Is Owasp Zap MCP Server Demo safe to use?

Owasp Zap MCP Server Demo has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Owasp Zap MCP Server Demo?

Owasp Zap MCP Server Demo can be installed by cloning its GitHub repository and following the setup instructions in the README.

What can Owasp Zap MCP Server Demo do?

Owasp Zap MCP Server Demo provides 1 tool: Prerequisites. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Owasp Zap MCP Server Demo?

Owasp Zap MCP Server Demo is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is Owasp Zap MCP Server Demo actively maintained?

Owasp Zap MCP Server Demo is not actively maintained — last commit was 418 days ago. It has 15 GitHub stars.

Owasp Zap MCP Server Demo

Name: Owasp Zap MCP Server Demo
Author: shadsidd

by shadsidd

15 1 tool GitHub

No known CVEs

No license

Stale

Last commit 418d ago

Works with most clients

Transport: stdio

1 tool · ~21 tok

Grade A · 0.0% of 200K ctx

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "owasp-zap-mcp-server-demo": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/owasp-zap-mcp-server-demo)](https://mcppedia.org/s/owasp-zap-mcp-server-demo)

Read me

What Owasp Zap MCP Server Demo does

A WebSocket-based Mission Control Protocol (MCP) server for OWASP ZAP security scanning, enabling real-time control and monitoring of security assessments.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

59/100across 5 weighted dimensions

How we score →

0255075100

−41

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (1)

Click any tool to inspect its schema.

~21 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Owasp Zap MCP Server Demo safe to use?: Owasp Zap MCP Server Demo has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Owasp Zap MCP Server Demo?: Owasp Zap MCP Server Demo can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can Owasp Zap MCP Server Demo do?: Owasp Zap MCP Server Demo provides 1 tool: Prerequisites. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Owasp Zap MCP Server Demo?: Owasp Zap MCP Server Demo is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Owasp Zap MCP Server Demo actively maintained?: Owasp Zap MCP Server Demo is not actively maintained — last commit was 418 days ago. It has 15 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Nothumanallowed91

Security-first platform for AI agents. 38 specialized agents, 15 AI-powered extensions, zero-knowledge multi-agent orchestration. SENTINEL WAF, Ed25519 auth, 2.6M grounding facts.

97 5

MCP Security Weekly

Get CVE alerts and security updates for Owasp Zap MCP Server Demo and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "owasp-zap-mcp-server-demo": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/owasp-zap-mcp-server-demo)](https://mcppedia.org/s/owasp-zap-mcp-server-demo)

Read me

What Owasp Zap MCP Server Demo does

A WebSocket-based Mission Control Protocol (MCP) server for OWASP ZAP security scanning, enabling real-time control and monitoring of security assessments.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

OWASP MCP Server

A WebSocket-based Mission Control Protocol (MCP) server for OWASP ZAP security scanning, enabling real-time control and monitoring of security assessments.

Prerequisites

Python 3.8+
OWASP ZAP 2.12.0+
Java Runtime Environment (JRE) 8+
Sudo/Administrator privileges (required for ZAP)

Why MCP Server?

Feature	MCP Server	ZAP UI	ZAP API
Automation	✅ Full	❌ Limited	✅ Basic
Real-time Updates	✅ WebSocket	✅ Visual	❌ Polling
CI/CD Integration	✅ Native	❌ Manual	✅ Complex
Batch Processing	✅ Yes	❌ No	✅ Limited
Learning Curve	🟡 Medium	🟢 Easy	🔴 Hard
Progress Tracking	✅ Real-time	✅ Visual	❌ Manual
Multiple Domains	✅ Concurrent	❌ Sequential	🟡 Limited
Error Handling	✅ Robust	✅ Basic	❌ Manual

Core Components

mcp_server.py - The engine that powers everything. Start this first - it's your security scanning powerhouse that connects to OWASP ZAP.
mcp_client.py - The brains behind the operation. A powerful SDK that other components use to talk to the server (you won't use this directly).
mcp_cli.py - Your go-to command line tool for scanning. Think of it as your Swiss Army knife for security scanning - simple to use, yet powerful.
test_client.py - A learning tool that shows you the ropes. Perfect for understanding how everything works or testing your setup.

Quick Start

Install OWASP ZAP: Download from https://www.zaproxy.org/download/

Setup Project:

git clone https://github.com/shadsidd/Owasp-Zap-MCP-Server-Demo.git
cd Owasp-Zap-MCP-Server-Demo
python -m venv venv
source venv/bin/activate  # Windows: .\venv\Scripts\activate
pip install -r requirements.txt

Start ZAP (requires sudo/admin privileges):

# macOS/Linux
sudo /Applications/ZAP.app/Contents/Java/zap.sh -daemon -port 8080

# Windows (as Administrator)
"C:\Program Files\OWASP\Zed Attack Proxy\zap.bat" -daemon -port 8080

Start MCP Server:
```
python mcp_server.py
```

Use the CLI:

# Quick spider scan (passive)
python mcp_cli.py scan example.com

# Full active scan (comprehensive)
python mcp_cli.py fullscan example.com

# Specific scan type with HTML report
python mcp_cli.py scan --scan-type=active --output=html example.com

# Multiple domains scan
python mcp_cli.py scan domain1.com domain2.com

# Scan from file
python mcp_cli.py scan -f domains.txt

Example Files

The examples/ directory contains scripts demonstrating key features:

Security Scanning

basic_scan.py - Core scanning with error handling
authenticated_scan.py - Form-based and other authentication methods
scan_domains.py - Concurrent scanning of multiple domains
custom_scan_policy.py - Custom rules and thresholds

Integration & Monitoring

ci_cd_integration.py - CI/CD pipeline integration
real_time_monitor.py - Live progress and alert monitoring
team_notifications.py - Email, Slack, and Teams notifications
custom_rules.py - Specialized security rules

Important Notes

Sudo Requirements:
- OWASP ZAP requires sudo/administrator privileges to run
- You will be prompted for your password when starting ZAP
Port Configuration:
- ZAP uses port 8080 by default
- MCP Server uses port 3000
- Ensure these ports are not in use before starting

Common Issues:

If you see "Address already in use" error:

# Check what's using port 8080
sudo lsof -i :8080
# Kill the process if needed
sudo kill -9 <PID>

If ZAP fails to start, try:

# Clear any existing ZAP processes
pkill -f zap

Scan Types

The MCP Server supports multiple scan types:

Spider Scan (Default): Crawls the website to discover content, fastest but f

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

59/100across 5 weighted dimensions

How we score →

0255075100

−41

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (1)

Click any tool to inspect its schema.

~21 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Owasp Zap MCP Server Demo safe to use?: Owasp Zap MCP Server Demo has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Owasp Zap MCP Server Demo?: Owasp Zap MCP Server Demo can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can Owasp Zap MCP Server Demo do?: Owasp Zap MCP Server Demo provides 1 tool: Prerequisites. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Owasp Zap MCP Server Demo?: Owasp Zap MCP Server Demo is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Owasp Zap MCP Server Demo actively maintained?: Owasp Zap MCP Server Demo is not actively maintained — last commit was 418 days ago. It has 15 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Nothumanallowed91

Security-first platform for AI agents. 38 specialized agents, 15 AI-powered extensions, zero-knowledge multi-agent orchestration. SENTINEL WAF, Ed25519 auth, 2.6M grounding facts.

97 5

MCP Security Weekly

Get CVE alerts and security updates for Owasp Zap MCP Server Demo and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?