[Owasp-testing] SSL Testing tool

Brad Causey bradcausey at gmail.com
Mon Jan 18 11:05:19 EST 2010


Thank you!!!! Finally!!!
A SSL testing too that runs native on linux!



-Brad Causey
CISSP, MCSE, C|EH, CIFI, CGSP

http://www.owasp.org
--
Never underestimate the time, expense, and effort an opponent will expend to
break a code. (Robert Morris)
--


On Mon, Jan 18, 2010 at 6:03 AM, Michael Boman
<michael.boman at omegapoint.se>wrote:

>  Hello,
>
>
>
> Last weekend I hacked together a piece of software that checks what SSL
> protocols and ciphers a web server supports, which is available for download
> at http://code.google.com/p/sslaudit/.
>
>
>
> From the above mentioned website:
>
>
>
> --8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<-
>
> SSLAudit is a tool that verifies SSL certificate and supported
> protocols/ciphers of a SSL-enabled webserver. The result is graded according
> to SSLLabs SSL Server Rating Guide<https://www.ssllabs.com/projects/rating-guide/index.html>
> .
>
> The tool is similar in function to SSLDigger from Foundstone<http://www.foundstone.com/us/resources/proddesc/ssldigger.htm>
>  and THCSSLCheck from The Hacker Choice<http://freeworld.thc.org/root/tools/>
>  but is different that it is open source and is easily modified to support
> new protocols and ciphers as they become available and the result is graded.
>
> This project is sponsored by Omegapoint AB <http://www.omegapoint.se> and
> was created to assist security assessments done according to OWASP Testing
> Guide <http://www.owasp.org/index.php/Category:OWASP_Testing_Project>.
>
> --8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<-
>
> It currently performs the following tests:
>
> ·         SSL Protocol support detection
>
> ·         SSL Cipher support detection
>
> ·         Public cert PEM extraction
>
> ·         Certificate timeframe validation (and warns if it is 30 days or
> less until the certificate expires)
>
> ·         Grading of result according to SSLLabs SSL Server Rating Guide
>
>
>
> Your feedback is much appreciated.
>
>
>
> Best regards
>
> Michael Boman
>
>
>
> --
>
> Michael Boman, CISSP® | IT Security Consultant
>
> michael.boman at omegapoint.se | www.omegapoint.se
>
> cellphone +46 709 15 88 30 | office +46 8 545 106 90
>
> Visiting address: Mäster Samuelsgatan 42, Stockholm, SWEDEN
>
> Mailing address: Box 3106, 10362 Stockholm, SWEDEN
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20100118/d7e716d6/attachment.html 


More information about the Owasp-testing mailing list