CCM
/MCP
SkillsMCPMarketplacesDigestToolsAdvertise

This week in Claude

Every Monday: Claude Code, Agent SDK, MCP, and the Anthropic platform moves worth your time.

Skills by Category
Frontend DevelopmentBackend & APIsTesting & QASecurityDevOps & CI/CDGit & Pull RequestsDocumentationCode Review & QualityAI & Agent BuildingSkill Development
MCP Servers by Category
Sales & MarketingWeb & Browser AutomationDatabasesAI & LLM ToolsCloud & InfrastructureCommunication & MessagingDeveloper ToolsDesign & CreativeDocuments & KnowledgeSearch & Web Crawling
Marketplaces by Category
AI Agents & OrchestrationLLM IntegrationDevelopment ToolsFrontend & UIBackend & APIsDatabasesTesting & Code QualityDevOps & CloudSecurity & ComplianceGit & Version Control

Claude Code Marketplaces

Discover Claude Code plugins, extensions, and tools. Automatically updated directory of Anthropic Claude AI marketplaces with development tools, productivity plugins, and integrations.

Resources

  • Browse Skills
  • Browse MCP Servers
  • Browse Marketplaces
  • Plugins Reference

Community

  • About
  • Tools
  • Feedback
  • Privacy Policy
  • Advertise

Built for the Claude Code community with Claude Code by @mertduzgun

Independent project, not affiliated with Anthropic

MCP ZAP Server

dtkmn/mcp-zap-server
56authHTTPregistry active
Summary

Wraps OWASP ZAP in an MCP interface so agents can run web security scans without writing glue scripts. Ships with Docker Compose for self-hosting, includes guided tools for spider, active scan, passive scan, API imports, and report generation, plus lower-level ZAP context and user controls when you need them. Uses API key or JWT auth by default, enforces rate limits and URL validation to block private networks, and stores scan history in Postgres for multi-replica deployments. Reach for this when you want Claude to orchestrate security testing workflows against authorized targets with operator guardrails, not full ZAP API access.

CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →

MCP ZAP Server logo

MCP ZAP Server

Give AI agents a safe, self-hosted OWASP ZAP operator for guided web security scans, findings, reports, and production guardrails.

GitHub stars GitHub forks GitHub tag GitHub license

Note This project is not affiliated with or endorsed by OWASP or the OWASP ZAP project. It is an independent implementation.

mcp-zap-server exposes OWASP ZAP through MCP over streamable HTTP so agentic tools can run operator-controlled security workflows without brittle glue scripts or unsafe scanner access.

Use it when you want:

  • safe agentic scanning with guided defaults for spider, active scan, passive scan, API imports, findings, and reports
  • operator control through API-key or JWT auth, tool scopes, runtime policy bundles, rate limits, and audit events
  • self-hosted deployment with Docker Compose for local adoption and Helm for Kubernetes
  • expert ZAP access when you intentionally need lower-level ZAP context, user, scan, and report controls

Full documentation: danieltse.org/mcp-zap-server

Watch the demo: browser demo or YouTube

MCP ZAP Server demo video thumbnail

Quick Start

Prerequisites:

  • Docker 20.10+
  • Docker Compose v2 (docker compose)
  • an MCP-capable client, or the bundled Open WebUI client
git clone https://github.com/dtkmn/mcp-zap-server.git
cd mcp-zap-server

./bin/bootstrap-local.sh
./dev.sh
./bin/self-serve-doctor.sh

Those scripts are the supported local happy path, not hidden magic:

  • bootstrap-local.sh creates .env, generates local API keys, and prepares the ZAP workspace.
  • dev.sh starts the Docker Compose stack with the faster JVM image.
  • self-serve-doctor.sh checks Docker, auth, MCP initialize, tools/list, guided tools, and a harmless tool call.

Then open:

  • Open WebUI: http://localhost:3000
  • MCP endpoint for host-side clients: http://localhost:7456/mcp
  • Cursor config example: examples/cursor/mcp.json

When scanning the bundled demo targets, use the container URLs that ZAP can reach from inside Compose:

  • Juice Shop scan target: http://juice-shop:3000
  • Petstore scan target: http://petstore:8080

The default Compose stack publishes host ports on 127.0.0.1 only. Set MCP_ZAP_BIND_ADDRESS=0.0.0.0 only when you intentionally expose the stack behind trusted network controls.

