GitHub - johannusNL/O-Saft: O-Saft - OWASP SSL advanced forensic tool

johannusNL / O-Saft Public

forked from OWASP/O-Saft

Notifications You must be signed in to change notification settings
Fork 0
Star 0

O-Saft - OWASP SSL advanced forensic tool

GPL-2.0 license

0 stars 85 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 2,848 Commits
Net		Net
OSaft		OSaft
contrib		contrib
docs		docs
t		t
.o-saft.pl		.o-saft.pl
CHANGES		CHANGES
Dockerfile		Dockerfile
INSTALL.sh		INSTALL.sh
LICENSE.md		LICENSE.md
Makefile		Makefile
Makefile.help		Makefile.help
README		README
checkAllCiphers.pl		checkAllCiphers.pl
o-saft		o-saft
o-saft-dbx.pm		o-saft-dbx.pm
o-saft-docker		o-saft-docker
o-saft-docker-dev		o-saft-docker-dev
o-saft-img.tcl		o-saft-img.tcl
o-saft-man.pm		o-saft-man.pm
o-saft-usr.pm		o-saft-usr.pm
o-saft.cgi		o-saft.cgi
o-saft.pl		o-saft.pl
o-saft.pod		o-saft.pod
o-saft.tcl		o-saft.tcl
o-saft.tgz		o-saft.tgz
osaft.pm		osaft.pm

Repository files navigation

 /~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-.
                                                          Version: 19.01.19  )
        O-Saft  - OWASP SSL advanced forensic tool                          (
	                                                                     )
 /~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-/
(
 )  DESCRIPTION
(       This tools lists  information about remote target's  SSL  certificate
 )      and tests the remote target according given list of ciphers.
(
 )  UNIQUE FEATURES
(   ===============
 )  ### * working in closed environments, i.e. without internet connection
(   ### * checking availability of ciphers independent of installed library
 )  ### * checking for all possible ciphers (up to 65535 per SSL protocol)
(   ### * needs just perl without modules for checking ciphers and protocols
 )  ### * mainly same results on all platforms
(
 )  WHY?
(       Why a new tool for checking SSL  when there already exist a dozens or
 )      more good tools in 2012? Some (but not all) reasons are:
(       * lack of tests of unusual ciphers
 )      * different results returned for the same check on same target
(       * missing functionality (checks) according modern SSL/TLS
 )      * lack of tests of unusual (SSL, certificate) configurations
(       * (mainly) missing feasability to add own tests
 )
(       For more details, please use
 )        o-saft.pl --help
(       or read the source ;-)
 )
(   TARGET AUDIENCE
 )      * penetration testers
(       * administrators
 )
(   INSTALLATION
 )      o-saft.pl requires following Perl modules:
(          Net::SSLeay          (prefered >= 1.51, recommended 1.85)
 )         IO::Socket::SSL      (prefered >= 1.37, recommended 2.002)
(          IO::Socket::INET     (prefered >= 1.31)
 )         Net::DNS             (prefered >= 0.65, for --mx option only)
(
 )      O-Saft  can be executed from within the unpacked or cloned directory,
(       installation is not necessary. However, a  INSTALL.sh  script will be
 )      provided, which can be called as follows:
(          INSTALL.sh
 )         INSTALL.sh --clean
(          INSTALL.sh --check
 )         INSTALL.sh --n /path/to/install --force
(          INSTALL.sh     /path/to/install --force
 )
(       There're no dependencies to other perl modules for checkAllCiphers.pl
 )      so the test of all ciphers (aka +cipherall) will work with it.
(       The modules Net::SSLinfo, Net::SSLhello are part of O-Saft and should
 )      be installed in ./Net .
(
 )
(       Following files are optional:
 )          .o-saft.pl           (private user configuration)
(           o-saft-dbx.pm        (for debugging, tracing)
 )          o-saft-usr.pm        (private functions, some kind of API)
(           o-saft-man.pm        (documentation and generation functions)
 )          o-saft.pod           (documentation in POD format)
(           checkAllCiphers.pl   (simple script for +cipherall option)
 )          .o-saft.tcl          (private user configuration for GUI)
(           o-saft-img.tcl       (images for buttons in GUI)
 )          contrib/*            (additional programs and tools)
(
 )  QUICK START
(       o-saft.pl --help
 )      o-saft.pl +check your.tld
(       o-saft.pl +info  your.tld
 )      o-saft.pl +quick your.tld
(       o-saft.pl +cipher    your.tld
 )      o-saft.pl +cipherall your.tld
(       o-saft.pl --help=commands
 )
(       o-saft.tcl      (simple GUI; requires Tcl/Tk 8.5 or newer)
 )
(       o-saft-docker   (simple wrapper to call o-saft.pl in docker image)
 )
(       Project home is https://www.owasp.org/index.php/O-Saft
 )      Project roadmap https://www.owasp.org/index.php/Projects/O-Saft/Roadmap
(
 )      Historic Project home https://www.owasp.org/index.php/Projects/O-Saft
(
 )  Get a Copy (latest stable release)
(       wget https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
 )
(   Get a Copy (development version)
 )      git clone https://github.com/OWASP/O-Saft.git
(       git clone git@github.com:OWASP/O-Saft.git
 )
(   Get Docker Image (latest stable release)
 )      docker pull owasp/o-saft
(
 )  VERSION
(       The version of the tarball  o-saft.tgz  represents the version listed
 )      on top herein. All other files in the repository may be ahead of this
(       (tarball) version.
 )
(       SHA256 checksum of o-saft.tgz
 )           29d4faa2ed3025ed18d31175e868d6be9312b36ba486c6e5f305afeb34947f68
(
 )      SHA256 checksum of owasp/o-saft:latest and owasp/o-saft:18.11.18
(            b85423d142c186c1cf10494aa0e993f6f2030ab769977aca9584d7d650421697
 )
(       NOTE that the checksums listed here are the previous versions if this
 )      file is from  o-saft.tgz  itself, or inside the docker image.
(
 \_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-/