Skip to content
Tool for introspection of SSL\TLS sessions
Java CSS Shell
Branch: master
Clone or download

Latest commit

spoofzu Merge pull request #302 from spoofzu/snyk-fix-e8f3570c66598f5f34bef3c…
…5767f5410

[Snyk] Fix for 1 vulnerable dependencies
Latest commit 45a0e03 Jul 19, 2019

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
build Beta 5 May 17, 2017
docs Beta 5 May 17, 2017
src SSL/TLS port from URL with fallback to default protocol port May 18, 2019
stylesheets Create master branch via GitHub Aug 31, 2016
.gitignore misc Jul 24, 2018
.travis.yml update java version Jun 26, 2019
LICENSE Update LICENSE May 18, 2016
README.md Update README.md Jul 10, 2019
pom.xml Merge pull request #303 from spoofzu/snyk-fix-86962c8138fbe71e310a1f4… Jul 19, 2019
settings.xml misc Jul 24, 2018

README.md

Build Status Black Hat Arsenal Black Hat Arsenal


THIS PROJECT IS NOT BEING ACTIVELY MAINTAINED. I DON'T RECOMMEND THE IT BE USED FOR ANYTHING IMPORTANT; HOWEVER, IT REMAINS AVAIABLE FOR ARCHIVAL PURPOSES. THIS PROJECT WAS A FUN EXPERIMENT AND IT WAS EXCITING TO SHARE IT WITH EVERYONE. AT THIS TIME, I'M PLACING MY TIME AND ENERGY INTO OTHER AREAS. JUN 27, 2019 --MILTON


OWASP DeepViolet TLS/SSL API

OWASP Project Page | WIKI | Reference Tools

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more. Original blog article post describing this project, http://www.securitycurmudgeon.com/2014/07/ssltls-introspection.html

Benefits

Use X.509 certificate metadata in creative ways. Extend security tooling to include TLS analysis. See the project wiki

How do I include DeepViolet API in my projects?

DeepViolet is deployed in Maven Central repository. Include the following DeepViolet release dependency in your pom.xml,

<dependency>
  <groupId>com.github.spoofzu</groupId>
  <artifactId>DeepViolet</artifactId>
  <version>5.1.16</version>
</dependency>

Alternatively, include the latest development build which will someday become the next release build.

<dependency>
  <groupId>com.github.spoofzu</groupId>
  <artifactId>DeepViolet</artifactId>
  <version>5.1.17-SNAPSHOT</version>
</dependency>

More Information?

See the project wiki

This project leverages the works of other open source community projects and is provided for educational purposes. Use at your own risk. See LICENSE for further information.

Acknowledgements

This tool implements ideas, code, and takes inspiration from other projects and leaders like: Qualys SSL Labs and Ivan Ristić, OpenSSL, and Oracle's Java Security Team. Many thanks negotiating TLS/SSL handshakes and ciphersuite handling adapted from code examples by Thomas Pornin.

You can’t perform that action at this time.