Template:Outdated page, please see: O-Saft
| PROJECT INFO
What does this OWASP project offer you?
| RELEASE(S) INFO|
What releases are available for this project?
|| is this project?
| Name: O-Saft - OWASP SSL audit for testers / OWASP SSL advanced forensic tool (home page)
| Purpose: This tools lists information about remote target's SSL certificate and tests the remote target's SSL connection according given list of ciphers and various SSL configurations.
- The main idea is to have a tool which works on common platforms and can simply be automated.
- In a Nutshell
- show SSL connection details
- show certificate details
- check for supported ciphers
- check for ciphers provided in your own libssl.so and libcrypt.so
- check for special HTTP(S) support (like SNI, HSTS, certificate pinning)
- check for protections against attacks (BEAST, CRIME, RC4 Bias, ...)
- may check for a single attribute
- may check multiple targets at once
- can be scripted (headless or as CGI)
- should work on any platform (just needs perl, openssl optional)
- scoring for all checks (still to be improved in many ways ;-)
- output format can be customized
- various trace and debug options to hunt unusual connection problems
- * Download and unpack o-saft.tgz
- * Ensure that following perl modules (and their dependencies) are installed
- IO::Socket::INET, IO::Socket::SSL, Net::SSLeay
- * Start: o-saft --help
| License: GPL v2
|| is working on this project?
| Project Leader(s):
|| can you learn more?
| Project Pamphlet: Not Yet Created
| Project Presentation:
| Mailing list: Mailing List Archives
| Project Roadmap: View
| Main links:
- Contact Achim @ to contribute to this project
- Contact Achim @ to review or sponsor this project