ZAP (Zed Attack Proxy)

LSE top 100LSE top 100ZAP (38)ZAP (38)

Tool and Usage

Project details

Apache License 2.0
Programming language
Simon Bennetts
Latest release
Latest release date

Project health

This score is calculated by different factors, like project age, last release date, etc.


ZAP is an intercepting proxy of web traffic. You will need to configure your browser to connect to the web application you wish to test through ZAP.

Note: Zed Attack Proxy, or ZAP, is also known as zaproxy.

Usage and audience

ZAP is commonly used for penetration testing, security assessment, software testing, or web application analysis. Target users for this tool are pentesters and security professionals.

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + More than 50 contributors
  • + More than 8000 GitHub stars
  • + Many maintainers
  • + The source code of this software is available


  • - Many reported issues are still open

History and highlights

  • Demo at Black Hat Europe 2016 Arsenal

Author and Maintainers

ZAP is under development by Simon Bennetts. This project is currently maintained by Akshath Kothari, Nirojan Selvanathan, Rick Mitchell, Simon Bennetts.


Supported operating systems

ZAP is known to work on Linux, Microsoft Windows, and macOS.

ZAP alternatives

Similar tools to ZAP:



Web Application Security Scanner aimed towards helping users evaluate the security of web applications



Yasuo is a Ruby script that scans for vulnerable and exploitable third-party web applications.



SQLMate is a security tool that calls itself a friend of SQLMap. It has similar functionality, yet comes with additional features like finding an admin panel and improved hash cracking. The tool can find possible vulnerable targets, with the option to save the results and feed it to others, like SQLMap.

All ZAP alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.