Archive for the ‘Security’ Category

openssl s_client -connect -tls1_2
nmap --script ssl-enum-ciphers -p 443



OWASP provides an virtual machine that contains quite a few self assessment tools. You can download it from

The virtual machine is based on Xubuntu and you can select ubuntu when you install from virtualbox.

The login user and password is owasp/owasp.

After login, you can open ZAP proxy to start your own test. The firefox browser has been configured to work with ZAP Proxy.


To test in windows, you can download ZAP Proxy from

After installation,

  • Start ZAP proxy
  • Open http://localhost:8080/pnh/ in your Firefox browser and install the Firefox plug-n-hack add-on
  • Setup your firefox proxy to use localhost:8080 as proxy, which is the default local proxy for ZAP.

Just browse the site you want to test, it should be traced by ZAP.