Best ZAP MCP Servers

Zap (OWASP ZAP) is an open-source web application security scanner that helps find vulnerabilities in web applications during development and testing.

View all ZAP MCP Servers

Why this server?
Enables creation and validation of workflow diagrams using FlowZap's visual diagramming tool and FlowZap Code DSL, generating shareable playground URLs for workflow visualizations.
FlowZap MCP Server
Software Architecture CI/CD & DevOps Developer Tools
flowzap-xyz
A
security
A
license
-
quality
Enables AI assistants to create and validate workflow diagrams using FlowZap's text-based DSL. Generates shareable playground URLs for visualizing flowcharts, process diagrams, and CI/CD pipelines through natural language descriptions.
Last updated 4 days ago
7
151
2
MIT
Why this server?
Offers full integration with OWASP ZAP proxy for processing requests, conducting spider scans, performing active security scanning, and managing vulnerability alerts.
VulneraMCP
Penetration Testing Security Testing & QA Tools
telmon95
A
security
A
license
-
quality
AI-powered bug bounty hunting platform that integrates security tools (OWASP ZAP, Caido, Burp Suite) for automated reconnaissance, vulnerability testing, JavaScript analysis, and finding management with PostgreSQL storage.
Last updated 4 months ago
47
26
MIT
Why this server?
Provides tools for dynamic application security testing (DAST) using OWASP ZAP to identify vulnerabilities in running web applications.
DevSecOps MCP Server
Testing & QA Tools Security Developer Tools
JesusDavidQuarksoft
A
security
A
license
-
quality
An MCP server that integrates SAST, DAST, and SCA security tools to enable AI-driven vulnerability scanning and automated security reporting. It allows AI assistants to execute and analyze results from tools like Semgrep, OWASP ZAP, and Trivy within a DevSecOps workflow.
Last updated 2 months ago
6
MIT
Why this server?
Leverages OWASP ZAP for web application penetration testing including SQL injection, XSS, and CSRF vulnerability detection
MCP Shamash
Security Penetration Testing Testing & QA Tools
NeoTecDigital
A
security
F
license
-
quality
Enables security auditing, penetration testing, and compliance validation with tools like Semgrep, Trivy, Gitleaks, and OWASP ZAP. Features strict project boundary enforcement and supports OWASP, CIS, and NIST compliance frameworks.
Last updated a month ago
7
Why this server?
Integrates with OWASP ZAP (Zed Attack Proxy) to provide AI-powered security testing capabilities including active scans, passive analysis, AJAX spider scans, vulnerability reporting, and session management for web application security assessment.
ZAP MCP Server
Penetration Testing Testing & QA Tools Security
LisBerndt
-
security
A
license
-
quality
Integrates OWASP ZAP security testing with AI assistants through MCP, enabling automated vulnerability scanning and AI-powered security analysis during development. Supports multiple scan types including active, passive, and AJAX spider scans with real-time status updates.
Last updated 4 months ago
5
MIT
Why this server?
Integrates with OWASP ZAP to perform dynamic application security testing (DAST) against running web components to identify potential security exposures.
VibeShift
Testing & QA Tools Security Autonomous Agents
GroundNG
-
security
A
license
-
quality
An automated security engineer that integrates with AI coding assistants to perform vulnerability scanning, static analysis, and AI-driven remediation. It also provides tools for recording and executing self-healing web tests using Playwright, including visual regression and test discovery.
Last updated 4 months ago
67
Apache 2.0
Why this server?
Conducts Dynamic Application Security Testing (DAST) to identify security vulnerabilities in running web applications through automated scanning.
Security MCP Server
Security Code Analysis Testing & QA Tools
michoo
-
security
A
license
-
quality
Enables security scanning of codebases through integrated tools for secret detection, SCA, SAST, and DAST vulnerabilities, with AI-powered remediation suggestions based on findings.
Last updated 6 months ago
MIT
Why this server?
Runs dynamic application security testing (DAST) for web applications using the integrated OWASP ZAP tool.
Sentinel MCP Server
Security Testing & QA Tools Code Analysis
pranjal-lnct
-
security
F
license
-
quality
Sentinel is an enterprise-grade security server that integrates tools like Semgrep, Trivy, and Gitleaks via Docker to perform automated vulnerability scanning and compliance checks. It enables users to conduct static analysis, secret detection, and AI-powered threat modeling directly through Model Context Protocol-compatible IDEs.
Last updated 4 months ago
1
Why this server?
Provides tools for controlling OWASP ZAP, allowing AI agents to execute Active Scans and AJAX Spider tasks for comprehensive web security testing.
pentestMCP
Penetration Testing Security Autonomous Agents
RamKansal
-
security
F
license
-
quality
An MCP server that exposes over 20 standard penetration testing utilities, such as Nmap, SQLMap, and OWASP ZAP, as callable tools for AI agents. It enables natural language control over complex security workflows for automated and interactive penetration testing.
Last updated 22 days ago
55