/~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-.
Version: 17.07.17 )
O-Saft - OWASP SSL advanced forensic tool (
)
/~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-/
(
) DESCRIPTION
( This tools lists information about remote target's SSL certificate
) and tests the remote target according given list of ciphers.
(
) UNIQUE FEATURES
( ===============
) ### * working in closed environments, i.e. without internet connection
( ### * checking availability of ciphers independent of installed library
) ### * checking for all possible ciphers (up to 65535 per SSL protocol)
( ### * needs just perl without modules for checking ciphers and protocols
) ### * mainly same results on all platforms
(
) WHY?
( Why a new tool for checking SSL when there already exist a dozens or
) more good tools in 2012? Some (but not all) reasons are:
( * lack of tests of unusual ciphers
) * different results returned for the same check on same target
( * missing functionality (checks) according modern SSL/TLS
) * lack of tests of unusual (SSL, certificate) configurations
( * (mainly) missing feasability to add own tests
)
( For more details, please use
) o-saft.pl --help
( or read the source ;-)
)
( TARGET AUDIENCE
) * penetration testers
( * administrators
)
( INSTALLATION
) o-saft.pl requires following Perl modules:
( Net::SSLeay (prefered >= 1.51)
) IO::Socket::SSL (prefered >= 1.37)
( IO::Socket::INET (prefered >= 1.31)
) Net::DNS (prefered >= 0.65, for --mx option only)
(
) O-Saft can be executed from within the unpacked or cloned directory,
( installation is not necessary. However, a INSTALL.sh script will be
) provided, which can be called as follows:
( INSTALL.sh
) INSTALL.sh --clean
( INSTALL.sh --check
) INSTALL.sh --n /path/to/install --force
( INSTALL.sh /path/to/install --force
)
( There're no dependencies to other perl modules for checkAllCiphers.pl
) so the test of all ciphers (aka +cipherall) will work with it.
( The modules Net::SSLinfo, Net::SSLhello are part of O-Saft and should
) be installed in ./Net .
(
)
( Following files are optional:
) .o-saft.pl (private user configuration)
( o-saft-dbx.pm (for debugging, tracing)
) o-saft-usr.pm (private functions, some kind of API)
( o-saft-man.pm (documentation and generation functions)
) o-saft.pod (documentation in POD format)
( checkAllCiphers.pl (simple script for +cipherall option)
) .o-saft.tcl (private user configuration for GUI)
( o-saft-img.tcl (images for buttons in GUI)
) contrib/* (additional programs and tools)
(
) QUICK START
( o-saft.pl --help
) o-saft.pl +check your.tld
( o-saft.pl +info your.tld
) o-saft.pl +quick your.tld
( o-saft.pl +cipher your.tld
) o-saft.pl +cipherall your.tld
( o-saft.pl --help=commands
)
( o-saft.tcl (simple GUI; requires Tcl/Tk 8.5 or newer)
)
( Project home is https://www.owasp.org/index.php/O-Saft
) Project roadmap https://www.owasp.org/index.php/Projects/O-Saft/Roadmap
(
) Historic Project home https://www.owasp.org/index.php/Projects/O-Saft
(
) Get a Copy
( git clone git@github.com:OWASP/O-Saft.git
) git clone https://github.com/OWASP/O-Saft.git
( wget https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
)
(
) VERSION
( The version of the tarball o-saft.tgz represents the version listed
) on top herein. All other files in the repository may be ahead of this
( (tarball) version.
)
( SHA256 checksum of o-saft.tgz
) ff8819f064d1425274d0fa47dbb78313be9984b79a38b5127ace6e6f107d9f08
(
\_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-/