Client setup:

  • Self-Serve First Run
  • MCP Access Authentication
  • MCP Client Configuration
  • Optional Target Form-Login
  • Tool Surfaces
  • Agent install notes

There are two independent authentication layers. The API key or JWT lets Cursor call MCP ZAP Server. An optional target-auth profile lets ZAP log in to an application you are authorized to scan. Most first runs need only the MCP API key; never put a target website password in Cursor or an MCP prompt.

Discovery Metadata

This repository includes MCP Registry metadata in .mcp/server.json. The v0.10.1 Docker images are labeled with the MCP server name expected by registry and catalog tooling.

Docker Compose remains the easiest installation path because the MCP server is designed to operate with an OWASP ZAP sidecar and explicit auth keys. The OCI package metadata is for advanced standalone installs where OWASP ZAP is already running and reachable from the MCP container.

What You Get

  • Guided scans: intent-first tools for spider, active scan, passive scan, API imports, findings, reports, and scan history.
  • Expert ZAP control: optional lower-level tools for advanced ZAP context, user, scan, and report workflows.
  • Authentication: API key mode by default, optional JWT mode with refresh and revocation support.
  • Runtime policy bundles: dry-run and enforcement support through zap_policy_dry_run and policy-mode configuration.
  • Scan queue and history: queued active, spider, and AJAX Spider jobs with claim-based recovery, durable Postgres state, and evidence export.
  • Extension contracts: experimental policy, protection, evidence metadata, and extension metadata APIs with sample extension packaging.
  • Operational guardrails: request body limits, rate limits, workspace quotas, tool-scope authorization, structured logs, metrics, and audit events.
  • Deployment paths: local Docker Compose, production-oriented Compose, and Helm charts for Kubernetes.

Latest Release

v0.10.1 restores reliable Streamable HTTP keepalive handling for Cursor and other MCP clients:

  • gateway-core and its WebFlux adapter 0.7.2 correctly pass client responses to server-initiated requests downstream instead of rejecting them as methodless requests
  • the normal 30-second keepalive remains enabled; Cursor responses are accepted with HTTP 202 without invalid_mcp_request or keepalive timeout errors
  • no MCP tool schema, authentication configuration, Helm values, or database migration changes are required from v0.10.0
  • Spring Boot 4.1.0, Spring AI 2.0.0, Gradle 9.6.1, and Testcontainers 2.0.5 remain unchanged

Read the full notes:

  • Release notes
  • Changelog
  • GitHub releases

Security Defaults

The default posture is intentionally conservative:

  • api-key mode is the base runtime default.
  • none mode is for explicit local dev/test only.
  • Docker Compose binds published ports to loopback by default.
  • URL validation blocks localhost, private networks, and link-local targets by default.
  • Target authentication is optional and profiles default to an empty list. When enabled, guided auth binds an exact server-side credential reference and login settings to one approved origin; callers provide only profileId and targetUrl.
  • Public auth exchange endpoints are rate-limited.
  • MCP request bodies have a hard early size cap.

Production and shared deployments should review:

  • Security Modes
  • JWT Authentication
  • Optional Target Form-Login
  • Authenticated Scanning Reference
  • Abuse Protection
  • Production Readiness Checklist
  • Security Policy

Architecture

flowchart LR
  Client["Open WebUI / MCP Client"] -->|"MCP over Streamable HTTP"| MCP["MCP ZAP Server"]
  MCP -->|"ZAP API"| ZAP["OWASP ZAP"]
  ZAP -->|"scan"| Target["Authorized target app"]
  MCP -->|"reports / findings / history"| Evidence["Evidence + reports"]

For multi-replica queueing, durable Postgres state, claim recovery, and ingress affinity, use the operations docs instead of this README:

  • Queue Coordinator and Worker Claims
  • Local HA Compose Simulation
  • Scan History Ledger
  • Helm Deployment

Extension Model

ZAP is the first scanner engine, not the whole product boundary. The current public extension work is intentionally small:

  • mcp-zap-extension-api packages selected policy, protection, evidence, and metadata contracts without gateway runtime internals.
  • How extensions work explains the core versus extension boundary.
  • Build your own extension shows the target standalone repository shape.
  • Extension API release policy explains publication stages and compatibility gates.
  • Standalone sample extension proves a separate project can compile against the API artifact.

