🛡️ OWASP ZAP Scanner

Automated web application security scanner powered by OWASP ZAP

credits

Input

Required Options

Target URL The URL of the target application to scan

Scan Mode Type of security scan to perform

Scan Depth How deep to crawl and test the application

Authentication Type Authentication method for protected applications (Basic Auth only currently supported)

Username Username for authentication

Password Password for authentication

Custom Headers Custom HTTP headers (one per line, format: Header: Value)

User Agent Custom User-Agent string (leave empty for default)

Passive Scan Only Only perform passive scanning (no active attacks)

Follow Redirects Follow HTTP redirects during scanning

Rate Limit (req/sec) Maximum requests per second (0 = unlimited)

Maximum Crawl Depth Maximum depth to crawl (default: 10)

Maximum Children Maximum number of child nodes to crawl (default: 20)

Maximum Duration (minutes) Maximum scan duration in minutes (0 = no limit)

Context Name Name for the scanning context

Include URLs (Regex) Regular expressions for URLs to include (one per line)

Exclude URLs (Regex) Regular expressions for URLs to exclude (one per line)

Attack Mode Level of attack aggressiveness

Vulnerability Checks Select specific vulnerability types to check (select All for comprehensive scan)
Hold Ctrl/Cmd to select multiple

Alert Threshold Minimum risk level for alerts

Attack Strength Strength of attack tests

Technologies Known technologies used by target (helps optimize scan)
Hold Ctrl/Cmd to select multiple

Proxy Host

Proxy Port

Scan Timeout (minutes) Maximum time for scan execution

Estimated time: 600 seconds

Results