Top Related Projects
Easy SSL pinning validation and reporting for iOS, macOS, tvOS and watchOS.
Fast and powerful SSL/TLS scanning library.
Testing TLS/SSL encryption anywhere on any port
Quick Overview
Nogotofail is a network security testing tool developed by Google. It is designed to help developers and security researchers find and fix TLS/SSL vulnerabilities in applications and devices. The tool can be used to test network traffic for known security issues and misconfigurations.
Pros
- Comprehensive testing for various network security vulnerabilities
- Supports both client-side and server-side testing
- Highly customizable and extensible
- Open-source and actively maintained by Google
Cons
- Requires some technical expertise to set up and use effectively
- May generate false positives in certain scenarios
- Documentation could be more extensive for advanced use cases
- Limited support for newer protocols and encryption methods
Getting Started
To get started with Nogotofail:
-
Clone the repository:
git clone https://github.com/google/nogotofail.git
-
Install dependencies:
cd nogotofail pip install -r requirements.txt
-
Run the MitM server:
python nogotofail/mitm/start.py
-
Configure your device or application to use the Nogotofail proxy for testing.
-
Analyze the results and address any identified vulnerabilities.
For more detailed instructions and advanced usage, refer to the project's documentation on GitHub.
Competitor Comparisons
Easy SSL pinning validation and reporting for iOS, macOS, tvOS and watchOS.
Pros of TrustKit
- Focused on SSL/TLS pinning for iOS and macOS applications
- Easier to integrate into existing mobile apps
- Provides runtime reporting and monitoring capabilities
Cons of TrustKit
- Limited to iOS and macOS platforms
- Narrower scope, focusing primarily on certificate pinning
- Less comprehensive network security testing compared to nogotofail
Code Comparison
TrustKit (Swift):
let trustKitConfig = [
kTSKSwizzleNetworkDelegates: false,
kTSKPinnedDomains: [
"www.example.com": [
kTSKPublicKeyAlgorithms: [kTSKAlgorithmRsa2048],
kTSKPublicKeyHashes: [
"HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY=",
"0SDf3cRToyZJaMsoS17oF72VMavLxj/N7WBNasNuiR8="
]
]
]
]
nogotofail (Python):
class AttackPlugin(object):
name = "Example Attack"
description = "An example attack plugin"
def on_request(self, request):
# Modify request or perform actions
pass
def on_response(self, response):
# Modify response or perform actions
pass
The code snippets highlight the different focus areas of the two projects. TrustKit emphasizes certificate pinning configuration, while nogotofail provides a framework for creating custom network attack plugins.
Fast and powerful SSL/TLS scanning library.
Pros of SSLyze
- Focused specifically on SSL/TLS scanning and analysis
- Provides detailed reports on SSL/TLS configuration issues
- Supports scanning multiple servers simultaneously
Cons of SSLyze
- Limited to SSL/TLS vulnerabilities, not a comprehensive network security tool
- May require more technical knowledge to interpret results
Code Comparison
SSLyze (Python):
from sslyze import ServerNetworkLocationViaDirectConnection, ServerConnectivityTester, Scanner, ServerScanRequest, ScanCommand
server_location = ServerNetworkLocationViaDirectConnection("example.com", 443)
server_info = ServerConnectivityTester().perform(server_location)
scanner = Scanner()
scan_request = ServerScanRequest(server_info=server_info, scan_commands={ScanCommand.CERTIFICATE_INFO, ScanCommand.SSL_2_0_CIPHER_SUITES})
Nogotofail (Python):
from nogotofail.mitm import MITMProxy
from nogotofail.mitm.connection import handlers
proxy = MITMProxy()
proxy.add_handler(handlers.LoggingHandler())
proxy.add_handler(handlers.SSLStrippingHandler())
proxy.start()
Both tools focus on network security, but SSLyze specializes in SSL/TLS analysis, while Nogotofail offers a broader range of network attack simulations. SSLyze provides more in-depth SSL/TLS vulnerability scanning, while Nogotofail is designed for testing various network security aspects beyond just SSL/TLS.
Testing TLS/SSL encryption anywhere on any port
Pros of testssl.sh
- More comprehensive SSL/TLS testing capabilities, including cipher suite analysis and protocol support checks
- Actively maintained with frequent updates and a large community of contributors
- Can be run as a standalone script without complex setup or dependencies
Cons of testssl.sh
- Focused solely on SSL/TLS testing, lacking the broader network security features of nogotofail
- May require more manual interpretation of results compared to nogotofail's automated analysis
Code Comparison
testssl.sh:
#!/usr/bin/env bash
# testssl.sh - Testing TLS/SSL encryption anywhere on any port
TESTSSL_INSTALL_DIR="$(dirname "$0")"
PROG_NAME="$(basename "$0")"
nogotofail:
#!/usr/bin/env python
import sys
from nogotofail.mitm import MITMProxy
from nogotofail.mitm.connection import handlers
Summary
testssl.sh is a specialized tool for in-depth SSL/TLS testing, offering comprehensive analysis of server configurations. It's easy to use and regularly updated. nogotofail, on the other hand, provides a broader range of network security testing features, including MitM attack simulation. While testssl.sh excels in SSL/TLS-specific tests, nogotofail offers a more holistic approach to network security assessment.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
nogotofail
Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.
Design
Nogotofail is composed of an on-path network MiTM and optional clients for the devices being tested. See docs/design.md for the overview and design goals of nogotofail.
Dependencies
Nogotofail depends only on Python 2.7 and pyOpenSSL>=0.13. The MiTM is designed to work on Linux machines and the transparent traffic capture modes are Linux specific and require iptables as well.
Additionally the Linux client depends on psutil.
Getting started
See docs/getting_started.md for setup and a walkthrough of nogotofail.
Discussion
For discussion please use our nogotofail Google Group.
Top Related Projects
Easy SSL pinning validation and reporting for iOS, macOS, tvOS and watchOS.
Fast and powerful SSL/TLS scanning library.
Testing TLS/SSL encryption anywhere on any port
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot