V1Extensions
Extensions are no longer available and were replaced with add-ons, you are strongly recommended to update to the latest version of ZAP which has many new features and improvements
This page lists the extensions available for the previous version of ZAP - 1.4.
These can be added to ZAP by simply dropping them into the ZAP 'plugins' directory and restarting ZAP - you dont need to rebuild ZAP.
| Status | Ver | Name | Author | Description |
|---|---|---|---|---|
| Beta | 3 | scriptConsole | ZAP Core Team | Provides dynamic access to internal ZAP data structures |
| Beta | n/a | ultimateObsoleteFileDetection | Alex Ganelis & Dan Meged, Hacktics ASC, Ernst & Young | Advanced obsolete/hidden file detection (Installer/Plugin/Source) |
| Beta | 1.0.1 | Diviner | Shay Chen & Eran Tamari, Hacktics ASC, Ernst & Young | Predicts the structure of server memory, source code and indirect attack sequences |
| Beta | 7 | alertReport | Leandro Ferrari, TalSoft SRL | Report alert generator in pdf or odt format. |
| Beta | 2 | tokengen | ZAP Core Team | Allows you to generate and analyze pseudo random tokens, such as those used for session handling or CSRF protection. |
| Alpha | 1 | Ajax Spider | ZAP Core Team | Ajax Spider - full integration with Crawljax |
| Alpha | 1 | HTTP Parameter Pollution (HPP) Passive Scanner | ZAP Core Team | Flags FORMS with no target attributes |
| Alpha | 1 | HTTP Parameter Pollution (HPP) Active Scanner | ZAP Core Team | Injects HTTP malicious payloads in forms and links to identify HPP issues |
| Alpha | 1 | highlighter | ZAP Core Team | Allows you to highlight strings in the request and response tabs. |
| Alpha | 2 | InsecureAuthentication | ZAP Core Team (Colm O'Flaherty) | Insecure Authentication passive scanner |
| Alpha | 1 | DAPInjection | ZAP Core Team (Colm O'Flaherty) | LDAP Injection scanner |
| Alpha | 8 | SessionFixation | ZAP Core Team (Colm O'Flaherty) | Session Fixation scanner |
| Alpha | 1 | CSRF Countermeasures Scanner | ZAP Core Team | CSRF Countermeasures Scanner |
| Alpha | 1 | viewStatePscan | Alexandre Herzog, Compass Security | View State passive scanner |
| Alpha | 3 | SQL Injection Scanners | ZAP Core Team (Colm O'Flaherty) | SQL Injection Scanners (complete re-write), including generic, MySQL, Hypersonic/HSQL, Oracle, and now PostgreSQL specific scanners |
- Introduction
-
2.0 Add-ons
- Add-ons: Release
- Add-ons: Beta
-
Add-ons: Alpha
-
Active Scan Rules - alpha
-
Access Control Testing
-
All In One Notes
-
Authentication Statistics
- Browser View
- Bug Tracker
-
Code Dx
-
Community Scripts
- Custom Payloads
- Custom Report
- DOM XSS Active Scan Rule
- Export Report
-
Form Handler
-
Groovy Scripting
-
HTTPS Info Add-on
-
Open API Specification Support
-
Passive Scan Rules - alpha
-
Replacer
-
Revisit
-
Server-Sent Events
-
Sequence Scanner
-
Simple Example
-
SOAP Scanner
-
SNI Terminator
-
Technology Detection
-
TLS Debug
-
- Add-on Development
- Add-on Structure
- Add-on Debugging
- Examples
- Upgrade
- Code Structure
- 1.4 Add-ons
(This is work in progress;)