-
-
Notifications
You must be signed in to change notification settings - Fork 705
V1Extensions
thc202 edited this page Jun 24, 2015
·
2 revisions
Extensions are no longer available and were replaced with add-ons, you are strongly recommended to update to the latest version of ZAP which has many new features and improvements
This page lists the extensions available for the previous version of ZAP - 1.4.
These can be added to ZAP by simply dropping them into the ZAP 'plugins' directory and restarting ZAP - you dont need to rebuild ZAP.
| Status | Ver | Name | Author | Description |
|---|---|---|---|---|
| Beta | 3 | scriptConsole | ZAP Core Team | Provides dynamic access to internal ZAP data structures |
| Beta | n/a | ultimateObsoleteFileDetection | Alex Ganelis & Dan Meged, Hacktics ASC, Ernst & Young | Advanced obsolete/hidden file detection (Installer/Plugin/Source) |
| Beta | 1.0.1 | Diviner | Shay Chen & Eran Tamari, Hacktics ASC, Ernst & Young | Predicts the structure of server memory, source code and indirect attack sequences |
| Beta | 7 | alertReport | Leandro Ferrari, TalSoft SRL | Report alert generator in pdf or odt format. |
| Beta | 2 | tokengen | ZAP Core Team | Allows you to generate and analyze pseudo random tokens, such as those used for session handling or CSRF protection. |
| Alpha | 1 | Ajax Spider | ZAP Core Team | Ajax Spider - full integration with Crawljax |
| Alpha | 1 | HTTP Parameter Pollution (HPP) Passive Scanner | ZAP Core Team | Flags FORMS with no target attributes |
| Alpha | 1 | HTTP Parameter Pollution (HPP) Active Scanner | ZAP Core Team | Injects HTTP malicious payloads in forms and links to identify HPP issues |
| Alpha | 1 | highlighter | ZAP Core Team | Allows you to highlight strings in the request and response tabs. |
| Alpha | 2 | InsecureAuthentication | ZAP Core Team (Colm O'Flaherty) | Insecure Authentication passive scanner |
| Alpha | 1 | DAPInjection | ZAP Core Team (Colm O'Flaherty) | LDAP Injection scanner |
| Alpha | 8 | SessionFixation | ZAP Core Team (Colm O'Flaherty) | Session Fixation scanner |
| Alpha | 1 | CSRF Countermeasures Scanner | ZAP Core Team | CSRF Countermeasures Scanner |
| Alpha | 1 | viewStatePscan | Alexandre Herzog, Compass Security | View State passive scanner |
| Alpha | 3 | SQL Injection Scanners | ZAP Core Team (Colm O'Flaherty) | SQL Injection Scanners (complete re-write), including generic, MySQL, Hypersonic/HSQL, Oracle, and now PostgreSQL specific scanners |