Introduction: An OWASP ZAP extension that enhances the detection of obsolete and hidden files
More: Author   ReportBugs   

Good Old Files

Obsolete & Hidden File Enumerator

Good Old Files (GoF) is an extension to the OWASP Zed Attack Proxy (ZAP) project designed to enhance the detection of obsolete and hidden files.
It relies on the built-in dirbuster implementation in ZAP.

Developed by Hacktics ASC


  • GoF requires Java 1.7.x, and was tested with ZAP v.2.1.x.
  • Verify that ZAP proxy is executed using Java 1.7.x, prior to running the installer.

How Does it Work?

GoF attempts to locate obsolete and hidden instances of every file in the selection scope of ZAP's history.


GoF can currently be configured by accessing the tools -> options menu, and executed by running the active scan (assuming the plugin is enabled in the active scan policy).


GoF is developed and maintained by Michal Goldstein.


Obsolete File Detection Features
  • Customize Enumerated Extensions
  • Incremental File Names
  • Suffix and Postfix
  • Replace and Append to Extension
Additional Features
  • Ignore Extensions
  • Support Case Sensitive / Case Insensitive Files and Extensions
  • Define the Number of Threads


Good Old Files - An extension for OWASP Zed Attack Proxy (ZAP) that enhances the detection of obsolete and hidden files.

Copyright (C) 2013, Hacktics ASC, Ernst & Young.

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see

About Me
GitHub: Trinea
Facebook: Dev Tools