A set of add-ons that we think are ideal for pentesters. You can just install this add-on which will automatically install all of the add-ons below.
This add-on includes the ZAP fuzzer which is included by default in the main release but is not included in the Core release.
Add-ons included:
| Access Control Testing | Adds a set of tools for testing access control in web applications. |
| Attack Surface Detector | The Attack Surface Detector analyzes web application source code to generate endpoints that can be used for penetration testing. |
| Custom Payloads | Ability to add, edit or remove payloads that are used i.e. by active scan rules |
| Eval Villain | Adds the Eval Villain extension to Firefox when launched from ZAP. |
| FileUpload | Detect File upload requests and scan them to find related vulnerabilities |
| FuzzDb Files | FuzzDB files which can be used with the ZAP fuzzer |
| Fuzzer | Advanced fuzzer for manual testing |
| JSON View | Adds a view that shows JSON messages nicely formatted |
| JWT Support | Detect JWT requests and scan them to find related vulnerabilities |
| Requester | Request numbered panel. |
| SVN Digger Files | SVN Digger files which can be used with ZAP forced browsing |
| ViewState | ASP/JSF ViewState Decoder and Editor |
| Wappalyzer - Technology Detection | Technology detection using Wappalyzer: wappalyzer.com |
If your favourite pentesting add-on is not included then let us know via the ZAP User Group.