[Owasp-testing] SSL Testing tool

Michael Boman michael.boman at omegapoint.se
Mon Jan 18 07:03:26 EST 2010


Last weekend I hacked together a piece of software that checks what SSL protocols and ciphers a web server supports, which is available for download at http://code.google.com/p/sslaudit/.

>From the above mentioned website:

SSLAudit is a tool that verifies SSL certificate and supported protocols/ciphers of a SSL-enabled webserver. The result is graded according to SSLLabs SSL Server Rating Guide<https://www.ssllabs.com/projects/rating-guide/index.html>.

The tool is similar in function to SSLDigger from Foundstone<http://www.foundstone.com/us/resources/proddesc/ssldigger.htm> and THCSSLCheck from The Hacker Choice<http://freeworld.thc.org/root/tools/> but is different that it is open source and is easily modified to support new protocols and ciphers as they become available and the result is graded.

This project is sponsored by Omegapoint AB<http://www.omegapoint.se> and was created to assist security assessments done according to OWASP Testing Guide<http://www.owasp.org/index.php/Category:OWASP_Testing_Project>.

It currently performs the following tests:

·         SSL Protocol support detection

·         SSL Cipher support detection

·         Public cert PEM extraction

·         Certificate timeframe validation (and warns if it is 30 days or less until the certificate expires)

·         Grading of result according to SSLLabs SSL Server Rating Guide

Your feedback is much appreciated.

Best regards
Michael Boman

Michael Boman, CISSP® | IT Security Consultant
michael.boman at omegapoint.se<mailto:michael.boman at omegapoint.se> | www.omegapoint.se<http://www.omegapoint.se>
cellphone +46 709 15 88 30 | office +46 8 545 106 90
Visiting address: Mäster Samuelsgatan 42, Stockholm, SWEDEN
Mailing address: Box 3106, 10362 Stockholm, SWEDEN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20100118/d68c8fef/attachment.html 

More information about the Owasp-testing mailing list