap alpha <h3>Added</h3> <ul> <li>Support for menu weights (Issue 8369)</li> </ul> <h3>Changed</h3> <ul> <li>Maintenance changes.</li> <li>Update minimum ZAP version to 2.15.0.</li> <li>The output panel is now properly reset on ZAP session change (part of Issue 7694).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/paramdigger-v0.3.0/paramdigger-alpha-0.3.0.zap SHA-256:585e4853c7cbc3c925ea4d5e1cfbcd6d8a3d4a20b00bdd49f582743cc6a9e281 https://www.zaproxy.org/docs/desktop/addons/parameter-digger/ https://github.com/zaproxy/zap-extensions/ 2024-07-15 561541 2.15.0 commonlib >= 1.23.0 & < 2.0.0 plugnhack Plug-n-Hack Configuration Supports the Mozilla Plug-n-Hack standard: https://developer.mozilla.org/en-US/docs/Plug-n-Hack. ZAP Dev Team 13 plugnhack-beta-13.zap beta <h3>Changed</h3> <ul> <li>Maintenance changes.</li> <li>Update minimum ZAP version to 2.12.0.</li> <li>Use Network add-on to obtain main proxy address/port.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/plugnhack-v13/plugnhack-beta-13.zap SHA-256:8d74b572bb7e08d09ebcfd10da9f2f65f7970f9452feadb8bbe69c8037b80ee2 https://www.zaproxy.org/docs/desktop/addons/plug-n-hack/ https://github.com/zaproxy/zap-extensions/ 2022-10-27 736005 2.12.0 network >= 0.2.0 postman Postman Support Imports and spiders Postman collections. ZAP Dev Team 0.9.0 postman-alpha-0.9.0.zap alpha <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.17.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/postman-v0.9.0/postman-alpha-0.9.0.zap SHA-256:2b3245707cd1f3e0525f81ca8628166ca8bf9543572ddc7fe44002f4c517dd80 https://www.zaproxy.org/docs/desktop/addons/postman-support/ https://github.com/zaproxy/zap-extensions/ 2025-12-15 289315 2.17.0 commonlib >= 1.16.0 & < 2.0.0 pscan Passive Scanner Provides core passive scanning capabilities. ZAP Dev Team 0.6.0 pscan-alpha-0.6.0.zap alpha <h3>Changed</h3> <ul> <li>Migrate handling of Alerts raised statistics from the core.</li> <li>Update minimum ZAP version to 2.17.0.</li> </ul> <h3>Removed</h3> <ul> <li>Dropped help references to ZAP in Ten videos which are no longer available.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/pscan-v0.6.0/pscan-alpha-0.6.0.zap SHA-256:269ff66f0d8a8012f156e90e13238606a8d503b99521170649b62c9aa7295927 https://www.zaproxy.org/docs/desktop/addons/passive-scanner/ https://github.com/zaproxy/zap-extensions/ 2025-12-15 686354 2.17.0 commonlib >= 1.32.0 & < 2.0.0 pscanrules Passive scanner rules The release status Passive Scanner rules ZAP Dev Team 75 pscanrules-release-75.zap release <h3>Changed</h3> <ul> <li>Maintenance changes.</li> <li>Modern scan rule to refer to the Client Spider.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/pscanrules-v75/pscanrules-release-75.zap SHA-256:97814c5f1319a31b5041f1bbd1edfc312b3a539c7cd56f7903e9996858361fcb https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules/ https://github.com/zaproxy/zap-extensions/ 2026-07-06 2412423 2.17.0 commonlib >= 1.40.0 & < 2.0.0 pscan pscanrulesAlpha Passive scanner rules (alpha) The alpha status Passive Scanner rules ZAP Dev Team 49 pscanrulesAlpha-alpha-49.zap alpha <h3>Changed</h3> <ul> <li>Maintenance changes.</li> <li>The scan rules now have new tags for the OWASP Top 10 2025.</li> <li>The Fetch Metadata Request Headers scan rule now has alert tags for the Top 10 2021 and 2017.</li> <li>The Full Path Disclosure scan rule now also has an alert tag for the 2017 Top 10.</li> <li>Depends on an updated version of the Common Library add-on.