Zap
Createddtkmn
Orchestrates OWASP ZAP actions, such as spidering, active scanning, and report generation, via an MCP server.
About
This Spring Boot application exposes OWASP ZAP's powerful security testing capabilities as an MCP (Model Context Protocol) server. It allows any MCP-compatible AI agent, like Claude Desktop or Cursor, to easily integrate ZAP into their workflows. Users can leverage the tool to spider websites, perform active scans, import OpenAPI specifications, and generate comprehensive security reports, all orchestrated through a user-friendly MCP interface.
Key Features
- Dockerized for easy deployment
- Generates HTML/JSON security reports
- Imports OpenAPI specs for targeted active scanning
- Secured with API keys for both ZAP and the MCP server
- Exposes ZAP actions as MCP tools
- 0 GitHub stars
Use Cases
- Integrating security scans into CI/CD pipelines
- Automated security testing within AI agent workflows
- Performing security assessments based on OpenAPI definitions