← All tools

OWASP ZAP

https://www.zaproxy.org

Open Source ◆ Kali Linux

Categories

Scanning & Enumeration Web Application

Description

OWASP's Zed Attack Proxy — one of the world's most popular free web application security scanners. Features active/passive scanning, spidering, fuzzing, and intercepting proxy.

Keywords

web application scanner proxy OWASP active scan passive scan spider API testing

Example Usage

zap.sh -daemon -port 8090 -config api.key=changeme
zap-cli --api-key changeme active-scan -u https://example.com

See also

dnsx

Open Source

Fast and multi-purpose DNS toolkit from ProjectDiscovery. Resolves domains, performs wildcard filter…

public-skills-builder

Free

Generate Claude Code bug bounty skills from public HackerOne reports and GitHub writeups — 18 vuln c…

Retire.js

Open Source

Detects the use of JavaScript libraries with known vulnerabilities. Available as a CLI tool, browser…

Burp Suite

Freemium Kali

Leading platform for web application security testing. The Community Edition includes an interceptin…

Burp Suite Extensions (BApp Store)

Freemium

Marketplace of extensions for Burp Suite covering active/passive scanning, custom insertion points, …

aaWAF

Open Source

…