O-Saft - OWASP SSL advanced forensic tool
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Net bugfix: syntax typo (introduced in previous commit) Jul 12, 2018
OSaft typos fixed; links and markup corrected Sep 14, 2018
contrib use Net::SSLeay 1.85 Jul 16, 2018
docs docs/Summit2017-todo.txt added Jun 11, 2017
t more tests added Aug 20, 2018
.o-saft.pl +ocsp improved Jul 10, 2018
CHANGES VERSION 18.07.18 Jul 17, 2018
Dockerfile ENTRYPOINT corrected Jul 16, 2018
INSTALL.sh VERSION 18.07.18 Jul 17, 2018
LICENSE.md Add LICENSE.md file Jul 27, 2013
Makefile bugfix: deendencies for generated files improved Sep 7, 2018
Makefile.help description of "makefile concept" added Aug 10, 2018
README VERSION 18.07.18 Jul 17, 2018
checkAllCiphers.pl '--connect-delay=SEC' implemented for checkAllCiphers.pl Jul 15, 2017
o-saft useless echo removed Jul 16, 2018
o-saft-dbx.pm $cfg{'hosts'} replaced by $cfg{'targets'} Jul 16, 2018
o-saft-docker bugfix: check for image IDs corrected Jul 17, 2018
o-saft-docker-dev shortcut commands replaced Aug 6, 2017
o-saft-img.tcl image STDOUT added Dec 16, 2016
o-saft-man.pm ouput for gen-cgi improved Sep 14, 2018
o-saft-usr.pm keep perlcritic quiet Mar 22, 2018
o-saft.cgi formal changes Jul 16, 2018
o-saft.pl bugfix: avoid WARNING 070 when reading configuration from file Aug 21, 2018
o-saft.pod VERSION 18.07.18 Jul 17, 2018
o-saft.tcl bugfix: workaround for X error BadAlloc implemented Jul 4, 2018
o-saft.tgz VERSION 18.07.18 Jul 17, 2018
osaft.pm cipher suites for RFC 8446 (TLS 1.3) added Aug 19, 2018

README

 /~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-.
                                                          Version: 18.07.18  )
        O-Saft  - OWASP SSL advanced forensic tool                          (
	                                                                     )
 /~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-/
(
 )  DESCRIPTION
(       This tools lists  information about remote target's  SSL  certificate
 )      and tests the remote target according given list of ciphers.
(
 )  UNIQUE FEATURES
(   ===============
 )  ### * working in closed environments, i.e. without internet connection
(   ### * checking availability of ciphers independent of installed library
 )  ### * checking for all possible ciphers (up to 65535 per SSL protocol)
(   ### * needs just perl without modules for checking ciphers and protocols
 )  ### * mainly same results on all platforms
(
 )  WHY?
(       Why a new tool for checking SSL  when there already exist a dozens or
 )      more good tools in 2012? Some (but not all) reasons are:
(       * lack of tests of unusual ciphers
 )      * different results returned for the same check on same target
(       * missing functionality (checks) according modern SSL/TLS
 )      * lack of tests of unusual (SSL, certificate) configurations
(       * (mainly) missing feasability to add own tests
 )
(       For more details, please use
 )        o-saft.pl --help
(       or read the source ;-)
 )
(   TARGET AUDIENCE
 )      * penetration testers
(       * administrators
 )
(   INSTALLATION
 )      o-saft.pl requires following Perl modules:
(          Net::SSLeay          (prefered >= 1.51, recommended 1.85)
 )         IO::Socket::SSL      (prefered >= 1.37, recommended 2.002)
(          IO::Socket::INET     (prefered >= 1.31)
 )         Net::DNS             (prefered >= 0.65, for --mx option only)
(
 )      O-Saft  can be executed from within the unpacked or cloned directory,
(       installation is not necessary. However, a  INSTALL.sh  script will be
 )      provided, which can be called as follows:
(          INSTALL.sh
 )         INSTALL.sh --clean
(          INSTALL.sh --check
 )         INSTALL.sh --n /path/to/install --force
(          INSTALL.sh     /path/to/install --force
 )
(       There're no dependencies to other perl modules for checkAllCiphers.pl
 )      so the test of all ciphers (aka +cipherall) will work with it.
(       The modules Net::SSLinfo, Net::SSLhello are part of O-Saft and should
 )      be installed in ./Net .
(
 )
(       Following files are optional:
 )          .o-saft.pl           (private user configuration)
(           o-saft-dbx.pm        (for debugging, tracing)
 )          o-saft-usr.pm        (private functions, some kind of API)
(           o-saft-man.pm        (documentation and generation functions)
 )          o-saft.pod           (documentation in POD format)
(           checkAllCiphers.pl   (simple script for +cipherall option)
 )          .o-saft.tcl          (private user configuration for GUI)
(           o-saft-img.tcl       (images for buttons in GUI)
 )          contrib/*            (additional programs and tools)
(
 )  QUICK START
(       o-saft.pl --help
 )      o-saft.pl +check your.tld
(       o-saft.pl +info  your.tld
 )      o-saft.pl +quick your.tld
(       o-saft.pl +cipher    your.tld
 )      o-saft.pl +cipherall your.tld
(       o-saft.pl --help=commands
 )
(       o-saft.tcl      (simple GUI; requires Tcl/Tk 8.5 or newer)
 )
(       o-saft-docker   (simple wrapper to call o-saft.pl in docker image)
 )
(       Project home is https://www.owasp.org/index.php/O-Saft
 )      Project roadmap https://www.owasp.org/index.php/Projects/O-Saft/Roadmap
(
 )      Historic Project home https://www.owasp.org/index.php/Projects/O-Saft
(
 )  Get a Copy (latest stable release)
(       wget https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
 )
(   Get a Copy (development version)
 )      git clone https://github.com/OWASP/O-Saft.git
(       git clone git@github.com:OWASP/O-Saft.git
 )
(   Get Docker Image (latest stable release)
 )      docker pull owasp/o-saft
(
 )  VERSION
(       The version of the tarball  o-saft.tgz  represents the version listed
 )      on top herein. All other files in the repository may be ahead of this
(       (tarball) version.
 )
(       SHA256 checksum of o-saft.tgz
 )           1d9871d4838625a6c6bffb24dced9fb1f2d9292617aac9e21d540290c0b2417f
(
 )      SHA256 checksum of owasp/o-saft:latest and owasp/o-saft:18.07.18
(            e334caafe4c003e7e3818335e7813a614d7bc2d85429ee3a61267eaf8c033f17
 )
(       NOTE that the checksums listed here are the previous versions if this
 )      file is from  o-saft.tgz  itself, or inside the docker image.
(
 \_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-/