Template:Outdated page, please see: O-Saft
PROJECT INFO
What does this OWASP project offer you?
|
RELEASE(S) INFO
What releases are available for this project?
|
| what
|
is this project?
|
| Name: O-Saft - OWASP SSL audit for testers / OWASP SSL advanced forensic tool (home page)
|
Purpose: This tools lists information about remote target's SSL certificate and tests the remote target's SSL connection according given list of ciphers and various SSL configurations.
- O-Saft
- The main idea is to have a tool which works on common platforms and can simply be automated.
- In a Nutshell
-
- show SSL connection details
- show certificate details
- check for supported ciphers
- check for ciphers provided in your own libssl.so and libcrypt.so
- check for special HTTP(S) support (like SNI, HSTS, certificate pinning)
- check for protections against attacks (BEAST, CRIME, RC4 Bias, ...)
- may check for a single attribute
- may check multiple targets at once
- can be scripted (headless or as CGI)
- should work on any platform (just needs perl, openssl optional)
- scoring for all checks (still to be improved in many ways ;-)
- output format can be customized
- various trace and debug options to hunt unusual connection problems
- Installation
- * Download and unpack o-saft.tgz
- * Ensure that following perl modules (and their dependencies) are installed
- IO::Socket::INET, IO::Socket::SSL, Net::SSLeay
- * Start: o-saft --help
|
| License: GPL v2
|
| who
|
is working on this project?
|
| Project Leader(s):
|
| how
|
can you learn more?
|
| Project Pamphlet: Not Yet Created
|
| Project Presentation:
|
| Mailing list: Mailing List Archives
|
| Project Roadmap: View
|
| Main links:
|
| Key Contacts
|
|
- Contact Achim @ to contribute to this project
- Contact Achim @ to review or sponsor this project
|
|
|
