Difference between revisions of "O-Saft"

Jump to: navigation, search
m (Quick Download)
Line 38: Line 38:
== Presentation ==
== Presentation ==
Link to presentation
== Project Leader ==
== Project Leader ==

Revision as of 18:07, 29 January 2014


OWASP Project Header.jpg


O-Saft is an easy to use tool to show informations about SSL connections and the provided SSL certificates.

It's designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important informations or the special checks with a simple call of the tool. However, it provides a wide range of options so that it can be used for comprehensive and special checks by experienced people.


Write a short introduction


Write a description that is just a few paragraphs long


OWASP O-Saft is free to use. It is licensed under the GPL v2 license.

What is XXX?

OWASP XXX provides:

  • xxx
  • xxx


Project Leader


Related Projects

Quick Download

News and Events

  • [20 Nov 2013] News 2
  • [30 Sep 2013] News 1

In Print

This project can be purchased as a print on demand book from Lulu.com


Owasp-incubator-trans-85.png Owasp-builders-small.png
Project Type Files TOOL.jpg



XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • xxx
  • xxx


  • xxx
  • xxx

As of XXX, the priorities are:

  • xxx
  • xxx
  • xxx

Involvement in the development and promotion of XXX is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • xxx
  • xxx

Template:Outdated page, please see: O-Saft

OWASP Defenders logo.png This project is part of the OWASP Defenders community.
Feel free to browse other projects within the Defenders, Builders, and Breakers communities.

What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: O-Saft - OWASP SSL audit for testers / OWASP SSL advanced forensic tool (home page)
Purpose: This tools lists information about remote target's SSL certificate and tests the remote target's SSL connection according given list of ciphers and various SSL configurations.
The main idea is to have a tool which works on common platforms and can simply be automated.
In a Nutshell
  • show SSL connection details
  • show certificate details
  • check for supported ciphers
  • check for ciphers provided in your own libssl.so and libcrypt.so
  • check for special HTTP(S) support (like SNI, HSTS, certificate pinning)
  • check for protections against attacks (BEAST, CRIME, RC4 Bias, ...)
  • may check for a single attribute
  • may check multiple targets at once
  • can be scripted (headless or as CGI)
  • should work on any platform (just needs perl, openssl optional)
  • scoring for all checks (still to be improved in many ways ;-)
  • output format can be customized
  • various trace and debug options to hunt unusual connection problems
* Download and unpack o-saft.tgz
* Ensure that following perl modules (and their dependencies) are installed
      IO::Socket::INET, IO::Socket::SSL, Net::SSLeay
* Start: o-saft --help
License: GPL v2
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact Achim @ to contribute to this project
  • Contact Achim @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed

other releases
current release
O-Saft 14.1.4 - 01/2014 - (download)

Release Leader: Achim @

Release details: N/A :

Rating: Yellow button.JPG Not Reviewed
To be reviewed under Assessment Criteria v2.0