OWASP Zed Attack Proxy (ZAP) is an easy-to-use penetration testing tool for finding vulnerabilities in web applications.
It is designed for use by people with a wide range of security experiences and is therefore ideal for developers and security researchers who are new to penetration testing, as well as a useful addition as an experienced toolkit for security testing tools.
ZAP provides automated scanners as well as a set of tools that allow you to detect security vulnerabilities manually.
Some of the features of ZAP:
- Open source
- Cross-platform
- Easy to install
- Completely free
- Easy to use
- Contains help pages
- Translated into 12 languages
- You are growing rapidly by a large group of volunteers
Some of the features of ZAP:
- Intercepting Proxy
- Traditional and AJAX spiders
- Automatic scanners
- Passive scanners
- Compulsory tour
- Fuzzer
- Dynamic SSL certificates
- Smartcard and Client Digital Certificate support
- Web sockets support
- Support for a wide range of scripting languages
- Plug-n-Hack support
- Authentication and session support
- Powerful REST based API
- Automatic upgrade option
- Integrated and growing market for additives
Application snapshots
You will find a guide on how to operate ZAP here
You can download the program from here