The best open source alternative to Zed Attack Proxy (ZAP) is mitmproxy. If that doesn't suit you, our users have ranked more than 25 alternatives to Zed Attack Proxy (ZAP) and ten of them is open source so hopefully you can find a suitable replacement. Other interesting open source alternatives to Zed Attack Proxy (ZAP) are HTTP Toolkit, Lonkero, Nikto and w3af.
mitmproxy is an SSL-capable man-in-the-middle proxy for HTTP. It provides a console interface that allows traffic flows to be inspected and edited on the fly. It also features mitmdump, a commandline tool that provides a tcpdump-like interface for saving, viewing and...
HTTP Toolkit is a beautiful, cross-platform & open-source HTTP(S) debugging proxy, analyzer & client, with built-in support for modern tools and automatic interception for clients from Docker to Android to iOS.
Lonkero is a high-performance web vulnerability scanner built in Rust for penetration testers and bug bounty hunters who are tired of slow, bloated tools that generate hundreds of false positives.
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.
Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc.
James is a HTTP Proxy and Monitor that enables developers to view and intercept requests made from the browser. It is an open-source alternative to the popular developer tool Charles.
A fully automated, active web application security reconnaissance tool. Key features: High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
WHID Injector was born from the need for cheap and dedicated hardware that could be remotely controlled in order to conduct HID attacks. WHID stands for WiFi HID Injector. It is a cheap but reliable piece of hardware designed to fulfill pentesters needs related to HID Attacks...
Firefox add-on that lets you change headers and request parameters before they're sent to the server. Unlike proxy request modifiers, it's integrated into the browser, so it has no problem with HTTPS connections, client authentication certificates, or other features that...
Spain
EU
Finland
United States
United Kingdom