README 2.16 KB
Newer Older
Sophie Brun's avatar
Sophie Brun committed
1
2
3
4
5
6
7
8
9
10
11
Welcome to the OWASP Zed Attack Proxy
=====================================
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free 
security tools and is actively maintained by hundreds of international 
volunteers. 
It can help you automatically find security vulnerabilities in your web 
applications while you are developing and testing your applications. 
Its also a great tool for experienced pentesters to use for manual security 
testing.

For more details on ZAP please goto the home page:
Sophie Brun's avatar
Sophie Brun committed
12
	https://www.zaproxy.org/
Sophie Brun's avatar
Sophie Brun committed
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
	
We welcome feedback, either via the Issues, User Group or Developer Group.
ZAP is also a community based project, and contributions are welcomed.
See the ZAP wiki for more information.

How to start ZAP
----------------
There are 3 options on Windows:

* Via the desktop icon (assuming you selected this option during installation)
* Via the 'Start' menu:
    All Programs / OWASP / Zed Attack Proxy / ZAP <version> 
* Via the 'zap.bat' command line script in the installation directory 

Linux

On Linux there's just a 'zap.sh' script in the installation directory, although
you can create a desktop icon manually as well.

Mac OS

Generally, most user's tend to use the Mac OS build, which is a ordinary Mac OS
app that can be started as any other app: Double-Click on the app to start it. 
You can use the 'zap.sh' script, as per linux.

Docker

ZAP is available on https://hub.docker.com/r/owasp/zap2docker-stable/
For more details of how you can use it see 
Sophie Brun's avatar
Sophie Brun committed
42
https://www.zaproxy.org/docs/docker/ 
Sophie Brun's avatar
Sophie Brun committed
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

Headless Environment
--------------------

By default ZAP will be started with a GUI which is not supported in headless
environments, in those cases ZAP needs to be started inline, using the command
line argument '-cmd', or in daemon mode, using '-daemon'.
For more information about the command line arguments use '-help'.
ZAP will show an information message and exit, if still started with GUI.

Java API
--------

The Java API is no longer packaged with this release.

You can download the latest version from:
https://github.com/zaproxy/zap-api-java/releases
 
It is also available on Maven Central:
 - GroupId: 'org.zaproxy'
 - ArtifactId: 'zap-clientapi'