https://github.com/zaproxy/zaproxy

The ZAP by Checkmarx Core project
https://github.com/zaproxy/zaproxy

appsec dast hacktoberfest security security-scanner zap zap-development zaproxy

Last synced: 7 days ago
JSON representation

The ZAP by Checkmarx Core project

• Host: GitHub
• URL: https://github.com/zaproxy/zaproxy
• Owner: zaproxy
• License: apache-2.0
• Created: 2015-06-03T16:55:01.000Z (almost 10 years ago)
• Default Branch: main
• Last Pushed: 2024-10-28T17:23:15.000Z (6 months ago)
• Last Synced: 2024-10-29T11:13:06.403Z (6 months ago)
• Topics: appsec, dast, hacktoberfest, security, security-scanner, zap, zap-development, zaproxy
• Language: Java
• Homepage: https://www.zaproxy.org
• Size: 189 MB
• Stars: 12,667
• Watchers: 396
• Forks: 2,262
• Open Issues: 819
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Security: SECURITY.md

Awesome Lists containing this project

• awesome-devsecops - Zed Attack Proxy (ZAP) - _OWASP_ - An open-source web application vulnerability scanner, including an API for CI/CD integration. (Tools / Dynamic Analysis)
• awesome-hacking - official OWASP ZAP
• awesome-devsecops - Zed Attack Proxy (ZAP) - _OWASP_ - An open-source web application vulnerability scanner, including an API for CI/CD integration. (Tools / Dynamic Analysis)
• awesome-bugbounty-tools - OWASP ZAP - World’s most popular free web security tools and is actively maintained by a dedicated international team of volunteers (Miscellaneous / Vulnerability Scanners)
• awesome-repositories - zaproxy/zaproxy - The ZAP by Checkmarx Core project (Java)
• awesome-testing - OWASP ZAP - This intercepting proxy allows you to see all HTTP traffic and manipulate it in real time. Easy to scan, catalog and exploit security issues. (Software / Security)
• sickTools - x
• WebHackersWeapons - ZAP - audit`](/categorize/tags/live-audit.md) [`crawl`](/categorize/tags/crawl.md)|[](/categorize/langs/Java.md)| (Weapons / Tools)
• awesome-java-security - OWASP ZAP - Helps automatically find security vulnerabilities in your web applications. (Runtime Analysis)
• awesome-termux-hacking - zaproxy - The OWASP ZAP core project.[](https://github.com/zaproxy/zaproxy/stargazers/) (Uncategorized / Uncategorized)
• awesome-devsecops-russia - OWASP ZAP
• awesome-php - Zap - An integrated penetration testing tool for web applications. (Table of Contents / Security)
• MobileHackersWeapons - zaproxy
• awesome - zaproxy/zaproxy - The ZAP by Checkmarx Core project (Java)
• awesome-hacking - official OWASP ZAP
• awesome-hacking-lists - zaproxy/zaproxy - The ZAP by Checkmarx Core project (Java)
• StarryDivineSky - zaproxy/zaproxy
• awesome-docker - zaproxy/zaproxy
• awesome-docker - zaproxy/zaproxy

README

        
# [![](https://raw.githubusercontent.com/wiki/zaproxy/zaproxy/images/zap-by-checkmarx.png)](https://www.zaproxy.org)

[![License](https://img.shields.io/badge/license-Apache%202-4EB1BA.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)

[![GitHub release](https://img.shields.io/github/release/zaproxy/zaproxy.svg)](https://www.zaproxy.org/download/)

[![Java CI](https://github.com/zaproxy/zaproxy/actions/workflows/ci.yml/badge.svg)](https://github.com/zaproxy/zaproxy/actions/workflows/ci.yml)

[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/24/badge)](https://bestpractices.coreinfrastructure.org/projects/24)

[![Github Releases](https://img.shields.io/github/downloads/zaproxy/zaproxy/latest/total.svg?maxAge=2592000)](https://zapbot.github.io/zap-mgmt-scripts/downloads.html)

[![javadoc](https://javadoc.io/badge2/org.zaproxy/zap/javadoc.svg)](https://javadoc.io/doc/org.zaproxy/zap)

[![CodeQL](https://github.com/zaproxy/zaproxy/actions/workflows/codeql.yml/badge.svg)](https://github.com/zaproxy/zaproxy/actions/workflows/codeql.yml)

[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=zaproxy_zaproxy&metric=alert_status)](https://sonarcloud.io/dashboard?id=zaproxy_zaproxy)

[![Open Source Helpers](https://www.codetriage.com/zaproxy/zaproxy/badges/users.svg)](https://www.codetriage.com/zaproxy/zaproxy)

[![Twitter Follow](https://img.shields.io/twitter/follow/zaproxy.svg?style=social&label=Follow&maxAge=2592000)](https://twitter.com/zaproxy)

![Integration Tests](https://github.com/zaproxy/zaproxy/actions/workflows/run-integration-tests.yml/badge.svg)

![Docker Live Release](https://github.com/zaproxy/zaproxy/actions/workflows/release-live-docker.yml/badge.svg)

The Zed Attack Proxy (ZAP) by Checkmarx is the world’s most widely used web app scanner. 

Free and open source. A community based GitHub Top 1000 project that anyone can contribute to.

It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. 

It's also a great tool for experienced pentesters to use for manual security testing.

[![](https://raw.githubusercontent.com/wiki/zaproxy/zaproxy/images/ZAP-Download.png)](https://www.zaproxy.org/download/)

For more details about ZAP see the website: [zaproxy.org](https://www.zaproxy.org/)

[![](https://raw.githubusercontent.com/wiki/zaproxy/zaproxy/images/zap-website.png)](https://www.zaproxy.org/)