The passive scanner is provided by the Passive Scanner add-on, which allows to passively scan messages (e.g. HTTP, WebSocket) proxied/sent through/by ZAP.