[Ach] Audit tool to audit your ciphers: OWASP 'O-Saft'
Torsten Gigler
torsten.gigler at owasp.org
Wed Jun 4 11:42:31 CEST 2014
Hi Aaron,
thanks for your Information. It seems to support a lot of protocols. I'll
have a look on it
O-saft has been developped and maintained by Achim since December 2012 (
https://github.com/OWASP/O-Saft) .
I am just helping him with the SSLhello.pm
<https://github.com/OWASP/O-Saft/blob/master/Net/SSLhello.pm>-Module, to be
able to check ciphers and protocols that are not supported by your local
libraries of the Audit-PC.
We check ciphers, that are even not (yet) defined or have been only defined
in DRAFTS.
Kind regards
Torsten
2014-06-03 18:46 GMT+02:00 Aaron Zauner <azet at azet.org>:
> Hi Torsten,
>
> Torsten Gigler wrote:
> > Hi,
> >
> > perhaps this is interesting for the Tools-Section/Command line tools:
> > https://www.owasp.org/index.php/O-Saft
> > OWASP o-saft is a SSL audit tool for testers / OWASP SSL advanced
> > forensic tool
> >
> > With the new alpha feature '+cipherall' it simulates the SSL/TLS
> > handshake and checks ciphers independently from the locally installed
> > crpto tool (like openssl).
> > STARTTLS for this Mode is also coming soon.
> Have you taken a look at sslyze? It's developed and actively maintained
> by iSECpartners: https://github.com/iSECPartners/sslyze
>
>
> Aaron
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140604/ea65e24c/attachment.html>
More information about the Ach
mailing list