MCP.so
Sign In

ZAP-MCP: Model Context Protocol for OWASP ZAP

@ajtazer

About ZAP-MCP: Model Context Protocol for OWASP ZAP

VIBE CODING 😈 lol

Basic information

Category

Other

Runtime

python

Transports

stdio

Publisher

ajtazer

Config

No standard config provided

This server doesn't expose a parseable MCP config block in its README. See the repository for install instructions.

Repository

Tools

4

Start a new ZAP scan on a target URL

Check the status of a running scan

Get all alerts from the current scan

Get a summary of the current scan

Overview

What is ZAP-MCP?

ZAP-MCP is a server that bridges AI models (like Claude) with OWASP ZAP through the Model Context Protocol (MCP). It enables AI-driven security testing by exposing standardized functions that AI models can call to perform scans, get alerts, and generate reports.

How to use ZAP-MCP?

Install dependencies with pip install -r requirements.txt, run ./setup_mcp.sh, and configure claude_desktop_config.json with your ZAP API key and URL. Start the MCP server with mcp-server --config claude_desktop_config.json --model-dir ./models, then configure your Claude desktop app to set the WebSocket URL to ws://localhost:7456/ws. After setup, Claude will have access to ZAP scanning tools.

Key features of ZAP-MCP

  • AI-driven security testing through LLM interaction
  • Real-time scan monitoring with instant alerts
  • Automated security report and recommendation generation
  • Flexible integration with various MCP-compatible AI models
  • WebSocket-based real-time updates and communication

Use cases of ZAP-MCP

  • Perform automated security scans on target URLs via AI commands
  • Monitor scan progress and retrieve alerts in real time
  • Generate security summaries and reports through natural language requests
  • Integrate AI-assisted penetration testing into development workflows

FAQ from ZAP-MCP

What is ZAP-MCP?

ZAP-MCP provides a bridge between AI models (like Claude) and OWASP ZAP, enabling automated security testing and analysis. It uses a client-server architecture where ZAP-MCP acts as the server, exposing standardized functions callable by AI models through the MCP protocol.

What are the prerequisites for using ZAP-MCP?

You need Python 3.8+, OWASP ZAP running locally or remotely, and the Claude Desktop App (or another MCP-compatible client).

How do I install ZAP-MCP?

Clone the repository, run pip install -r requirements.txt, execute ./setup_mcp.sh, then copy and edit claude_desktop_config.json to set your ZAP API key and URL.

What tools does ZAP-MCP expose?

The MCP server exposes four ZAP-specific tools: start_scan (start a scan on a URL), get_scan_status (check scan progress), get_alerts (get all alerts from the current scan), and get_scan_summary (get a summary of the current scan).

How is ZAP-MCP configured?

All settings are in claude_desktop_config.json, including MCP server host/port, model parameters, ZAP API key and URL, scan timeout, max concurrent scans, alert threshold, and scan policy.

Comments

More Other MCP servers