Content
# ZAP-MCP: Model Context Protocol for OWASP ZAP
A powerful integration between OWASP ZAP and AI models through the Model Context Protocol (MCP). This project enables AI-driven security testing by allowing AI models to directly interact with ZAP's scanning capabilities.
## Star History
[](https://www.star-history.com/#ajtazer/ZAP-MCP&Date)
## Overview
ZAP-MCP provides a bridge between AI models (like Claude) and OWASP ZAP, enabling automated security testing and analysis. It uses a client-server architecture where ZAP-MCP acts as the server, exposing standardized functions that can be called by AI models through the MCP protocol.
## Features
- **AI-Driven Security Testing**: Enable AI models to perform security scans and analysis
- **Real-time Scan Monitoring**: Track scan progress and get instant alerts
- **Automated Analysis**: Generate security reports and recommendations
- **Flexible Integration**: Works with various AI models through the MCP protocol
- **WebSocket Communication**: Real-time updates and interactions
## Prerequisites
- Python 3.8+
- OWASP ZAP running locally or remotely
- Claude Desktop App (or other MCP-compatible client)
## Installation
1. Clone the repository:
```bash
git clone https://github.com/tazer/ZAP-MCP.git
cd ZAP-MCP
```
2. Install dependencies:
```bash
pip install -r requirements.txt
```
3. Set up the MCP server:
```bash
./setup_mcp.sh
```
4. Configure ZAP-MCP:
- Copy `claude_desktop_config.json` to your Claude app's config directory
- Update the ZAP API key and URL in the config file
## Usage
1. Start the MCP server:
```bash
mcp-server --config claude_desktop_config.json --model-dir ./models
```
2. Configure your Claude desktop app:
- Open Claude app settings
- Enable MCP server integration
- Set the WebSocket URL to: `ws://localhost:7456/ws`
3. Start using ZAP-MCP:
- The Claude app will now have access to ZAP scanning tools
- You can request security scans, get alerts, and generate reports
## Available Tools
The MCP server exposes these ZAP-specific tools:
- `start_scan`: Start a new ZAP scan on a target URL
- `get_scan_status`: Check the status of a running scan
- `get_alerts`: Get all alerts from the current scan
- `get_scan_summary`: Get a summary of the current scan
## Configuration
The `claude_desktop_config.json` file contains all necessary settings:
```json
{
"mcp_server": {
"host": "localhost",
"port": 7456,
"model": "claude-instant-v1",
"max_tokens": 1000,
"temperature": 0.7,
"zap_api_key": "your-zap-api-key",
"zap_url": "http://localhost:8080"
},
"local_models": {
"path": "./models",
"prefer_local": true
},
"zap_settings": {
"scan_timeout": 300,
"max_concurrent_scans": 5,
"alert_threshold": "HIGH",
"scan_policy": "default"
}
}
```
## Development
This project was developed using Cursor AI, an intelligent coding assistant that helped streamline the development process and ensure code quality.
## Author
- **TAZER** - Initial work and maintenance
## License
This project is licensed under the MIT License - see the LICENSE file for details.
## Acknowledgments
- OWASP ZAP team for their excellent security testing tool
- Anthropic for Claude AI
- Cursor AI for their assistance in development
Connection Info
You Might Also Like
firecrawl
Firecrawl MCP Server enables web scraping, crawling, and content extraction.
markitdown
MarkItDown-MCP is a lightweight server for converting URIs to Markdown.
servers
Model Context Protocol Servers
Time
A Model Context Protocol server for time and timezone conversions.
Filesystem
Node.js MCP Server for filesystem operations with dynamic access control.
Sequential Thinking
A structured MCP server for dynamic problem-solving and reflective thinking.