Among OWASP-ZAP's many features, there is an active vulnerability scanner. In this case, active means that the scanner actively sends crafted requests to the server, as opposed to a passive scanner, which only analyzes the requests and responses sent by the web server through the proxy while normally browsing the application.
To use the scanner, you need to right-click on the site or directory to be scanned and select Attack | Active Scan...: