==========
[OWASP Project Page](https://www.owasp.org/index.php/OWASP_DeepViolet_TLS/SSL_Scanner) | [API JavaDocs](https://spoofzu.github.io/DeepViolet/) | [Reference Screenshots](https://github.com/spoofzu/DeepViolet/wiki/Running-Reference-Tools)
DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfort of your desktop. Both tools can be used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more. Original blog article post describing this project, http://www.securitycurmudgeon.com/2014/07/ssltls-introspection.html
BENEFITS This tool helps you understand state of X.509 certificates run on servers. Some ideas you may find useful.
- Assess revocation status
- Certificates signed with weak signing algorithms
- Weak cipher suits on the web server
- Warn on certificates with approaching expiration
- View X.509 certificate metadata
- Easily visualize X.509 trust chains
- Explore trust chains, flag self-signed roots
- Information to support forensics
- and more...
Use certificate metadata along with your own shell scripts in new and creative ways.
ACKNOWLEDGEMENTS This tool implements ideas, code, and takes inspiration from other projects and leaders like: Qualys SSL Labs and Ivan Ristić, OpenSSL, and Oracle's Java Security Team. Many thanks for around negotiating TLS/SSL handshakes and cipher suite handling adapted from code examples by Thomas Pornin.
Looking for more information? See the project wiki
This project leverages the works of other open source community projects and is provided for educational purposes. Use at your own risk. See LICENSE for further information.