What is Zed Attack Proxy? Last Updated : 12 Jul, 2025 Summarize Comments Improve Suggest changes Share Like Article Like Report Zed Attack Proxy is an open-source security software written in Java programming language and released in 2010. It is used to scan web applications and find vulnerabilities in it. It was started as a small project by the Open Web Application Security Project (OWASP) and now it is the most active project maintained by thousands of individuals around the globe. It is available for Linux, Windows, and mac in 29 languages. It can also be used as a proxy server like a burp suite to manipulate the request including the HTTPS request. Daemon mode is also present in it which can later be controlled by REST API. Features: Passive ScannerAutomated ScannerProxy ServerPort IdentificationDirectory SearchingBrute Force AttackWeb CrawlerFuzzerWhy do we use Zed Attack Proxy? Zed Attack Proxy is used to detect vulnerabilities present on any web server and try to remove them. Here is some big vulnerability that could be present in the web server: SQL injectionCross-site scripting (XSS)Broken access controlSecurity miss-configurationBroken authenticationSensitive data exposureCross-site request forgery (CSRF)Using components with known vulnerabilities.Some Important Terminologies: Proxy Server: It is a server that acts as a mediator for clients who want to go through the request and want to alter them.Spider: It is a type of information gathering process in which the application in this case ZAP will go through the whole web page and try to find out all the links and other important details.Passive Scan: In this type of scanning the vulnerability is detected without getting in direct contact with the target machine.Active Scan: In this, the vulnerability is detected by getting in direct contact with the target machine which makes it very easy to be detected by the administrator.Working Process: First we set up the proxy server with any browser. The browser sends website data to the proxy server and then the browser inside the ZAP process the request and perform attacks and generates the report. Configuration Steps: Step 1: Download ZAP from https://www.zaproxy.org/download// by selecting the proper operating system.Step 2: Run the file and follow the instruction until the installation is complete.Steps to Run: Step 1: Open the application through the terminal or by clicking on the icon.Step 2: In the next step, select the first option and click start. Step 3: Now choose a target to scan and enter its web address in the green highlighted box and click attack. Step 4: Now you will have to wait for a few minutes to get the result. Comment More infoAdvertise with us Next Article HTTP Flood Attack G gluttony777 Follow Improve Article Tags : Ethical Hacking Network-security Cyber-security Similar Reads What is an Eclipse Attack? An eclipse attack is a cyberattack that targets peer-to-peer networks, particularly in blockchain technology. In this attack, a malicious actor isolates a victim node from the rest of the network, effectively "eclipsing" it. This allows the attacker to control the information the victim node receive 13 min read What is Proxy Trojan? A proxy Trojan is a type of computer virus that disguises itself as something else, such as a harmless file or website. When a user accesses it, the proxy Trojan hijacks their browser and sends the user to bogus websites or downloads malicious files. Proxy Trojans can be used in two ways: for steali 3 min read What is Proxy Server? A proxy server acts as a gateway between your device and the internet, masking your IP address and enhancing online privacy. But what exactly does it do, and why is it critical for businesses, developers, and everyday users? In this guide, we’ll break down proxy servers in simple terms exploring how 9 min read What is Zeus Malware? Malware is a malicious program designed to gain access to a computer system without the user's permission. Malware includes various types of unwanted programs such as computer viruses, worms, Trojans, ransomware, spyware, etc.You’re browsing the internet, and suddenly your computer starts acting str 8 min read HTTP Flood Attack Cyber crimes are increasing with the growing demand for the internet. With an increasing number of cybercrime cases reported each year, awareness of cyberattacks is very important. Cyber crimes/cyberattacks are done by hackers who unethically want to breach user data and steal sensitive information 9 min read Perform DDoS attack using Torshammer There are very few methods available which claim to be successful for DDoS or any type of network loss. Let's see one of such method to perform DDoS attack. This attack is really powerful and requires the only skill that you should know how to operate commands on Kali Linux Operating System. First o 3 min read Like