This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "O-Saft"
(Amsterdam added) |
(simple GUI added) |
||
Line 128: | Line 128: | ||
== News and Events == | == News and Events == | ||
+ | * 05/04/2015, '''simple GUI''' available <u>[https://github.com/OWASP/O-Saft/blob/master/o-saft.tcl o-saft.tcl]</u> | ||
* <u>[https://2015.appsec.eu/ AppSecEU 2015]</u>, Amsterdam | * <u>[https://2015.appsec.eu/ AppSecEU 2015]</u>, Amsterdam | ||
: There will be a training <u>[http://2015.appsec.eu/trainings/#train4 TLS/SSL in Practice]</u> which in particular covers O-Saft. | : There will be a training <u>[http://2015.appsec.eu/trainings/#train4 TLS/SSL in Practice]</u> which in particular covers O-Saft. |
Revision as of 21:00, 6 April 2015
O-Saft
O-Saft is an easy to use tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. It's designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important informations or the special checks with a simple call of the tool. However, it provides a wide range of options so that it can be used for comprehensive and special checks by experienced people. O-Saft is a command-line tool, so it can be used offline and in closed environments. However, it can simply be turned into an online CGI-tool (please read documentation first). Introduction
DescriptionThe main idea is to have a tool which works on common platforms and can simply be automated.
New Features of Test Version
|
What is O-Saft?O-Saft provides:
DocumentationPresentations
(This presentations are in German) Project LeaderAchim Hoffmann LicensingOWASP O-Saft is free to use. It is licensed under the GPL v2 license. Related ProjectsGithubOhloh |
Quick Download
News and Events
In Print / MediaFind a OWASP 24/7 podcast about the tool here. Classifications |
- FAQs
- Where can I get missing Perl-Modules?
This depends on your OS and Perl installation, but just try 'cpan <Module-Name>', e.g. 'cpan Net:DNS'
- I am connected to the internet via a Proxy
open the cpan-shell using 'cpan' and configure your proxy settings: 'o conf init /proxy/' - I can not download the requested files (the proxy needs authentication)
run 'cpan <Module-Name>' several times, read the error messages and copy the requested files manually to the paths (without any additional temporary extension of the name),
e.g. http://www.cpan.org/authors/01mailrc.txt.gz => <Your Program Path>/cpan/sources/authors/01mailrc.txt.gz
- I am connected to the internet via a Proxy
- I get the Error "invalid SSL_version specified at .../perl/vendor/lib/IO/Socket/SSL.pm line ..."
- add options '--notlsv13 --nodtlsv1', e.g. perl o-saft.pl +info your.tld --notlsv13 --nodtlsv1
- Acknowledgements
Volunteers
O-Saft is developed by from the contributions of OWASP members. The primary contributors to date have been:
Repository
O-Saft's source code can be found at https://github.com/OWASP/O-Saft .
The latest stable tarball is https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
- Road Map
https://www.owasp.org/index.php/Projects/O-Saft/Roadmap
- Involvement in the development and promotion of O-Saft is actively encouraged!
You do not have to be a security expert in order to contribute. Contacts:
- mailto: Achim at owasp dot org
- Mailinglist
Some of the ways you can help:
- Quality assurance: simply test O-Saft and report defects and strange responses of servers
- Give some ideas how to implement scoring
- Need help in implementing
- SSL for other protocols using STARTTLS, ...
(currently, February 2015, we have STARTTLS functionality for LDAP, IMAP, POP3, SMTP, RDP, FTP, XMPP,...) - authentication for proxies (BASIC, NTLM)
- to check the size of Diffie Hellmann Parameters
- check for more SSL/TLS-Extensions (including obsolete ones)
- check for more vulnerabilities
- check the full certificate chain
- SSL for other protocols using STARTTLS, ...