This is not runtime multi-engine support yet. Additional scanner engines need an adapter design and explicit fail-closed capability boundaries before they become product claims.

Documentation Map

Start here:

  • Full documentation
  • Self-Serve First Run
  • OSS Extension Model
  • MCP Access Authentication
  • MCP Client Authentication
  • Optional Target Form-Login
  • Tool Surfaces

Scanning:

  • MCP Client Scan To Evidence
  • Scan Execution Modes
  • Seeded API Gate Playbook
  • API Schema Imports
  • AJAX Spider
  • Findings and Reports

Operations:

  • Runtime Policy Bundles
  • Observability
  • Production Checklist
  • Release Evidence Handoff
  • Native Image Performance

Open Source Core And Extension Model

mcp-zap-server is the Apache-2.0-licensed open-source core. It is intended to be useful on its own for self-hosted MCP and OWASP ZAP workflows.

Private or enterprise capabilities may be built as separate extensions around this core. Those extensions are not required to run the OSS project, and enterprise implementation code is not shipped in this repository.

The boundary is intentional:

  • this repository remains the public OSS distribution
  • extension points should be documented and kept stable where practical
  • private extensions must not weaken the security, licensing, or usability of the OSS core
  • security scanning and open-source program entitlements for this repository apply only to this public project

Contributing And Support

  • Contributing
  • Security Policy
  • Discussions
  • Demo video

If this project saves you time or becomes part of your security workflow, you can sponsor the maintainer to support ongoing maintenance.

Agentic Lab offers optional paid support for teams adopting the public core in production. Commercial support is separate from the Apache-2.0-licensed OSS distribution, and the public core should remain usable without private extensions or paid services.

Contact Agentic Lab

License

Apache License 2.0. Copyright 2025-2026 Daniel Tse. See LICENSE.

Featured
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →

Configuration

ZAP_API_URLdefault: mcp-zap-zap

Hostname or URL of a separately running OWASP ZAP daemon reachable from this container.

ZAP_API_PORTdefault: 8090

OWASP ZAP API port.

ZAP_API_KEY*secret

API key configured on the OWASP ZAP daemon.

MCP_API_KEY*secret

API key clients must send as X-API-Key.

MCP_SERVER_TOOLS_SURFACEdefault: guided

Tool surface to expose. Use guided for the safer default workflow, or expert when clients need raw ZAP tools such as zap_report_read.

MCP_SECURITY_MODE
MCP_SECURITY_ENABLED
MCP_SECURITY_ALLOW_PLACEHOLDER_API_KEY
Categories
Security & Pentesting
Registryactive
Packageghcr.io/dtkmn/mcp-zap-server:v0.8.0
TransportHTTP
AuthRequired
UpdatedMay 10, 2026
View on GitHub

Related Security & Pentesting MCP Servers

View all →
Exploit Intelligence Platform — CVE, Vulnerability and Exploit Database

com.exploit-intel/eip-mcp

Real-time CVE, exploit, and vulnerability intelligence for AI assistants (350K+ CVEs, 115K+ PoCs)
Semgrep

semgrep/mcp

A MCP server for using Semgrep to scan code for security vulnerabilities.
666
Pentest

dmontgomery40/pentest-mcp

NOT for educational purposes: An MCP server for professional penetration testers including STDIO/HTTP/SSE support, nmap, go/dirbuster, nikto, JtR, hashcat, wordlist building, and more.
137
Notebooklm Mcp Secure

pantheon-security/notebooklm-mcp-secure

Security-hardened NotebookLM MCP with post-quantum encryption
68
Pentest Mcp Server

cyanheads/pentest-mcp-server

Offline methodology engine for authorized penetration testing, CTF, and security research.
1
AI Firewall MCP

io.github.akhilucky/ai-firewall-mcp

Multi-agent LLM security layer detecting prompt injection and jailbreaks.