Computers, Programming, Technology, Music, Literature

Downloading and Building OWASP ZAP source from Github using Eclipse IDE

with one comment


Download this blog as PDF – 


This is a quick and dirty blog for those that are new to Eclipse IDE and want to try tweaking the OWASP Zed Attack Proxy’s code. I must say that that you might stumble upon this well written guide titled “Building OWASP ZAP Using Eclipse IDE for Java… Pen-Testers” here - . First time I was trying to build ZAP with Eclipse this guide was my complete reference. However, OWASP ZAP’s code was recently move to GitHub in the month of May-June 2015 rendering that guide obsolete and my OWASP ZAP Eclipse workspace – connected to google code SVN – a little defunct. Raul Siles, the author of the above guide would update it for changes with respect to the GitHub move.

Recently I was trying to download OWASP ZAP’s code from GitHub and build it because the existing code from SVN (google code) went obsolete. I am not an advanced Eclipse user or Java developer and I was a little lost trying to clone the new OWASP ZAP GitHub repo to my Eclipse. As I was trying, I took screenshots and ended up posted in this blog. Remember, this blog is not a step by step instruction, but it is a quick and dirty steps (5 major steps) to get OWASP ZAP’s code running in your Eclipse IDE.

Glimpse through the articles titled

  1. Building OWASP ZAP Using Eclipse IDE for Java… Pen-Testers
  2. Building ZAP (,
  3. Downloading and Building OWASP ZAP source from Github using Eclipse IDE (this article)

and I am sure you’d get ZAP running on your Eclipse IDE.


Download Eclipse

…  from If you are confused which edition to download, pick the Eclipse IDE for Java Developers



When you open Eclipse for the first time choose the default workspace and proceed. If you’d like create a workspace such as workspaceowaspzap like I did. Refer to Raul Siles guide for workspace screenshots.

Make sure you have EGit plugin installed. If you are a prime time command liner with Git you may not need this plugin.

If you have downloaded Eclipse from Eclipse for Java Developers, then please ensure in the Eclipse Installation Details you have the below three components highlighted

  1. Eclipse Git Team Provider
  2. Java Implementation of Git
  3. Mylyn Versions Connector: Git

At the time of this writing Eclipse IDE for Java Developers comes with all required plugins to work with Git ( and hence GitHub)



Add a Git Perspective

… to view Git Repositories and stuff..bla bla

Hit the Open Perspective button at the right top corner 


Choose Git at the Open Perspective Dialog


Hit OK to view the Git Repositories view.


Tip: From time to time you could hit the Java perspective to view the Java related tools and views, you could hit the Git perspective to view your Git Repositories.



If you look at the workspace that we choose when opening Eclipse, in Windows Explorer now it just has one folder named .metadata. Time to download the code from 




Downloading the OWASP ZAP’s code

Choose File –> Import


Select Team –> Team Project Set. Hit Next.


In the Team Project Set Dialog, Input the Url – 
and hit Finish.


Tip: Always refer to the recent project set Url available at




Wait for the ZAP projects to be downloaded and built

Watch the progress as the Git Repositories view would show projects as and when they are downloaded


Once all the ZAP projects are downloaded, your workspace the Git Repositories view should look like below. The approximate size of the workspace with all the ZAP coded summed up to 2.27 GB for me (on July 4 2015).



Run ZAP’s source and start playing (and contributing)

Switch to the Java perspective


In the Package Explorer, right click zaproxy and choose Run As –> Java Application


Eclipse would search for the Main types. In the Select Java Application dialog choose ZAP and hit OK


Witness the Console Logs


Start ZAPping



Tip: You can also start ZAP by hitting the play button in Eclipse


If you encounter any problems, try fixing it yourself first – spend a day or two Winking smile, as a last resort – post at the ZAP Developer group here –!forum/zaproxy-develop


Written by gmaran23

July 5, 2015 at 1:25 pm

One Response

Subscribe to comments with RSS.

  1. Thanks for this nice article. I am able to run the Also, Can you point some example which actually use the zap source code methods to runs the scan and outputs the result


    October 20, 2016 at 3:04 pm

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: