diff --git a/cybersecurity/offensive/web-exploitation/zscan.Dockerfile b/cybersecurity/offensive/web-exploitation/zscan.Dockerfile
new file mode 100644
index 0000000..c276ece
--- /dev/null
+++ b/cybersecurity/offensive/web-exploitation/zscan.Dockerfile
@@ -0,0 +1,35 @@
+# Git clone stage
+FROM alpine:latest AS source
+RUN apk add --no-cache git
+WORKDIR /src
+RUN git clone https://github.com/zcyberseclab/zscan.git . || exit 1
+
+# Build stage - update Go version
+FROM golang:1.23.2-alpine AS builder
+WORKDIR /build
+COPY --from=source /src .
+
+# Set Go build flags
+ENV CGO_ENABLED=0 \
+    GOOS=linux \
+    GOARCH=amd64 \
+    GO111MODULE=on
+
+# Build optimized binary
+RUN go mod download && \
+    go build -ldflags="-w -s" -o zscan cmd/main.go
+
+# Final stage
+FROM gcr.io/distroless/static-debian12:nonroot
+WORKDIR /app
+
+# Copy only necessary artifacts
+COPY --from=builder /build/zscan /app/
+COPY --from=builder /build/config /app/config
+COPY --from=builder /build/templates /app/templates
+
+# Container configuration
+USER nonroot:nonroot
+EXPOSE 8080
+
+ENTRYPOINT ["/app/zscan"]
\ No newline at end of file
diff --git a/cybersecurity/offensive/web-exploitation/zscan.yml b/cybersecurity/offensive/web-exploitation/zscan.yml
new file mode 100644
index 0000000..8f6100c
--- /dev/null
+++ b/cybersecurity/offensive/web-exploitation/zscan.yml
@@ -0,0 +1,62 @@
+description: >
+  Zscan is a security scanning tool built in Go that provides network exploration
+  and vulnerability assessment capabilities. It combines multiple security tools
+  and techniques into a single interface for comprehensive security testing.
+
+categories:
+  - cybersecurity
+  - offensive
+  - web-expliotation
+
+functions:
+  zscan_default_scan:
+    description: Perform a default security scan against specified targets
+    parameters:
+      target:
+        type: string
+        description: The target IP address or CIDR range to scan
+        examples:
+          - 192.168.1.1
+          - 10.0.0.0/24
+          - 127.0.0.1
+
+    container:
+      build:
+        path: ${cwd}/zscan.Dockerfile
+        name: zscan_local
+      args:
+        - --net=host
+      volumes:
+        - ${cwd}:/data
+
+    cmdline:
+      - /app/zscan
+      - -target
+      - ${target}
+
+  zscan_full_scan:
+    description: Perform a comprehensive security scan
+    parameters:
+      target:
+        type: string
+        description: The target IP address or CIDR range to scan
+      threads:
+        type: integer
+        description: Number of concurrent scanning threads
+        default: 10
+
+    container:
+      build:
+        path: ${cwd}/zscan.Dockerfile
+        name: zscan_local
+      args:
+        - --net=host
+      volumes:
+        - ${cwd}:/data
+
+    cmdline:
+      - /app/zscan
+      - -target
+      - ${target}
+      - -threads
+      - ${threads}