badssl.com - :lock: Memorable site for testing clients against bad SSL configs.

  •        11

Stock Ubuntu VM, DNS A records for badssl.com. and *.badssl.com. pointing to the VM. Follow the instructions to install Docker.

https://badssl.com
https://github.com/chromium/badssl.com

Tags
Implementation
License
Platform

   




Related Projects

Nogotofail - Network Security Testing Tool

  •    Python

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

Iridium Browser - A browser securing your privacy. That’s it.

  •    C

Iridium is a free, open, and libre browser modification of the Chromium code base, with privacy being enhanced in several key areas. Automatic transmission of partial queries, keywords, metrics to central services inhibited and only occurs with consent. In addition, all our builds are reproducible, and modifications are auditable, setting the project ahead of other secure browser providers.

wolfssl - (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud

  •    C

The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support.

hyperfox - HTTP/HTTPs MITM proxy and traffic recorder with on-the-fly TLS cert generation.

  •    Go

Hyperfox is a security tool for proxying and recording HTTP and HTTPs communications on a LAN. Hyperfox is capable of forging SSL certificates on the fly if you provide it with a root CA certificate and its corresponding key. If the target machine recognizes the root CA as trusted, then HTTPs traffic can be successfully decrypted, intercepted and recorded.

testssl.sh - Testing TLS/SSL encryption anywhere on any port

  •    Shell

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. Or help yourself downloading the ZIP archive https://github.com/drwetter/testssl.sh/archive/2.9dev.zip. testssl.sh --help will give you some help upfront. More help: see doc directory with man pages. Older sample runs are at https://testssl.sh/.


taiko - A node.js library to automate chrome/chromium browser

  •    Javascript

Taiko is a free and open source browser automation tool built by the team behind Gauge from ThoughtWorks. Taiko is a node library with a clear and concise API to automate the chrome browser. Tests written in Taiko are highly readable and maintainable. Taiko’s smart selectors make tests reliable by adapting to changes in the structure of your web application. With Taiko there’s no need for id/css/xpath selectors or adding explicit waits (for XHR requests) in test scripts.

mitmproxy - Intercept HTTP traffic for penetration testing

  •    Python

mitmproxy is an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. mitmproxy is an interactive, SSL-capable intercepting proxy with a console interface. mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP. mitmweb is a web-based interface for mitmproxy.

sinon-chrome - Testing chrome extensions with Node.js

  •    Javascript

Sinon-chrome is helper tool for unit-testing chromium and Firefox extensions and apps. It mocks all extensions api with sinon stubs that allows you to run tests in Node.js without actual browser. API mocks are generated using official chromium extensions API (Firefox webextensions) schemas that ensures consistency with real API. Actual schemas are taken from Chrome 53 and Firefox 49.

s2n - an implementation of the TLS/SSL protocols from Amazon

  •    C

s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority. s2n implements SSLv3, TLS1.0, TLS1.1, and TLS1.2. For encryption, s2n supports 128-bit and 256-bit AES, in the CBC and GCM modes, 3DES, and RC4. For forward secrecy, s2n supports both DHE and ECDHE.

sslyze - Fast and powerful SSL/TLS server scanning library.

  •    Python

Fast and powerful SSL/TLS server scanning library for Python 2.7 and 3.4+. SSLyze is a Python library and a CLI tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL/TLS servers.

freshplayerplugin - ppapi2npapi compatibility layer

  •    C

PPAPI-host NPAPI-plugin adapter. As you know, Adobe have suspended further development of Flash player plugin for GNU/Linux. Latest available as an NPAPI plugin version 11.2 will get security updates for five years (since its release on May 4th, 2012), but further development have been ceased. Fortunately or not, newer versions are still available for Linux as a part of Chrome browser, where Flash comes bundled in a form of PPAPI plugin. PPAPI or Pepper Plugin API is an interface promoted by Chromium/Chrome team for browser plugins. It's NPAPI-inspired yet significantly different API which have every conceivable function plugin may want. Two-dimensional graphics, OpenGL ES, font rendering, network access, audio, and so on. It's huge, there are 111 groups of functions, called interfaces which todays Chromium browser offers to plugins. Although specs are not final yet, and new interface versions are arising, with some older ones getting deleted; rate of change have significantly slowed down.

OpenSSL - Toolkit for SSL and TLS

  •    C

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

bettercap - A complete, modular, portable and easily extensible MITM framework.

  •    Ruby

bettercap is a complete, modular, portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack. All dependencies will be automatically installed through the RubyGems system but in some cases you might need to install some system dependency in order to make everything work.

PolarSSL library - Crypto and SSL made easy

  •    C

Download PolarSSL PolarSSL is an SSL library written in ANSI C. PolarSSL makes it easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) products with as little hassle as possible. It is designed to be readable, documented, tested, loosely coupled and portable. It supports Symmetric encryption algorithms, hash algorithms, RSA with PKCS and X.509 certificate, SSL and TLS.

ghostunnel - A simple SSL/TLS proxy with mutual authentication for securing non-TLS services

  •    Go

Ghostunnel is a simple TLS proxy with mutual authentication support for securing non-TLS backend applications.Ghostunnel supports two modes, client mode and server mode. Ghostunnel in server mode runs in front of a backend server and accepts TLS-secured connections, which are then proxied to the (insecure) backend. A backend can be a TCP domain/port or a UNIX domain socket. Ghostunnel in client mode accepts (insecure) connections through a TCP or UNIX domain socket and proxies them to a TLS-secured service. In other words, ghostunnel is a replacement for stunnel.

hihat - :tophat: local Node/Browser development with Chrome DevTools

  •    Javascript

Runs a source file in a Chrome DevTools process. Saving the file will reload the tab.This is useful for locally unit testing browser code with the full range of Web APIs (WebGL, WebAudio, etc). It provides access to profiling, debugger statements, network requests, and so forth.

hs-tls - TLS/SSL implementation in haskell

  •    Haskell

This library provides native Haskell TLS and SSL protocol implementation for server and client. This provides a high-level implementation of a sensitive security protocol, eliminating a common set of security issues through the use of the advanced type system, high level constructions and common Haskell features.

pem - Create private keys and certificates with node.js

  •    Javascript

Here are some examples for creating an SSL key/cert on the fly, and running an HTTPS server on port 443. 443 is the standard HTTPS port, but requires root permissions on most systems. To get around this, you could use a higher port number, like 4300, and use https://localhost:4300 to access your server. Please have a look into the API documentation.

KeyBox - Web-based SSH console that centrally manages administrative access to systems

  •    Java

KeyBox is an open-source web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding.