Best ZAP MCP Servers
Zap (OWASP ZAP) is an open-source web application security scanner that helps find vulnerabilities in web applications during development and testing.
Why this server?
Provides tools for dynamic application security testing (DAST) using OWASP ZAP to identify vulnerabilities in running web applications.
AlicenseBqualityDmaintenanceAn MCP server that integrates SAST, DAST, and SCA security tools to enable AI-driven vulnerability scanning and automated security reporting. It allows AI assistants to execute and analyze results from tools like Semgrep, OWASP ZAP, and Trivy within a DevSecOps workflow.Last updated6MITWhy this server?
Enables creation and validation of workflow diagrams using FlowZap's visual diagramming tool and FlowZap Code DSL, generating shareable playground URLs for workflow visualizations.
AlicenseAqualityDmaintenanceEnables AI assistants to create and validate workflow diagrams using FlowZap's text-based DSL. Generates shareable playground URLs for visualizing flowcharts, process diagrams, and CI/CD pipelines through natural language descriptions.Last updated7824MITWhy this server?
Offers full integration with OWASP ZAP proxy for processing requests, conducting spider scans, performing active security scanning, and managing vulnerability alerts.
AlicenseBqualityDmaintenanceAI-powered bug bounty hunting platform that integrates security tools (OWASP ZAP, Caido, Burp Suite) for automated reconnaissance, vulnerability testing, JavaScript analysis, and finding management with PostgreSQL storage.Last updated4734MITWhy this server?
Integrates OWASP ZAP for dynamic application security testing (DAST) with support for multiple authentication modes and parallel scanning.
Why this server?
Leverages OWASP ZAP for web application penetration testing including SQL injection, XSS, and CSRF vulnerability detection
FlicenseBqualityDmaintenanceEnables security auditing, penetration testing, and compliance validation with tools like Semgrep, Trivy, Gitleaks, and OWASP ZAP. Features strict project boundary enforcement and supports OWASP, CIS, and NIST compliance frameworks.Last updated7Why this server?
Integrates OWASP ZAP for dynamic application security testing (DAST) to perform automated security scans on web applications.
Alicense-qualityDmaintenanceIntegrates SAST, DAST, IAST, and SCA security testing tools for AI-powered DevSecOps automation, enabling comprehensive security scanning and reporting through natural language interfaces.Last updated16MITWhy this server?
Integrates with OWASP ZAP to perform dynamic application security testing (DAST) against running web components to identify potential security exposures.
Alicense-qualityDmaintenanceAn automated security engineer that integrates with AI coding assistants to perform vulnerability scanning, static analysis, and AI-driven remediation. It also provides tools for recording and executing self-healing web tests using Playwright, including visual regression and test discovery.Last updated68Apache 2.0Why this server?
Integrates with OWASP ZAP (Zed Attack Proxy) to provide AI-powered security testing capabilities including active scans, passive analysis, AJAX spider scans, vulnerability reporting, and session management for web application security assessment.
Alicense-qualityCmaintenanceIntegrates OWASP ZAP security testing with AI assistants through MCP, enabling automated vulnerability scanning and AI-powered security analysis during development. Supports multiple scan types including active, passive, and AJAX spider scans with real-time status updates.Last updated5MITWhy this server?
Conducts Dynamic Application Security Testing (DAST) to identify security vulnerabilities in running web applications through automated scanning.
Alicense-qualityBmaintenanceEnables security scanning of codebases through integrated tools for secret detection, SCA, SAST, and DAST vulnerabilities, with AI-powered remediation suggestions based on findings.Last updatedMIT