O-Saft is an easy to use tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations.
It's designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important informations or the special checks with a simple call of the tool. However, it provides a wide range of options so that it can be used for comprehensive and special checks by experienced people.
O-Saft is a command-line tool, so it can be used offline and in closed environments. However, it can simply be turned into an online CGI-tool (please read documentation first).
O-Saft checks SSL connections and certificates (this text to make crawlers happy;-)
The main idea is to have a tool which works on common platforms and can simply be automated.
What is O-Saft?
Vortrag beim Münchner OWASP-Stammtisch: Überblick über aktuelle Angriffsmöglichkeiten auf HTTPS / SSL (enthält auch ein paar Beispiele mit o-saft) (this presentation is in German)
OWASP O-Saft is free to use. It is licensed under the GPL v2 license.
News and Events
In Print / Media
Find a OWASP 24/7 podcast about the tool here.
- (not yet available)
O-Saft is developed by from the contributions of OWASP members. The primary contributors to date have been:
O-Saft's source code can be found at https://github.com/OWASP/O-Saft .
The latest stable tarball is https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
- Road Map
- Involvement in the development and promotion of O-Saft is actively encouraged!
You do not have to be a security expert in order to contribute. Contacts:
- mailto: Achim at owasp dot org
Some of the ways you can help:
- Quality assurance: simply test O-Saft and report defects
- Give some ideas how to implement scoring
- Need help in implementing SSL for other protocols like LDAP, IMAP, ...
- (currently, July 2014, we have proxy functionality for LDAP, IMAP, POP, SMTP)