O-Saft Gui Version 16.09.16

O-Saft v16.09.16: OWASP SSL audit for testers & OWASP SSL advanced forensic tool.

Changelog O-Saft Version 16.09.16:
* filter scripts contrib/* adapted to new formats; print all lines
* files removed: generate_ciphers_hash, openssl_h-to-perl_hash, INSTALL-devel.sh

Version: 16.08.01
* print warning if OPENSSLDIR is missing (see https://github.com/OWASP/O-Saft/issues/29 )
* remove trailing path when compareing FQDNs
* output for –legacy=compact corrected (bug since 1.407)
* handle arguments after –trace option correctly
* don’t call openssl if not available
* avoid “uninitalited value” in checks if no certificate data is available
* –v print performed cipher checks
* better check of required versions; warning messages unified
* o-saft-man.pm: “Using outdated modules” section added; documentation improved
* o-saft.tcl: quick access for O-Saft options added
* Net::SSLinfo.pm: detect more SPDY protocols (h2c,npn-spdy/2) and X-Firefox-Spdy

O-Saft Gui Version 16.09.16

O-Saft Gui Version 16.09.16

This tools lists information about remote target’s SSL certificate and tests the remote target according given list of ciphers.

O-Saft Gui

O-Saft Gui

– Why a new tool for checking SSL when there already exist a dozens or
– more in 2012? Some (but not all) reasons are:
* lack of tests of unusual ciphers
* different results returned for the same check on same target
* missing functionality (checks) according modern SSL/TLS
* lack of tests of unusual (SSL, certificate) configurations
* (mainly) missing feasability to add own tests

* penetration testers
* administrators

In a Nutshell:
– show SSL connection details
– show certificate details
– check for supported ciphers
– check for ciphers provided in your own libssl.so and libcrypt.so
– check for special HTTP(S) support (like SNI, HSTS, certificate pinning)
– check for protections against attacks (BEAST, CRIME, RC4 Bias, …)
– may check for a single attribute
– may check multiple targets at once
– can be scripted (headless or as CGI)
– should work on any platform (just needs perl, openssl optional)
– scoring for all checks (still to be improved in many ways 😉
– output format can be customized
– various trace and debug options to hunt unusual connection problems

Installation :
o-saft.pl requires following Perl modules:
– Net::SSLeay (prefered >= 1.51)
– IO::Socket::SSL (prefered >= 1.37)
– IO::Socket::INET (prefered >= 1.31)
– Net::DNS (for –mx option only)

There are no dependencies for checkAllCiphers.pl, so the test of all
ciphers (aka +cipherall) will work with it.
Module Net::SSLinfo and Net::SSLhello are part of O-Saft and should be
installed in ./Net .
All dependencies for these modules must also be installed.

Following files are optional:
.o-saft.pl (private user configuration)
o-saft-dbx.pm (for debugging, tracing)
o-saft-man.pm (documentation and generation functions)
o-saft-usr.pm (private functions, some kind of API)
checkAllCiphers.pl (simple script for +cipherall option)

.o-saft.pl is delivered as .o-saft.pl.sample to avoid destroying user
configurations. It needs to be renamed before used.

o-saft.pl reads o-saft-README if possible and exits.
o-saft-README must be renamed or removed to get o-saft.pl working.


Download : o-saft.tgz

Source ; https://www.owasp.org/index.php/Projects/O-Saft | Our Post Before