O-Saft is an easy to use tool to show informations about SSL connections and the provided SSL certificates.
It's designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important informations or the special checks with a simple call of the tool. However, it provides a wide range of options so that it can be used for comprehensive and special checks by experianced people.
Template:Outdated page, please see: O-Saft
| PROJECT INFO
What does this OWASP project offer you?
| RELEASE(S) INFO|
What releases are available for this project?
|| is this project?
| Name: O-Saft - OWASP SSL audit for testers / OWASP SSL advanced forensic tool (home page)
| Purpose: This tools lists information about remote target's SSL certificate and tests the remote target's SSL connection according given list of ciphers and various SSL configurations.
- The main idea is to have a tool which works on common platforms and can simply be automated.
- In a Nutshell
- show SSL connection details
- show certificate details
- check for supported ciphers
- check for ciphers provided in your own libssl.so and libcrypt.so
- check for special HTTP(S) support (like SNI, HSTS, certificate pinning)
- check for protections against attacks (BEAST, CRIME, RC4 Bias, ...)
- may check for a single attribute
- may check multiple targets at once
- can be scripted (headless or as CGI)
- should work on any platform (just needs perl, openssl optional)
- scoring for all checks (still to be improved in many ways ;-)
- output format can be customized
- various trace and debug options to hunt unusual connection problems
- * Download and unpack o-saft.tgz
- * Ensure that following perl modules (and their dependencies) are installed
- IO::Socket::INET, IO::Socket::SSL, Net::SSLeay
- * Start: o-saft --help
| License: GPL v2
|| is working on this project?
| Project Leader(s):
|| can you learn more?
| Project Pamphlet: Not Yet Created
| Project Presentation:
| Mailing list: Mailing List Archives
| Project Roadmap: View
| Main links:
- Contact Achim @ to contribute to this project
- Contact Achim @ to review or sponsor this project
- Contact the GPC to report a problem or concern about this project or to update information.