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesAlpha-v49/pscanrulesAlpha-alpha-49.zap SHA-256:d84cdfc74de68dfbefda002aad26a021f959b8e59f79847b3e46a88ca9cb0795 https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules-alpha/ https://github.com/zaproxy/zap-extensions/ 2026-04-14 541651 2.17.0 commonlib >= 1.40.0 & < 2.0.0 pscanrulesBeta Passive scanner rules (beta) The beta status Passive Scanner rules ZAP Dev Team 50 pscanrulesBeta-beta-50.zap beta <h3>Changed</h3> <ul> <li>The scan rules now have new tags for the OWASP Top 10 2025.</li> <li>The Content Cacheability scan rule now includes alert tags for the 2021 and 2017 Top 10s.</li> <li>Depends on an updated version of the Common Library add-on.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesBeta-v50/pscanrulesBeta-beta-50.zap SHA-256:a979f7cd5d8be10e0338b417e006ec1e2f6ec79101010d570ddb5199892e921b https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules-beta/ https://github.com/zaproxy/zap-extensions/ 2026-04-14 596114 2.17.0 commonlib >= 1.40.0 & < 2.0.0 ptk OWASP PTK Adds the OWASP PTK extension to browsers launched from ZAP. ZAP Dev Team 0.7.0 ptk-beta-0.7.0.zap beta <h3>Changed</h3> <ul> <li>Use client spider option to not crawl new content.</li> <li>Enable the active scan rule by default.</li> <li>Promote to beta.</li> <li>Added recommended rules option.</li> </ul> https://github.com/zaproxy-addons/ptk/releases/download/v0.7.0/ptk-beta-0.7.0.zap SHA-256:4fc2877d67ac91756aace73f6325fa55a7bd24b55deef92e4121872f265ff677 https://www.zaproxy.org/docs/desktop/addons/owasp-ptk/ https://github.com/DenisPodgurskii/ZAP_PTK 2026-06-29 19804441 2.17.0 client >=0.28.0 selenium quickstart Quick Start Provides a tab which allows you to quickly test a target application ZAP Dev Team 59 quickstart-release-59.zap release <h3>Added</h3> <ul> <li>Allow to choose and open the browser directly from the tool bar.</li> </ul> <h3>Changed</h3> <ul> <li>Depend on newer version of Selenium add-on.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/quickstart-v59/quickstart-release-59.zap SHA-256:2388858c47aa504b5b4f397405ab46a51d69e3df5e9e3ae0ae2a2b4bb23e690b https://www.zaproxy.org/docs/desktop/addons/quick-start/ https://github.com/zaproxy/zap-extensions/ 2026-07-13 805897 2.17.0 callhome >= 0.0.1 network >= 0.3.0 pscan >= 0.1.0 & < 1.0.0 reports >= 0.4.0 selenium >= 15.6.0 reflect Reflect Finds reflected parameters Caleb Kinney 0.0.11 reflect-alpha-0.0.11.zap alpha https://github.com/zaproxy/zap-extensions/releases/download/2.7/reflect-alpha-0.0.11.zap SHA-256:c45307037042e4079546a5fcb17d1165475e5cdd5ba7e8abc0d2cf0a14866466 https://github.com/TypeError/reflect/ 2021-02-19 1780219 2.9.0 regextester Regular Expression Tester Allows to test Regular Expressions ZAP Dev Team 2 regextester-alpha-2.zap alpha <h3>Added</h3> <ul> <li>Add help.</li> <li>Add info and repo URLs.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.11.0.</li> </ul> <h3>Fixed</h3> <ul> <li>Close dialogues when the add-on is uninstalled.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/regextester-v2/regextester-alpha-2.zap SHA-256:b4706709c16a45e8bedc0bd6f28dd09532d5dbf3f1fe2c2853e20dbf6160a584 https://www.zaproxy.org/docs/desktop/addons/regular-expression-tester/ https://github.com/zaproxy/zap-extensions/ 2021-10-07 159441 2.11.0 replacer Replacer Easy way to replace strings in requests and responses. ZAP Dev Team 22 replacer-release-22.zap release <h3>Added</h3> <ul> <li>Method parameter matcher to allow rules to apply to specific HTTP methods (Issue 9016).