ZAProxy
Version: 2.16.0
Release: 2025-01-10
Category: Security - Proxy Servers
Size: 271309Kb
Dependency: Requires Java 17 or higher to run
Not stealth:
Publisher: Checkmarx
Description:
Zed Attack Proxy (ZAP) by Checkmarx is a free, open-source penetration testing tool. ZAP is designed specifically for testing web applications and is both flexible and extensible.
At its core, ZAP is what is known as a “manipulator-in-the-middle proxy.” It stands between the tester’s browser and the web application so that it can intercept and inspect messages sent between browser and web application, modify the contents if needed, and then forward those packets on to the destination. It can be used as a stand-alone application, and as a daemon process.
If there is another network proxy already in use, as in many corporate environments, ZAP can be configured to connect to that proxy.
ZAP provides functionality for a range of skill levels – from developers, to testers new to security testing, to security testing specialists. ZAP has versions for each major OS and Docker, so you are not tied to a single OS. Additional functionality is freely available from a variety of add-ons in the ZAP Marketplace, accessible from within the ZAP client.
Because ZAP is open-source, the source code can be examined to see exactly how the functionality is implemented. Anyone can volunteer to work on ZAP, fix bugs, add features, create pull requests to pull fixes into the project, and author add-ons to support specialized situations.
Note:
License:
Apache License 2.0
https://github.com/zaproxy/zaproxy/blob/main/LICENSE