[Owasp-testing] SSL Testing tool

Kurt Grutzmacher grutz at jingojango.net
Mon Jan 18 15:47:26 EST 2010


Indeed, I was just coming up with a plan to write my own open-source one due
to the inadequacies of current tools (Windows only, not complete, multiple
tools required to be comprehensive, etc).  Excellent work.

--
Kurt Grutzmacher -=- grutz at jingojango.net


On Mon, Jan 18, 2010 at 8:05 AM, Brad Causey <bradcausey at gmail.com> wrote:

> Thank you!!!! Finally!!!
> A SSL testing too that runs native on linux!
>
>
>
> -Brad Causey
> CISSP, MCSE, C|EH, CIFI, CGSP
>
> http://www.owasp.org
> --
> Never underestimate the time, expense, and effort an opponent will expend
> to break a code. (Robert Morris)
> --
>
>
> On Mon, Jan 18, 2010 at 6:03 AM, Michael Boman <
> michael.boman at omegapoint.se> wrote:
>
>>  Hello,
>>
>>
>>
>> Last weekend I hacked together a piece of software that checks what SSL
>> protocols and ciphers a web server supports, which is available for download
>> at http://code.google.com/p/sslaudit/.
>>
>>
>>
>> From the above mentioned website:
>>
>>
>>
>> --8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<-
>>
>> SSLAudit is a tool that verifies SSL certificate and supported
>> protocols/ciphers of a SSL-enabled webserver. The result is graded according
>> to SSLLabs SSL Server Rating Guide<https://www.ssllabs.com/projects/rating-guide/index.html>
>> .
>>
>> The tool is similar in function to SSLDigger from Foundstone<http://www.foundstone.com/us/resources/proddesc/ssldigger.htm>
>>  and THCSSLCheck from The Hacker Choice<http://freeworld.thc.org/root/tools/>
>>  but is different that it is open source and is easily modified to
>> support new protocols and ciphers as they become available and the result is
>> graded.
>>
>> This project is sponsored by Omegapoint AB <http://www.omegapoint.se> and
>> was created to assist security assessments done according to OWASP
>> Testing Guide<http://www.owasp.org/index.php/Category:OWASP_Testing_Project>
>> .
>>
>> --8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<-
>>
>> It currently performs the following tests:
>>
>> ·         SSL Protocol support detection
>>
>> ·         SSL Cipher support detection
>>
>> ·         Public cert PEM extraction
>>
>> ·         Certificate timeframe validation (and warns if it is 30 days or
>> less until the certificate expires)
>>
>> ·         Grading of result according to SSLLabs SSL Server Rating Guide
>>
>>
>>
>> Your feedback is much appreciated.
>>
>>
>>
>> Best regards
>>
>> Michael Boman
>>
>>
>>
>> --
>>
>> Michael Boman, CISSP® | IT Security Consultant
>>
>> michael.boman at omegapoint.se | www.omegapoint.se
>>
>> cellphone +46 709 15 88 30 | office +46 8 545 106 90
>>
>> Visiting address: Mäster Samuelsgatan 42, Stockholm, SWEDEN
>>
>> Mailing address: Box 3106, 10362 Stockholm, SWEDEN
>>
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>
>>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20100118/9bc2bcf0/attachment.html 


More information about the Owasp-testing mailing list