ZAP

The ZAP by Checkmarx Core project (by zaproxy)

ZAP Alternatives

Similar projects and alternatives to ZAP

  1. ESLint

    430 ZAP VS ESLint

    Find and fix problems in your JavaScript code.

  2. InfluxDB

    InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

    InfluxDB logo
  3. Newman

    354 ZAP VS Newman

    Newman is a command-line collection runner for Postman

  4. mitmproxy

    166 ZAP VS mitmproxy

    An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

  5. Metasploit

    124 ZAP VS Metasploit

    Metasploit Framework

  6. semgrep

    82 ZAP VS semgrep

    Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

  7. bruno

    79 ZAP VS bruno

    Opensource IDE For Exploring and Testing Api's (lightweight alternative to postman/insomnia)

  8. john

    79 ZAP VS john

    John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

  9. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  10. lynis

    73 ZAP VS lynis

    Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

  11. SonarQube

    71 ZAP VS SonarQube

    Continuous Inspection

  12. masscan

    66 ZAP VS masscan

    TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

  13. SQLMap

    45 ZAP VS SQLMap

    Automatic SQL injection and database takeover tool

  14. Proxyman

    Modern. Native. Delightful Web Debugging Proxy for macOS, iOS, and Android ⚡️

  15. prowler

    28 ZAP VS prowler

    Prowler is an Open Cloud Security Platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more

  16. nuclei

    17 ZAP VS nuclei

    Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

  17. amass

    21 ZAP VS amass

    In-depth attack surface mapping and asset discovery

  18. ffuf

    20 ZAP VS ffuf

    Fast web fuzzer written in Go

  19. dirsearch

    12 ZAP VS dirsearch

    Web path scanner

  20. awesome-dva

    31 ZAP VS awesome-dva

    A curated list of "damn vulnerable apps" and exploitable VMs / wargames. See contributing.md for information.

  21. caido

    8 ZAP VS caido

    🚀 Caido releases, wiki and roadmap

  22. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better ZAP alternative or higher similarity.

ZAP discussion

Log in or Post with

ZAP reviews and mentions

Posts with mentions or reviews of ZAP. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2025-04-29.

Stats

Basic ZAP repo stats
71
13,602
9.3
4 days ago

zaproxy/zaproxy is an open source project licensed under Apache License 2.0 which is an OSI approved license.

ZAP is marked as "self-hosted". This means that it can be used as a standalone application on its own.

The primary programming language of ZAP is Java.


Sponsored
InfluxDB – Built for High-Performance Time Series Workloads
InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
www.influxdata.com

Did you know that Java is
the 8th most popular programming language
based on number of references?