</li> </ul> <h3>Changed</h3> <ul> <li>Support multiline replacements in GUI.</li> </ul> <h3>Fixed</h3> <ul> <li>Correct error message which was shown as missing.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/replacer-v22/replacer-release-22.zap SHA-256:e2cc4478f69fb0ea3fd65f21449e09664ae128df7b3903f1a1aa3ec026ed5b51 https://www.zaproxy.org/docs/desktop/addons/replacer/ https://github.com/zaproxy/zap-extensions/ 2026-03-19 448534 2.17.0 reports Report Generation Official ZAP Reports. ZAP Dev Team 0.46.0 reports-release-0.46.0.zap release <h3>Added</h3> <ul> <li>Added script diagnostics section to Traditional Reports.</li> <li>Templates that include Insights now also identify the Insight that stopped the scan, if applicable.</li> </ul> <h3>Fixed</h3> <ul> <li>Invalid alerts, ones without a corresponding message, are now excluded from generated reports. Previously these could break templates that reference message fields (e.g. SARIF, modern, <code>*-plus</code>) (Issue 6880).</li> </ul> <h3>Changed</h3> <ul> <li>Help content related to the params add-on was updated (Issue 9210).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/reports-v0.46.0/reports-release-0.46.0.zap SHA-256:2e8d42a48e23aefa8a6174b52aa0a8a6b90aca2da0a8bf94ac61f4aaa070bc2c https://www.zaproxy.org/docs/desktop/addons/report-generation/ https://github.com/zaproxy/zap-extensions/ 2026-07-06 16813020 2.17.0 commonlib >= 1.17.0 & < 2.0.0 requester Requester Allows to manually edit and send messages. Surikato and the ZAP Dev Team 7.10.0 requester-beta-7.10.0.zap beta <h3>Fixed</h3> <ul> <li>Save Requester panel and Manual Request Editor dialog options (Issue 6985).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/requester-v7.10.0/requester-beta-7.10.0.zap SHA-256:cca0589258a1c1c2a75dbffef5abf1ff46defa970800cf2748245f8e283aba3f https://www.zaproxy.org/docs/desktop/addons/requester/ https://github.com/zaproxy/zap-extensions/ 2026-03-02 770357 2.17.0 commonlib >=1.23.0 retest Retest An add-on to retest for presence/absence of previously generated alerts. ZAP Dev Team 0.11.0 retest-alpha-0.11.0.zap alpha <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.16.0.</li> <li>To handle automation class changes.</li> <li>Depend on newer version of Passive Scanner add-on (Issue 7959).</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/retest-v0.11.0/retest-alpha-0.11.0.zap SHA-256:26ad328ba5bcb144c20076949aacacf6c352121ee74f5bf4a813ccdd8945e35f https://www.zaproxy.org/docs/desktop/addons/retest/ https://github.com/zaproxy/zap-extensions/ 2025-01-10 259775 2.16.0 automation >=0.44.0 commonlib >= 1.17.0 & < 2.0.0 pscan >= 0.1.0 & < 1.0.0 retire Retire.js Use Retire.js to identify vulnerable or out-dated JavaScript packages. Nikita Mundhada and the ZAP Dev Team 0.61.0 retire-release-0.61.0.zap release <h3>Changed</h3> <ul> <li>Updated with upstream retire.js pattern changes.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/retire-v0.61.0/retire-release-0.61.0.zap SHA-256:395d3dba5cb18445c1d03e0c7ac33db6452efdb891aca2d98dbacdf0407e4864 https://www.zaproxy.org/docs/desktop/addons/retire.js/ https://github.com/zaproxy/zap-extensions/ 2026-07-02 1038824 2.17.0 commonlib >= 1.40.0 & < 2.0.0 pscan >= 0.1.0 & < 1.0.0 reveal Reveal Show hidden fields and enable disabled fields ZAP Dev Team 10 reveal-release-10.zap release <h3>Fixed</h3> <ul> <li>The content length is now properly set on responses which have been modified (Issue 8947).