Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/zaproxy/community-scripts

A collection of ZAP scripts and tips provided by the community - pull requests very welcome!
https://github.com/zaproxy/community-scripts

appsec dast scripts tips webappsec zaproxy

Last synced: 3 months ago
JSON representation

A collection of ZAP scripts and tips provided by the community - pull requests very welcome!

Host: GitHub
URL: https://github.com/zaproxy/community-scripts
Owner: zaproxy
License: apache-2.0
Created: 2015-01-02T13:39:26.000Z (almost 10 years ago)
Default Branch: main
Last Pushed: 2024-07-25T15:01:29.000Z (4 months ago)
Last Synced: 2024-07-25T17:18:37.134Z (4 months ago)
Topics: appsec, dast, scripts, tips, webappsec, zaproxy
Language: JavaScript
Homepage:
Size: 1.79 MB
Stars: 761
Watchers: 58
Forks: 235
Open Issues: 7
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

WebHackersWeapons - community-scripts - scripts?label=%20)||![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)[![JavaScript](/images/javascript.png)](/categorize/langs/JavaScript.md)| (Weapons / Burpsuite, Caido and ZAP Addons)

README

# Community Scripts

A collection of ZAP scripts provided by the community, i.e. you lot :)

The easiest way to use this repo in ZAP is to install the 'Community Scripts' add-on from the ZAP Marketplace.

> [!CAUTION]
> While we do review all scripts to ensure they don't do anything obviously malicious, you should still review them and use them with caution.

If you might want to contribute to the repo then you can also clone it to a local directory and then add that to ZAP using the Options / Scripts screen.

Please upload your scripts via pull requests!

For more information on ZAP scripts:
* Display the [`Scripts Tab`](https://www.zaproxy.org/docs/desktop/addons/script-console/tree/) by `View->Show Tab->Scripts Tab` to manage the scripts.
* https://www.zaproxy.org/docs/desktop/addons/script-console/
* https://github.com/zaproxy/zaproxy/wiki/InternalScripting

To discuss any aspect of ZAP scripting please join the zaproxy-scripts group: http://groups.google.com/group/zaproxy-scripts

**Note**: For .py scripts to be visible, you must have the [Python Scripting](https://www.zaproxy.org/docs/desktop/addons/python-scripting/) add-on installed. Same with Ruby, Kotlin, etc.

Please ensure that scripts submitted have the correct extension for the language they are written in.

All scripts in the repo are released under the Apache v2.0 license.

You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0

By submitting your scripts to this repo you are releasing them under the Apache v2.0 license, however you may optionally also release them under more lenient licenses via comments in the scripts.

## Building

This project uses Gradle to build the ZAP add-on, simply run:

./gradlew build

in the main directory of the project, the add-on will be placed in the directory `build/zapAddOn/bin/`.

## Official Videos

* [ZAP In Ten: Introduction to Scripting](https://play.sonatype.com/watch/7gR4qYzUZ686wEDMBfxGdf) (9:33)
* [ZAP Deep Dive: Scripting ZAP](https://www.youtube.com/watch?v=ujL6rH6nVXI) (28:34)

Note that there are videos for some of the specific script types linked from the relevant READMEs.