| Any use of this project's code by GitHub Copilot, past or present, is done without our permission. We do not consent to GitHub's use of this project's code in Copilot. |
Download Version 24.01.24
o-saft.pl --help
o-saft.pl +check your.tld
o-saft.pl +info your.tld
o-saft.pl +quick your.tld
o-saft.pl +cipher your.tld
o-saft.pl --help=commands
o-saft.tcl # (simple GUI; requires Tcl/Tk 8.5 or newer)
o-saft-docker # (simple wrapper to call o-saft.pl in docker image)
o-saft # (simple wrapper to call o-saft.pl or o-saft.tcl or o-saft-docker)
This tools lists information about remote target's SSL certificate and tests the remote target according given list of ciphers.
- working in closed environments, i.e. without internet connection
- checking availability of ciphers independent of installed library
- checking for all possible ciphers (up to 65535 per SSL protocol)
- needs just perl without modules for checking ciphers and protocols
- mainly same results on all platforms
Why a new tool for checking SSL when there already exist a dozens or more good tools in 2012? Some (but not all) reasons are:
- lack of tests of unusual ciphers
- different results returned for the same check on same target
- missing functionality (checks) according modern SSL/TLS
- lack of tests of unusual (SSL, certificate) configurations
- (mainly) missing feasability to add own tests
For more details, please use:
o-saft.pl --help
or read the source ;-)
- penetration testers
- administrators
o-saft.pl requires following Perl modules:
| Module | Version |
|---|---|
Net::SSLeay |
(prefered >= 1.51, recommended 1.85) |
IO::Socket::SSL |
(prefered >= 1.37, recommended 2.002) |
IO::Socket::INET |
(prefered >= 2.31) |
Net::DNS |
(prefered >= 0.65, for --mx option only) |
It can be executed from within the unpacked or cloned directory,
installation is not necessary. However, a INSTALL.sh script will be
provided, which can be called as follows:
INSTALL.sh /path/to/install
INSTALL.sh --check
For more details on installation, please see:
INSTALL.sh --help
There're no dependencies to other Perl modules for checkAllCiphers.pl
so the test of all ciphers will work with it.
The modules SSLinfo, SSLhello beside som others, are part of the tool
and should be installed in ./lib .
Following files are optional:
| File / Tool | Description |
|---|---|
.o-saft.pl |
(private user configuration) |
.o-saft.tcl |
(private user configuration for GUI) |
lib/OTrace.pm |
(functions for debugging) |
lib/OMan.pm |
(documentation and generation functions) |
doc/o-saft.pod |
(documentation in POD format) |
lib/o-saft-img.tcl |
(images for buttons in GUI) |
checkAllCiphers.pl |
(simple script for checking all ciphers) |
usr/* |
(additional programs and tools) |
- Project home is https://www.owasp.org/index.php/O-Saft
- Project repo is https://github.com/OWASP/O-Saft
- Historic Project home https://www.owasp.org/index.php/Projects/O-Saft
Get a Copy (latest stable release)
wget https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
Get a Copy (development version)
git clone https://github.com/OWASP/O-Saft.git
git clone git@github.com:OWASP/O-Saft.git
Get Docker Image (latest stable release)
docker pull owasp/o-saft
24.01.24
The version of the tarball o-saft.tgz represents the version listed on top
herein. All other files in the repository may be ahead of this tarball version.
SHA256 checksum of o-saft.tgz
3332af75f20933b4be4dd2e49c8d67cd505fc7856f4844211671e2fd304bbefb
SHA256 checksum of docker image owasp/o-saft:latest and owasp/o-saft:18.11.18
b85423d142c186c1cf10494aa0e993f6f2030ab769977aca9584d7d650421697
NOTE that the checksums listed here are the previous versions if this file is from o-saft.tgz itself, or inside the docker image.
Version 24.01.24 is a major redesign (refactoring) of the project. The top directory now contains the main tools only. All modules, documentation and (user) contributed tools are in sub-directories. These changes are also reflected in the directories available at github.
If older versions should be used, please get the correspondig o-saft.tgz
from github's releases, see:
https://github.com/OWASP/O-Saft/releases (as of January 2024).