</li> </ul> <h3>Changed</h3> <ul> <li>Maintenance changes.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/reveal-v10/reveal-release-10.zap SHA-256:18368c13aa8a31a6470a465e9aef7c93d9a45b2c34cfe90f4200cbd04637fd0e https://www.zaproxy.org/docs/desktop/addons/reveal/ https://github.com/zaproxy/zap-extensions/ 2025-06-20 239142 2.16.0 revisit Revisit Revisit a site at any time in the past using the session history ZAP Dev Team 6 revisit-alpha-6.zap alpha <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.16.0.</li> <li>Maintenance changes.</li> <li>Minor fix in help content.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/revisit-v6/revisit-alpha-6.zap SHA-256:3f265ea36923b0a7870fb1d24db7c82261ad2616e3b1ad0e5bac5a6b7b8e8230 https://www.zaproxy.org/docs/desktop/addons/revisit/ https://github.com/zaproxy/zap-extensions/ 2025-06-20 302331 2.16.0 saml SAML Support Detect, Show, Edit, Fuzz SAML requests ZAP Dev Team 11 saml-alpha-11.zap alpha <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.17.0.</li> <li>Update dependency.</li> <li>Maintenance changes.</li> </ul> <h3>Fixed</h3> <ul> <li>Error logs to always include stack trace.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/saml-v11/saml-alpha-11.zap SHA-256:cd947f39c5defd8b1625b63ffe30510cc85ff611fc976761221ad3474ca1c2b3 https://www.zaproxy.org/docs/desktop/addons/saml-support/ https://github.com/zaproxy/zap-extensions/ 2025-12-15 1588418 2.17.0 scanpolicies Scan Policies A set of standard scan policies. ZAP Dev Team 0.8.0 scanpolicies-alpha-0.8.0.zap alpha <h3>Changed</h3> <ul> <li>Updated based on Rules' Policy Tag assignments.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/scanpolicies-v0.8.0/scanpolicies-alpha-0.8.0.zap SHA-256:bb1e2e0ce2d9febd41a9fab5a73aa536e1e88002e60e41065d2d9d492e7e7d1d https://www.zaproxy.org/docs/desktop/addons/scan-policies/ https://github.com/zaproxy/zap-extensions/ 2026-03-31 336299 2.17.0 scripts Script Console Supports all JSR 223 scripting languages ZAP Dev Team 45.20.0 scripts-release-45.20.0.zap release <h3>Added</h3> <ul> <li>GUI support for Zest script chains and failure level in the Automation Framework Script job dialog (via the Use Script Chain checkbox, and Chains tab).</li> </ul> <h3>Changed</h3> <ul> <li>Update dependency.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/scripts-v45.20.0/scripts-release-45.20.0.zap SHA-256:7f80df5e1bd692af6827c7d9b950ccda5ef9fd67e641969100d11011f057fe6d https://www.zaproxy.org/docs/desktop/addons/script-console/ https://github.com/zaproxy/zap-extensions/ 2026-07-13 5830265 2.17.0 commonlib >=1.37.0 database >=0.8.0 & < 1.0.0 pscan >= 0.1.0 & < 1.0.0 selenium Selenium WebDriver provider and includes HtmlUnit browser ZAP Dev Team 15.53.0 selenium-release-15.53.0.zap release <h3>Changed</h3> <ul> <li>Update Selenium to version 4.46.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/selenium-v15.53.0/selenium-release-15.53.0.zap SHA-256:5a3ecc2741e1697590c31e67b36cd81aa9a7cd0e0c47e2cc34fb0cce255f4823 https://www.zaproxy.org/docs/desktop/addons/selenium/ https://github.com/zaproxy/zap-extensions/ 2026-07-14 32749665 2.17.0 commonlib >=1.23.0 network >=0.2.0 sequence Sequence Gives the possibility of defining a sequence of requests to be scanned. ZAP Dev Team 10 sequence-beta-10.zap beta <h3>Fixed</h3> <ul> <li>Send requests using ZAP instead of default Zest HTTP client implementation.