Tool and Usage
O-Saft is the abbreviation for OWASP SSL advanced forensic tool.
Why this tool?
O-Saft is a command-line tool and can be used offline and in closed environments. There is also a graphical user interface available (based on Tcl/Tk). It can even be turned into an online CGI-tool. With just basic parameters it can provide useful information about an SSL configuration. With limited tuning of the tool, it can perform more specialized tests.
Usage and audience
O-Saft is commonly used for information gathering, penetration testing, security assessment, vulnerability scanning, or web application analysis. Target users for this tool are pentesters, security professionals, and system administrators.
- Command line interface
- Customization and additions are possible
- Graphical user interface
- Integration with continuous integration/delivery (CI/CD)
- Tool can be used in offline environment
- Web interface
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + The source code of this software is available
Supported operating systems
O-Saft is known to work on Linux.
Similar tools to O-Saft:
SSLyze provides a library for scanning services that use SSL/TLS for encrypted communications. It can be used to test their implementation.
MassBleed is a SSL vulnerability scanner to check for several known vulnerabilities and attacks like DROWN, POODLE, and ShellShock.
SSLMap is a TLS/SSL cipher suite scanner. It provides a way to detect weak ciphers enabled on SSL endpoints and can be used during security assessments.
This tool page was updated at . Found an improvement? Help the community by submitting an update.