forked from OWASP/O-Saft
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
67 lines (67 loc) · 2.72 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
/~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-.
Version: 14.1.4 )
O-Saft - OWASP SSL audit for testers (
OWASP SSL advanced forensic tool )
/~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-/
(
) DESCRIPTION
( This tools lists information about remote target's SSL certificate
) and tests the remote target according given list of ciphers.
(
) WHY?
( Why a new tool for checking SSL when there already exist a dozens or
) more in 2012? Some (but not all) reasons are:
( * lack of tests of unusual ciphers
) * different results returned for the same check on same target
( * missing functionality (checks) according modern SSL/TLS
) * lack of tests of unusual (SSL, certificate) configurations
( * (mainly) missing feasability to add own tests
)
( For more details, please use
) o-saft.pl --help
( or read the source ;-)
)
(
) TARGET AUDIENCE
( * penetration testers
) * administrators
(
) INSTALLATION
( o-saft.pl requires following Perl modules:
) Net::SSLeay (prefered >= 1.51)
( IO::Socket::SSL (prefered >= 1.37)
) IO::Socket::INET (prefered >= 1.31)
(
) Module Net::SSLinfo is part of O-Saft and should be installed in ./Net .
( All dependencies for these modules must also be installed.
)
( Following files are optional:
) .o-saft.pl (private user configuration)
( o-saft-dbx.pm (for debugging, tracing)
) .o-saft.pl is delivered as .o-saft.pl.sample to avoid destroying user
( configurations. It needs to be renamed before used.
)
( o-saft.pl reads o-saft-README if possible and exits.
) o-saft-README must be renamed or removed to get o-saft.pl working.
(
) QUICK START
( o-saft.pl --help
) o-saft.pl +check your.tld
( o-saft.pl +info your.tld
) o-saft.pl +quick your.tld
( more o-saft.pl
)
( Project home is https://www.owasp.org/index.php/Projects/O-Saft
) Project roadmap https://www.owasp.org/index.php/Projects/O-Saft/Roadmap
(
) Get a Copy
( git clone [email protected]:OWASP/O-Saft.git
) git clone https://github.com/OWASP/O-Saft.git
( wget https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
)
(
) VERSION
( The version of the tarball o-saft.tgz represents the version listed
) on top herein. All other files in the repository may be ahead of this
( (tarball) version.
\_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-/