alexxnica / o-saft Goto Github PK
View Code? Open in Web Editor NEWThis project forked from owasp/o-saft
O-Saft - OWASP SSL advanced forensic tool
License: GNU General Public License v2.0
o-saft's Introduction
/~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-.
Version: 17.03.17 )
O-Saft - OWASP SSL advanced forensic tool (
)
/~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-/
(
) DESCRIPTION
( This tools lists information about remote target's SSL certificate
) and tests the remote target according given list of ciphers.
(
) UNIQUE FEATURES
( ===============
) ### * working in closed environments, i.e. without internet connection
( ### * checking availability of ciphers independent of installed library
) ### * checking for all possible ciphers (up to 65535 per SSL protocol)
( ### * needs just perl without modules for checking ciphers and protocols
) ### * mainly same results on all platforms
(
) WHY?
( Why a new tool for checking SSL when there already exist a dozens or
) more good tools in 2012? Some (but not all) reasons are:
( * lack of tests of unusual ciphers
) * different results returned for the same check on same target
( * missing functionality (checks) according modern SSL/TLS
) * lack of tests of unusual (SSL, certificate) configurations
( * (mainly) missing feasability to add own tests
)
( For more details, please use
) o-saft.pl --help
( or read the source ;-)
)
( TARGET AUDIENCE
) * penetration testers
( * administrators
)
( INSTALLATION
) o-saft.pl requires following Perl modules:
( Net::SSLeay (prefered >= 1.51)
) IO::Socket::SSL (prefered >= 1.37)
( IO::Socket::INET (prefered >= 1.31)
) Net::DNS (prefered >= 0.65, for --mx option only)
(
) O-Saft can be executed from within the unpacked or cloned directory,
( installation is not necessary. However, a INSTALL.sh script will be
) provided, which can be called as follows:
( INSTALL.sh
) INSTALL.sh --clean
( INSTALL.sh --check
) INSTALL.sh --n /path/to/install --force
( INSTALL.sh /path/to/install --force
)
( There're no dependencies to other perl modules for checkAllCiphers.pl
) so the test of all ciphers (aka +cipherall) will work with it.
( The modules Net::SSLinfo, Net::SSLhello are part of O-Saft and should
) be installed in ./Net .
(
)
( Following files are optional:
) .o-saft.pl (private user configuration)
( o-saft-dbx.pm (for debugging, tracing)
) o-saft-usr.pm (private functions, some kind of API)
( o-saft-man.pm (documentation and generation functions)
) o-saft.pod (documentation in POD format)
( checkAllCiphers.pl (simple script for +cipherall option)
) .o-saft.tcl (private user configuration for GUI)
( o-saft-img.tcl (images for buttons in GUI)
) contrib/* (additional programs and tools)
(
) QUICK START
( o-saft.pl --help
) o-saft.pl +check your.tld
( o-saft.pl +info your.tld
) o-saft.pl +quick your.tld
( o-saft.pl +cipher your.tld
) o-saft.pl +cipherall your.tld
( o-saft.pl --help=commands
)
( o-saft.tcl (simple GUI; requires Tcl/Tk 8.5 or newer)
)
( Project home is https://www.owasp.org/index.php/O-Saft
) Project roadmap https://www.owasp.org/index.php/Projects/O-Saft/Roadmap
(
) Historic Project home https://www.owasp.org/index.php/Projects/O-Saft
(
) Get a Copy
( git clone [email protected]:OWASP/O-Saft.git
) git clone https://github.com/OWASP/O-Saft.git
( wget https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
)
(
) VERSION
( The version of the tarball o-saft.tgz represents the version listed
) on top herein. All other files in the repository may be ahead of this
( (tarball) version.
)
( SHA256 checksum of o-saft.tgz
) bc39d8ecd487a454e2ca389ed4998c25bca0b16d17a50263d122d9e6d02acc52
(
\_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-/
o-saft's People
Contributors
Watchers
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.