The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
Some of ZAP's features:
* Intercepting Proxy
* Automated scanner
* Passive scanner
* Brute Force scanner
* Spider
* Fuzzer
* Port scanner
* Dynamic SSL certificates
* API
* Beanshell integration