Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/OWASP/O-Saft
O-Saft - OWASP SSL advanced forensic tool
https://github.com/OWASP/O-Saft
certificate ciphers perl ssl tls
Last synced: about 2 months ago
JSON representation
O-Saft - OWASP SSL advanced forensic tool
- Host: GitHub
- URL: https://github.com/OWASP/O-Saft
- Owner: OWASP
- License: gpl-2.0
- Created: 2012-12-20T23:03:58.000Z (over 11 years ago)
- Default Branch: master
- Last Pushed: 2024-05-28T23:55:52.000Z (4 months ago)
- Last Synced: 2024-05-29T02:26:17.831Z (4 months ago)
- Topics: certificate, ciphers, perl, ssl, tls
- Language: Perl
- Homepage:
- Size: 52.9 MB
- Stars: 360
- Watchers: 34
- Forks: 97
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGES
- Funding: .github/FUNDING.yml
- License: LICENSE.md
Awesome Lists containing this project
README
----
| |
|:--|
| Any use of this project's code by GitHub Copilot, past or present, is done without our permission. We do not consent to GitHub's use of this project's code in Copilot. |
| |
----
# [ O-Saft - OWASP SSL advanced forensic tool](https://owasp.org/www-project-o-saft/)
**Download [Version 24.01.24](https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz)**
## QUICK START
```
o-saft.pl --help
o-saft.pl +check your.tld
o-saft.pl +info your.tld
o-saft.pl +quick your.tld
o-saft.pl +cipher your.tld
o-saft.pl --help=commands
o-saft.tcl # (simple GUI; requires Tcl/Tk 8.5 or newer)
o-saft-docker # (simple wrapper to call o-saft.pl in docker image)
o-saft # (simple wrapper to call o-saft.pl or o-saft.tcl or o-saft-docker)
```
## DESCRIPTION
This tools lists information about remote target's SSL certificate
and tests the remote target according given list of ciphers.
## UNIQUE FEATURES
* working in closed environments, i.e. without internet connection
* checking availability of ciphers independent of installed library
* checking for all possible ciphers (up to 65535 per SSL protocol)
* needs just perl without modules for checking ciphers and protocols
* mainly same results on all platforms
## WHY?
Why a new tool for checking SSL when there already exist a dozens or
more good tools in 2012? Some (but not all) reasons are:
* lack of tests of unusual ciphers
* different results returned for the same check on same target
* missing functionality (checks) according modern SSL/TLS
* lack of tests of unusual (SSL, certificate) configurations
* (mainly) missing feasability to add own tests
For more details, please use:
```
o-saft.pl --help
```
or read the source ;-)
## TARGET AUDIENCE
* penetration testers
* administrators
## INSTALLATION
`o-saft.pl` requires following Perl modules:
| Module | Version |
|:---------------------|:--------|
| `Net::SSLeay` | (prefered >= 1.51, recommended 1.85) |
| `IO::Socket::SSL` | (prefered >= 1.37, recommended 2.002) |
| `IO::Socket::INET` | (prefered >= 2.31) |
| `Net::DNS` | (prefered >= 0.65, for --mx option only) |
It can be executed from within the unpacked or cloned directory,
installation is not necessary. However, a `INSTALL.sh` script will be
provided, which can be called as follows:
```
INSTALL.sh /path/to/install
INSTALL.sh --check
```
For more details on installation, please see:
```
INSTALL.sh --help
```
There're no dependencies to other Perl modules for `checkAllCiphers.pl`
so the test of all ciphers will work with it.
The modules `SSLinfo`, `SSLhello` beside som others, are part of the tool
and should be installed in `./lib` .
Following files are optional:
| File / Tool | Description |
|:---------------------|:------------|
| `.o-saft.pl` | (private user configuration) |
| `.o-saft.tcl` | (private user configuration for GUI) |
| `lib/OTrace.pm` | (functions for debugging) |
| `lib/OMan.pm` | (documentation and generation functions) |
| `doc/o-saft.pod` | (documentation in POD format) |
| `lib/o-saft-img.tcl` | (images for buttons in GUI) |
| `checkAllCiphers.pl` | (simple script for checking all ciphers) |
| `usr/*` | (additional programs and tools) |
## Sources
* Project home is https://www.owasp.org/index.php/O-Saft
* Project repo is https://github.com/OWASP/O-Saft
* Historic Project home https://www.owasp.org/index.php/Projects/O-Saft
Get a Copy (latest stable release)
```
wget https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
```
Get a Copy (development version)
```
git clone https://github.com/OWASP/O-Saft.git
git clone [email protected]:OWASP/O-Saft.git
```
Get Docker Image (latest stable release)
```
docker pull owasp/o-saft
```
## VERSION
**24.06.24**
The version of the tarball `o-saft.tgz` represents the version listed on top
herein. All other files in the repository may be ahead of this tarball version.
SHA256 checksum of [o-saft.tgz](https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz)
```
3f3eb35982717931cd23f384b378c77c07b0ce75fa5341ede574a3e153c9b48d
```
[//]: # (above checksum for version 23.11.23)
SHA256 checksum of docker image owasp/o-saft:latest and owasp/o-saft:18.11.18
```
b85423d142c186c1cf10494aa0e993f6f2030ab769977aca9584d7d650421697
```
NOTE that the checksums listed here are the previous versions if this
file is from o-saft.tgz itself, or inside the docker image.
### Older version
Version 24.01.24 is a major redesign (refactoring) of the project. The top
directory now contains the main tools only. All modules, documentation and
(user) contributed tools are in sub-directories.
These changes are also reflected in the directories available at github.
If older versions should be used, please get the correspondig `o-saft.tgz`
from github's releases, see:
[https://github.com/OWASP/O-Saft/releases](https://github.com/OWASP/O-Saft/releases) (as of January 2024).