OWASP Zed Attack Proxy

OWASP Zed Attack Proxy, often referred to as ZAP, is a software for web application penetration testing. It integrates a MiTM proxy, web crawler and a vulnerability scanner. It is also a fork of Paros proxy.

ZAP is considered as a flagship project of OWASP and has been selected for OWASP project reboot 2012 to refresh, revitalize & update its projects. There were three ZAP related projects in Google Summer of Code 2012. ZAP 2.0 has been released on January 2013, with lots of additional features and improvements.

There are separate builds of ZAP for Linux, Mac OS X and Windows platforms. Functionality of ZAP can be extended using ZAP extensions.

Features

 * Intercepting Proxy
 * Active and Passive scanning facility
 * Brute Force scanner
 * Spider
 * Fuzzer
 * Port Scanner
 * Dynamic SSL certificates
 * API
 * Beanshell integration

Reporting results
ZAP can
 * Export messages and reports as text file
 * Export all URLs as text or HTML file
 * Generate HTML or XML Reports
 * Save, restore and compare entire sessions

Awards
ZAP has been the 2011 Toolsmith Tool of the Year.