Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/spoofzu/DeepViolet

Tool for introspection of SSL\TLS sessions
https://github.com/spoofzu/DeepViolet

Last synced: 3 months ago
JSON representation

Tool for introspection of SSL\TLS sessions

Awesome Lists containing this project

README 

        
[![Build Status](https://travis-ci.org/spoofzu/DeepViolet.svg?branch=master)](https://travis-ci.org/spoofzu/DeepViolet)

[![Black Hat Arsenal](https://github.com/toolswatch/badges/blob/master/arsenal/europe/2016.svg)](http://www.blackhat.com/eu-16/arsenal.html#milton-smith)

[![Black Hat Arsenal](https://github.com/toolswatch/badges/blob/master/arsenal/usa/2018.svg)](https://www.blackhat.com/us-18/arsenal/schedule/index.html#deepviolet-ssltls-scanning-api-38-tools-10724)



*********************************************************************

THIS PROJECT IS NOT BEING ACTIVELY MAINTAINED.  I DON'T

RECOMMEND IT BE USED FOR ANYTHING IMPORTANT; HOWEVER,

IT REMAINS AVAIABLE FOR ARCHIVAL PURPOSES.  THIS PROJECT WAS

A FUN EXPERIMENT AND IT WAS EXCITING TO SHARE IT

WITH EVERYONE.  AT THIS TIME, I'M PLACING MY TIME AND

ENERGY INTO OTHER AREAS.  JUN 27, 2019 --MILTON                                             

*********************************************************************



# OWASP DeepViolet TLS/SSL API



[OWASP Project Page](https://www.owasp.org/index.php/OWASP_DeepViolet_TLS/SSL_Scanner) | 

[WIKI](https://github.com/spoofzu/DeepViolet/wiki/Build-on-Your-Computer) | 

[Reference Tools](https://github.com/spoofzu/DeepVioletTools)



DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.  Original blog article post describing this project, http://www.securitycurmudgeon.com/2014/07/ssltls-introspection.html



## Benefits



Use X.509 certificate metadata in creative ways.  Extend security tooling to include TLS analysis.  See the [project wiki](https://github.com/spoofzu/DeepViolet/wiki/Features) 



## How do I include DeepViolet API in my projects?



DeepViolet is deployed in Maven Central repository.  Include the following DeepViolet release dependency in your pom.xml,



```xml



  com.github.spoofzu

  DeepViolet

  5.1.16



```



Alternatively, include the latest development build which will someday become the next release build.



```xml



  com.github.spoofzu

  DeepViolet

  5.1.17-SNAPSHOT



```



## More Information?



See the [project wiki](https://github.com/spoofzu/DeepViolet/wiki) 



This project leverages the works of other open source community projects and is provided for educational purposes.  Use at your own risk.  See [LICENSE](https://github.com/spoofzu/DeepViolet/blob/master/LICENSE) for further information.



## Acknowledgements



This tool implements ideas, code, and takes inspiration from other projects and leaders like: Qualys SSL Labs and Ivan Ristić, OpenSSL, and Oracle's Java Security Team.  Many thanks negotiating TLS/SSL handshakes and ciphersuite handling adapted from code examples by Thomas Pornin.