Re: [W3af-users] Contributor for simple SSL task

Tue, 23 Dec 2008 07:01:04 -0800 

Andres Riancho wrote:
> List,
> 
>     I'm looking for a contributor to finish up a small section of the
> audit.sslCertificate plugin.
> 
>     I've been coding this plugin and I've got to a section where my
> knowledge is scarce and my research time is *so* limited that I won't
> be able to do it by myself. My problem is in the "def
> _analyze_cert(self, cert, ssl_conn):" method of the
> audit.sslCertificate plugin, where tests related to the SSL
> certificate of the remote website should be implemented. I've been
> doing some google searches and I found these links that might help:
> 
> - http://www.nessus.org/plugins/index.php?view=single&id=26928
> - http://www.nessus.org/plugins/index.php?view=single&id=31705

Other recommended resources(AKA what I use in my day job):

Source available:

   nmap's SSLv2-support.nse
        Tests for insecure SSLv2 and its ciphers
        http://nmap.org/download.html

No source available, but good for double checking your implementation:

   Foundstone's ssldigger
        Tests which SSLv3/TLS ciphers are enabled, but not SSLv2
        http://www.foundstone.com/us/resources/proddesc/ssldigger.htm

   http://clez.net/net.ssl
        Tests both SSLv2 and SSLv3/TLS ciphers(JavaScript required)

Here's the OpenVAS plugin to do the same thing, open source, but I've 
never tried it:

http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/plugins/ssl_ciphers/ssl_ciphers.c?rev=1852&root=openvas&view=markup

Steve


>     The idea is to check if the ciphers used are safe, if the SSL
> version is ok, if the certificate has expired or not, if it's self
> signed, and other security related things about the cert. If you want
> to help, just download the latest w3af version from the SVN in order
> to get the latest plugin version, answer this email to the mailing
> list and just start working =)
> 
>     Thanks in advance!
> 
> Cheers,


-- 
  | Steven E. Pinkham                      |
  | GPG public key ID CD31CAFB             |

------------------------------------------------------------------------------
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users

Reply via email to