An on-path blackbox network traffic security testing tool
Clone or download
klyubin Merge pull request #115 from google/ipv6_fix
Fix issue with ipv6 sockets and SO_ORIGINAL_DST
Latest commit 810f476 Jul 18, 2017


Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.


Nogotofail is composed of an on-path network MiTM and optional clients for the devices being tested. See docs/ for the overview and design goals of nogotofail.


Nogotofail depends only on Python 2.7 and pyOpenSSL>=0.13. The MiTM is designed to work on Linux machines and the transparent traffic capture modes are Linux specific and require iptables as well.

Additionally the Linux client depends on psutil.

Getting started

See docs/ for setup and a walkthrough of nogotofail.


For discussion please use our nogotofail Google Group.