July 13, 2016 the DeepViolet TLS/SSL DAST tool became an OWASP incubator project. I started this project some time back for my own purposes. I always intended to share this code publicly but I seriously never considered it would be useful to anyone. Mostly since such great like OpenSSL and Qualys already exist. It became apparent after being contacted by interested developers and operational teams that there's still some room to contribute with a new tool in this space. I petitioned OWASP to add DeepViolet as an OWASP project to increase visibility and attempt to build a team of like minded developers willing to invest in DeepViolet and build a tool we can all use.
So what can you do with DeepViolet?
A picture is worth a thousand words so here is a sample of some of the scanning output.
|Photo 2: DeepViolet Desktop Application View|
DeepViolet can also be run from the command line and included in your shell scripts. A sample of the output looks like the following.
DeepViolet can also be included in your own projects as an API. For more information about DeepViolet refer to the following information.
OWASP DeepViolet TLS/SSL Scanner Code Project, main OWASP project landing page.
DeepViolet GitHub Project Page, main landing page for GitHub project code/documentation.
DOWNLOAD, current release binaries.