SSL-audit 0.2

A security related tool that helps finding weak rsa/dsa keys.
SSL-audit is a security related tool that helps finding weak rsa/dsa keys as they are produced by corrupt Debian OpenSSL packages. Since this problem may affect other platforms indirectly, ssl-audit supports Windows and OSX, too.

ssl-audit is heavily inspired by by Florian Weimer. Unfortunately this has some major drawbacks: it is tailored towards a typical Unix/Linux environment, per default only scans according to Debian/Linux directory structure, and does not support other platform types like Windows.

Main features:

  • Platform independent: available for Unix, Windows and Mac OSX
  • Does not requires other tools like openssl or ssh to be installed.
  • Supported Keytypes: X.509/SSL: Certificates, Certificate Signing Requests (CSR), Private Keys (PEM), SSH: user identities (user keys), host keys, known-hosts files. OpenVPN: OpenVPN private key files
  • Supports scanning local files.
  • Blacklists are documented on a separate page.
  • Flexible: Keys and certificates are read directly. Prepared for other sources: other filetypes, Windows registry, a SSL/TLS connection, Much smaller blacklist, since we use a single fingerprinting algorithm independent of the key source. (This has to be researched).

last updated on:
September 8th, 2008, 1:54 GMT
developed by:
Hartmut Goebel
license type:
GPL v3 
ROOT \ Security


In a hurry? Add it to your Download Basket!

user rating



Add your review!