openssl s_client -connect www.example.com:443 -tls1_2 nmap --script ssl-enum-ciphers -p 443 www.example.com
Archive for the ‘Security’ Category
Tags: OWASP, penetration test, vulnerability assessment, ZAP
OWASP provides an virtual machine that contains quite a few self assessment tools. You can download it from https://www.owasp.org/index.php/Category:OWASP_Live_CD_Project#tab=Main_Links
The virtual machine is based on Xubuntu and you can select ubuntu when you install from virtualbox.
The login user and password is owasp/owasp.
After login, you can open ZAP proxy to start your own test. The firefox browser has been configured to work with ZAP Proxy.
To test in windows, you can download ZAP Proxy from https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project.
- Start ZAP proxy
- Open http://localhost:8080/pnh/ in your Firefox browser and install the Firefox plug-n-hack add-on
- Setup your firefox proxy to use localhost:8080 as proxy, which is the default local proxy for ZAP.
Just browse the site you want to test, it should be traced by ZAP.