Zap Mcp

Name: Zap Mcp
Author: pierre3

by pierre3communityv1.1.0

This MCP server facilitates the integration of AI agents with OWASP ZAP for automated vulnerability scanning. It manages ZAP instances and provides tools for scanning, reporting, and context management.

From the registry: MCP server for OWASP ZAP vulnerability scanning with Docker management

GitHub Repository Website

Install & configure

Prerequisites

required
.NET 10 SDK
.NET 10 SDK required
```
$ dotnet tool install -g dotnet-zap-mcp
```
https://dotnet.microsoft.com/download/dotnet/10.0
optional
Docker
Docker with docker compose support (for built-in ZAP container management)
https://www.docker.com/

Install in your client

Paste into the AI you're chatting with — it will figure out the rest

Please install the `zap-mcp` MCP server into my current AI client (that's you).

Required prerequisites (do these first if not already done):
- **.NET 10 SDK** — .NET 10 SDK required Run: `dotnet tool install -g dotnet-zap-mcp` (https://dotnet.microsoft.com/download/dotnet/10.0)

Optional prerequisites:
- Docker — Docker with docker compose support (for built-in ZAP container management) (https://www.docker.com/)

Canonical MCP server config (stdio transport):
- command: `zap-mcp`
- args: []
- optional environment variables:
  - `ZAP_BASE_URL`: ZAP instance URL (if using existing ZAP) (example: `http://localhost:8090`)
  - `ZAP_API_KEY`: ZAP API key (if using existing ZAP) (example: `<your-zap-api-key>`)

Note: 45 tools for OWASP ZAP vulnerability scanning. Zero-config: DockerComposeUp starts ZAP automatically. Without env vars, ZAP container is auto-started via Docker.

Add this MCP server to my current client's config in the correct format for you. If you need secrets or credentials I haven't provided, ASK me — do not invent values or leave raw placeholders. After adding it, tell me how to verify the server is connected.

Note: 45 tools for OWASP ZAP vulnerability scanning. Zero-config: DockerComposeUp starts ZAP automatically. Without env vars, ZAP container is auto-started via Docker.

Tools (5)

DockerComposeUp

Starts the ZAP container and waits for it to become healthy.

StartSpider

Starts a spider scan to crawl and discover pages.

StartActiveScan

Starts an active vulnerability scan.

GetAlertsSummary

Retrieves alert counts by risk level.

GetHtmlReport

Generates an HTML scan report.

Environment variables

ZAP_BASE_URLrequiredThe base URL for the ZAP instance.

ZAP_API_KEYrequiredAPI key for authenticating with the ZAP instance.

Packages

dotnet-zap-mcp

nugetv1.1.0transport: stdio

Details

Language: C#
License: MIT
Released: Mar 31, 2026
Last commit: Mar 31, 2026
Registry name: io.github.pierre3/zap-mcp

Related Servers

Vet Mcp

Protect your AI agents and IDEs from malicious open-source packages.

1.1k

Lockbox

Encrypted secrets for Next.js. AES-256-GCM with no vault needed.

441

Skylos

Dead code, security, secrets detection and code quality for Python, TypeScript, Go.

441