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/sequence-v10/sequence-beta-10.zap SHA-256:8690dfccaf7fe18a7f1975b3f4fa01c6e1b19e1907699adc3f811eb14f94358f https://www.zaproxy.org/docs/desktop/addons/sequence-scanner/ https://github.com/zaproxy/zap-extensions/ 2026-06-12 1782695 2.17.0 exim >= 0.13 network zest 48.* soap SOAP Support Imports and scans WSDL files containing SOAP endpoints. Alberto (albertov91) + ZAP Dev Team 31 soap-beta-31.zap beta <h3>Changed</h3> <ul> <li>Update dependency.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix SOAP requests generated from some WSDLs being incomplete. Requests now correctly include all fields defined in the schema, and requests are no longer broken by certain characters in element or attribute names and values.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/soap-v31/soap-beta-31.zap SHA-256:0617b8e37fed00fcb434afd4995b8c1483480d7b7a6063b6736169f3706767d1 https://www.zaproxy.org/docs/desktop/addons/soap-support/ https://github.com/zaproxy/zap-extensions/ 2026-06-12 13147768 2.17.0 commonlib >= 1.40.0 & < 2.0.0 spider Spider Spider used for automatically finding URIs on a site. ZAP Dev Team 0.20.0 spider-release-0.20.0.zap release <h3>Added</h3> <ul> <li>Access to the spider job status.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/spider-v0.20.0/spider-release-0.20.0.zap SHA-256:82acf7e307fdd4f46ac4d387656370ecad9c2ab940e1c81d9776768bacdedcd5 https://www.zaproxy.org/docs/desktop/addons/spider/ https://github.com/zaproxy/zap-extensions/ 2026-04-02 1201993 2.17.0 commonlib >= 1.29.0 & < 2.0.0 database network >=0.3.0 spiderAjax Ajax Spider Allows you to spider sites that make heavy use of JavaScript using Crawljax ZAP Dev Team 23.32.0 spiderAjax-release-23.32.0.zap release <h3>Changed</h3> <ul> <li>Help to show that the Client Spider is now the recommended option for modern apps.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/spiderAjax-v23.32.0/spiderAjax-release-23.32.0.zap SHA-256:9850bb21d7d1ecf8593740069d1eae75b02fb7eefa19af54244c277677031500 https://www.zaproxy.org/docs/desktop/addons/ajax-spider/ https://github.com/zaproxy/zap-extensions/ 2026-07-06 7792464 2.17.0 commonlib >= 1.23.0 & < 2.0.0 network >=0.11.0 selenium 15.* sqliplugin Advanced SQLInjection Scanner An advanced active injection bundle for SQLi (derived by SQLMap) Andrea Pompili (Yhawke) 17 sqliplugin-beta-17.zap beta <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.17.0.</li> <li>The scan rule now has the &quot;TEST_TIMING&quot; alert tag, as well as new tags for the OWASP Top 10 2025, and API Top 10 2023.</li> <li>Depends on an updated version of the Common Library add-on.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/sqliplugin-v17/sqliplugin-beta-17.zap SHA-256:ac5c2ce37f59b87980205fc008299624508909fda1d332979e28ebbb7b58420a https://www.zaproxy.org/docs/desktop/addons/advanced-sqlinjection-scanner/ https://github.com/zaproxy/zap-extensions/ 2026-04-14 540666 2.17.0 commonlib >= 1.40.0 & < 2.0.0 srm Software Risk Manager Extension Includes request and response data in XML reports and provides the ability to upload reports directly to a Software Risk Manager server Black Duck, Inc. 2025.12.0 srm-alpha-2025.12.0.zap alpha <h3>Changed</h3> <ul> <li>First version</li> </ul> https://github.com/zaproxy-addons/srm-2/releases/download/v2025.12.0/srm-alpha-2025.12.0.zap SHA-256:3743dd5a6844f224d04efabf2fc27eaf64ed9d9ab50addee1e57bc79fade07eb https://www.zaproxy.org/docs/desktop/addons/software-risk-manager/ https://github.com/codedx/srm-zap-extension/ 2025-12-10 1883498 2.16.0 commonlib >= 1.36.0 & < 2.0.0 sse Server-Sent Events Allows you to view Server-Sent Events (SSE) communication. ZAP Dev Team 14 sse-alpha-14.zap alpha <h3>Added</h3> <ul> <li>Stats for event and event streams.