← All tools

OWASP ZAP

https://www.zaproxy.org

Open Source ◆ Kali Linux

Categories

Scanning & Enumeration Web Application

Description

OWASP's Zed Attack Proxy — one of the world's most popular free web application security scanners. Features active/passive scanning, spidering, fuzzing, and intercepting proxy.

Keywords

web application scanner proxy OWASP active scan passive scan spider API testing

Example Usage

zap.sh -daemon -port 8090 -config api.key=changeme
zap-cli --api-key changeme active-scan -u https://example.com

See also

dnsx

Open Source

Fast and multi-purpose DNS toolkit from ProjectDiscovery. Resolves domains, performs wildcard filter…

GraphQL Voyager / InQL

Open Source

InQL is a Burp Suite and standalone GraphQL security scanner. Analyzes introspection queries, genera…

Evilginx2

Open Source

Standalone man-in-the-middle attack framework that bypasses 2FA by proxying authentication sessions …

Nmap

Open Source Kali

The industry-standard network scanner. Discovers hosts, open ports, services, OS versions, and runs …

WADComs.github.io

Open Source

WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and the…

UltimateCMSWordlists

Open Source

📚 An ultimate collection wordlists of the best-known CMS…