Difference between revisions of "Projects/O-Saft"

From OWASP
Jump to: navigation, search
(links_name1 with https)
(Installation section added)
(8 intermediate revisions by one user not shown)
Line 5: Line 5:
  
 
{{Template:Project About
 
{{Template:Project About
| project_name =O-Saft
+
| project_name = '''O-Saft - OWASP SSL audit for testers / OWASP SSL advanced forensic tool'''
 
| project_home_page =O-Saft
 
| project_home_page =O-Saft
 
| project_description =This tools lists information about remote target's SSL certificate and tests the remote target's SSL connection according given list of ciphers and various SSL configurations.
 
| project_description =This tools lists information about remote target's SSL certificate and tests the remote target's SSL connection according given list of ciphers and various SSL configurations.
 +
;O-Saft :The main idea is to have a tool which works on common platforms and can simply be automated.
 +
;In a Nutshell:
 +
:* show SSL connection details
 +
:* show certificate details
 +
:* check for supported ciphers
 +
:* check for ciphers provided in your own libssl.so and libcrypt.so
 +
:* check for special HTTP(S) support (like SNI, HSTS, certificate pinning)
 +
:* check for protections against attacks (BEAST, CRIME, RC4 Bias, ...)
 +
:* may check for a single attribute
 +
:* may check multiple targets at once
 +
:* can be scripted (headless or as CGI)
 +
:* should work on any platform (just needs perl, openssl optional)
 +
:* scoring for all checks (still to be improved in many ways ;-)
 +
:* output format can be customized
 +
:* various trace and debug options to hunt unusual connection problems
 +
 +
;Installation
 +
: * Download and unpack ''o-saft.tgz''
 +
: * Ensure that following perl modules (and their dependencies) are installed
 +
: <nowiki>&#160; &#160; &#160;</nowiki> ''IO::Socket::INET'', ''IO::Socket::SSL'', ''Net::SSLeay''
 +
: * Start: ''o-saft --help''
 +
 
| project_license = GPL v2
 
| project_license = GPL v2
 
| leader_name1 = [[User:Achim|Achim]]
 
| leader_name1 = [[User:Achim|Achim]]
Line 16: Line 38:
 
| links_name1 = Repository https://github.com/OWASP/O-Saft
 
| links_name1 = Repository https://github.com/OWASP/O-Saft
 
| links_url2 = https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
 
| links_url2 = https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
| links_name2 = Unpack o-saft.tgz and start: ''o-saft --help''
+
| links_name2 = Tarball o-saft.tgz  
 
}}
 
}}
 
{{Template:OWASP_Release_Info
 
{{Template:OWASP_Release_Info
| current_release_name = O-Saft 13.03.13
+
| current_release_name = O-Saft 13.10.17
| current_release_date = 03/2013
+
| current_release_date = 10/2013
 
| current_release_download_link = https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
 
| current_release_download_link = https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
| current_release_details = (most checks implemented, rudimentary scoring)
 
 
| current_release_leader_name = [[User:Achim|Achim]]
 
| current_release_leader_name = [[User:Achim|Achim]]
 
| current_release_leader_email = achim@owasp.org
 
| current_release_leader_email = achim@owasp.org
 
}}
 
}}
 +
<!-- removed from above template
 +
| current_release_details = https://github.com/OWASP/O-Saft <nowiki> (most checks implemented, rudimentary scoring) </nowiki>
 +
-->
 +
 +
<!-- following does not update "REALEASE(S) INFO"  in top right of page:
 +
{{Template:Releases Summary | project_name = O-Saft }}
 +
{{Template:Release
 +
| release_name  = O-Saft 13.03.13
 +
| release_date  = 03/2013
 +
| download_link = https://github.com/OWASP/O-Saft/raw/master/o-saft.tgz
 +
}}
 +
-->

Revision as of 02:15, 21 October 2013

OWASP Defenders logo.png This project is part of the OWASP Defenders community.
Feel free to browse other projects within the Defenders, Builders, and Breakers communities.


PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: O-Saft - OWASP SSL audit for testers / OWASP SSL advanced forensic tool (home page)
Purpose: This tools lists information about remote target's SSL certificate and tests the remote target's SSL connection according given list of ciphers and various SSL configurations.
O-Saft 
The main idea is to have a tool which works on common platforms and can simply be automated.
In a Nutshell
  • show SSL connection details
  • show certificate details
  • check for supported ciphers
  • check for ciphers provided in your own libssl.so and libcrypt.so
  • check for special HTTP(S) support (like SNI, HSTS, certificate pinning)
  • check for protections against attacks (BEAST, CRIME, RC4 Bias, ...)
  • may check for a single attribute
  • may check multiple targets at once
  • can be scripted (headless or as CGI)
  • should work on any platform (just needs perl, openssl optional)
  • scoring for all checks (still to be improved in many ways ;-)
  • output format can be customized
  • various trace and debug options to hunt unusual connection problems
Installation
* Download and unpack o-saft.tgz
* Ensure that following perl modules (and their dependencies) are installed
      IO::Socket::INET, IO::Socket::SSL, Net::SSLeay
* Start: o-saft --help
License: GPL v2
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact Achim @ to contribute to this project
  • Contact Achim @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases
current release
O-Saft 13.10.17 - 10/2013 - (download)

Release Leader: Achim @

Release details: N/A :

Rating: Yellow button.JPG Not Reviewed
To be reviewed under Assessment Criteria v2.0