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.17.0.</li> </ul> <h3>Fixed</h3> <ul> <li>No longer fire a spurious empty event for a leading blank line (e.g. keep-alive) in an event stream.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/sse-v14/sse-alpha-14.zap SHA-256:7de39df7fc85810b977dd2800f58400fa474dd03c693ed62da5058bbfefc3a3f https://www.zaproxy.org/docs/desktop/addons/server-sent-events/ https://github.com/zaproxy/zap-extensions/ 2026-07-13 331883 2.17.0 svndigger SVN Digger Files SVN Digger files which can be used with ZAP forced browsing ZAP Dev Team 4 svndigger-release-4.zap release <h3>Added</h3> <ul> <li>Add help.</li> <li>Add repo URL.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.11.0.</li> <li>Promote to release status.</li> <li>Change info URL to link to the site.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/svndigger-v4/svndigger-release-4.zap SHA-256:5556efdf3fdb84ebd6cf3e76ca31e3fb6fb57c002cf14b2cf2f05f67bf2b622a https://www.zaproxy.org/docs/desktop/addons/svn-digger-files/ https://github.com/zaproxy/zap-extensions/ 2021-10-07 713963 2.11.0 tips Tips and Tricks Display ZAP Tips and Tricks ZAP Dev Team 16 tips-beta-16.zap beta <h3>Changed</h3> <ul> <li>Update minimum ZAP version to 2.17.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/tips-v16/tips-beta-16.zap SHA-256:c75be57814a6f430d967edf22352ae51b9050ec6cf79215ee0e98b21cfe384d2 https://www.zaproxy.org/docs/desktop/addons/tips-and-tricks/ https://github.com/zaproxy/zap-extensions/ 2025-12-15 574653 2.17.0 tokengen Token Generation and Analysis Allows you to generate and analyze pseudo random tokens, such as those used for session handling or CSRF protection ZAP Dev Team 16 tokengen-beta-16.zap beta <h3>Changed</h3> <ul> <li>Maintenance changes.</li> <li>Update minimum ZAP version to 2.17.0.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/tokengen-v16/tokengen-beta-16.zap SHA-256:8ed0aaa5cc1c8466736dad3462e7eda37d5cd0d31f83596ca8f7261d495ed6c6 https://www.zaproxy.org/docs/desktop/addons/token-generator/ https://github.com/zaproxy/zap-extensions/ 2025-12-15 543902 2.17.0 viewstate ViewState ASP ViewState Decoder and Editor Calum Hutton 4 viewstate-alpha-4.zap alpha <h3>Changed</h3> <ul> <li>Maintenance changes.</li> <li>Update minimum ZAP version to 2.17.0.</li> <li>Disable support for JSF.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/viewstate-v4/viewstate-alpha-4.zap SHA-256:7024ba573ddcfd5f9a4f6018e05922064b1e89838cd6f453ac8ae5e38a191e5e https://www.zaproxy.org/docs/desktop/addons/viewstate/ https://github.com/zaproxy/zap-extensions/ 2026-06-24 151275 2.17.0 wappalyzer Technology Detection Technology detection using various fingerprints and identifiers. ZAP Dev Team 21.56.0 wappalyzer-release-21.56.0.zap release <h3>Changed</h3> <ul> <li>Updated with enthec upstream icon and pattern changes.</li> <li>Dependency update.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/wappalyzer-v21.56.0/wappalyzer-release-21.56.0.zap SHA-256:79e83ae593b23e872171c536946be7a5089a07ae85eab73fe2088d5ceaf8dbd4 https://www.zaproxy.org/docs/desktop/addons/technology-detection/ https://github.com/zaproxy/zap-extensions/ 2026-07-06 31758633 2.17.0 commonlib >= 1.17.0 & < 2.0.0 pscan >= 0.1.0 & < 1.0.0 webdriverlinux Linux WebDrivers Linux WebDrivers for Firefox and Chrome. ZAP Dev Team 208 webdriverlinux-release-208.zap release <h3>Changed</h3> <ul> <li>Update ChromeDriver to 150.0.7871.114.