zap
« Back to VersTracker
Description:
Free and open source web app scanner
Type: Cask  |  Latest Version: 2.17.0@0  |  Tracked Since: Dec 17, 2025
Links: Homepage  |  @zaproxy  |  formulae.brew.sh
Category: Security
Tags: security web-scanner proxy penetration-testing owasp
Install: brew install --cask zap
About:
OWASP ZAP is a powerful web application security scanner that helps developers and security professionals find vulnerabilities in web apps and APIs. It acts as an intercepting proxy, allowing users to inspect and modify traffic between the browser and the target application. The tool automates the process of detecting common security flaws like SQL injection and cross-site scripting.
Key Features:
  • Automated scanner for finding common vulnerabilities
  • Intercepting proxy for manual testing and traffic analysis
  • Extensible via add-ons and scripting
  • REST API for integration into CI/CD pipelines
  • Active and passive scanning modes
Use Cases:
  • Security auditing of web applications during development
  • Penetration testing and vulnerability assessments
  • Automated security checks in CI/CD workflows
  • Learning and training for web application security
Alternatives:
  • Burp Suite – Burp Suite is a popular alternative with a more polished UI and advanced features in its paid version, whereas ZAP is fully open source and free.
  • Nikto – Nikto is a command-line web server scanner focused on quick misconfiguration checks, while ZAP provides a comprehensive GUI and in-depth testing capabilities.
Version History
Detected Version Rev Change Commit
Dec 17, 2025 9:52am 2.17.0 0 VERSION_BUMP cd81d450
« Back to VersTracker  |  Browse Packages  |  About