-
Notifications
You must be signed in to change notification settings - Fork 33
Home
DeepViolet is a TLS/SSL scanning API written in Java. The API is used to scan HTTPS web servers to check server certificate trust chains, revocation status, check certificates for pending expiration, weak signing algorithms and much more.
DeepViolet is deployed in Maven Central repository. Include the following dependency in your pom.xml,
<dependency>
<groupId>com.github.spoofzu</groupId>
<artifactId>DeepViolet</artifactId>
<version>5.1.10-SNAPSHOT</version>
</dependency>
Already great tools exist today for TLS/SSL scanning like, Qualys Labs, Mozilla Observatory, OpenSSL. Why do I care about DeepViolet? A valid question and one I asked myself. Originally, DeepViolet was written as an educational tool. A tool to learn TLS/SSL protocols and some of the issues around recent attack trends better. The goal was not to develop a TLS/SSL scanner and compete with existing powerful tools. However, it turns out there are few choices for easy to use open source Java TLS/SSL scanning APIs. What better way to learn TLS/SSL and provide other scanning projects with a Java friendly API scanning solution - the DeepViolet project was born.
To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. Review the reference implementations if you want to see how to implement DeepViolet in your projects. The reference cases are also useful to explore DV from the command line in your scripts or use the graphical tool from the comfort of your desktop. The reference cases are in the DeepVioletTools project.