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/webdriverlinux-v208/webdriverlinux-release-208.zap SHA-256:ec79ef4a00c1375feb876d6afa7fc333cd75a00ad81abfad21bd0601e0546666 https://www.zaproxy.org/docs/desktop/addons/linux-webdrivers/ https://github.com/zaproxy/zap-extensions/ 2026-07-09 14746899 2.17.0 webdrivermacos macOS WebDrivers macOS WebDrivers for Firefox and Chrome. ZAP Dev Team 208 webdrivermacos-release-208.zap release <h3>Changed</h3> <ul> <li>Update ChromeDriver to 150.0.7871.114.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/webdrivermacos-v208/webdrivermacos-release-208.zap SHA-256:19f28c08460cdccbdaffe140ec471a196240c0c258ec7516b8a8623d90d3a698 https://www.zaproxy.org/docs/desktop/addons/macos-webdrivers/ https://github.com/zaproxy/zap-extensions/ 2026-07-09 25746837 2.17.0 webdriverwindows Windows WebDrivers Windows WebDrivers for Firefox and Chrome. ZAP Dev Team 209 webdriverwindows-release-209.zap release <h3>Changed</h3> <ul> <li>Update ChromeDriver to 150.0.7871.114.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/webdriverwindows-v209/webdriverwindows-release-209.zap SHA-256:abbd046a04a4c0e2bb9bf9262f05733e339bacdea1f8f0bab6a40df9ed738e61 https://www.zaproxy.org/docs/desktop/addons/windows-webdrivers/ https://github.com/zaproxy/zap-extensions/ 2026-07-09 32069687 2.17.0 websocket WebSockets Allows you to inspect WebSocket communication. ZAP Dev Team 37 websocket-release-37.zap release <h3>Changed</h3> <ul> <li>Maintenance changes.</li> <li>Formatted JavaScript files for consistency.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/websocket-v37/websocket-release-37.zap SHA-256:f2c3035976531130494b5b9dfc02ca0ebd7e0388f740f68b6d4e775098be9fc6 https://www.zaproxy.org/docs/desktop/addons/websockets/ https://github.com/zaproxy/zap-extensions/ 2026-05-07 1417073 2.17.0 commonlib >=1.23.0 zest Zest - Graphical Security Scripting Language A graphical security scripting language, ZAPs macro language on steroids ZAP Dev Team 48.14.0 zest-beta-48.14.0.zap beta <h3>Added</h3> <ul> <li>Browser screenshots are now automatically captured on Zest client step failures, and script print output is included in the diagnostics report. For chain runs, each output is clearly attributed to the specific script that produced it.</li> </ul> <h3>Changed</h3> <ul> <li>Update minimum <code>scripts</code> add-on version to 45.19.0.</li> <li>Chained scripts now have provenance information preserved for troubleshooting purposes.</li> <li>Update Zest library to 0.36.0: <ul> <li>Update dependencies.</li> <li>Restore JSON deserialization behaviour.</li> <li>Handle text (and similar) input elements which only become visible when interacted with.</li> </ul> </li> <li>Maintenance changes.</li> </ul> <h3>Fixed</h3> <ul> <li>Fix exception when adding/editing Zest non-standalone type scripts through the GUI.</li> <li>Prevent exception with scripts when their engine isn't installed or present, which may be encountered when the zest add-on is uninstalled/updated.</li> </ul> https://github.com/zaproxy/zap-extensions/releases/download/zest-v48.14.0/zest-beta-48.14.0.zap SHA-256:27a8833d3d692c8e18337d2133e983956fe25ba920be0639d3067069cea50051 https://www.zaproxy.org/docs/desktop/addons/zest/ https://github.com/zaproxy/zap-extensions/ 2026-07-06 3486811 2.17.0 commonlib >=1.31.0 network >=0.2.0 pscan >= 0.1.0 & < 1.0.0 scripts >=45.19.0 selenium >= 15.44.0