Convert Figma logo to code with AI

google logonogotofail

An on-path blackbox network traffic security testing tool

2,935
418
2,935
33

Top Related Projects

Easy SSL pinning validation and reporting for iOS, macOS, tvOS and watchOS.

3,249

Fast and powerful SSL/TLS scanning library.

Testing TLS/SSL encryption anywhere on any port

Quick Overview

Nogotofail is a network security testing tool developed by Google. It is designed to help developers and security researchers find and fix TLS/SSL vulnerabilities in applications and devices. The tool can be used to test network traffic for known security issues and misconfigurations.

Pros

  • Comprehensive testing for various network security vulnerabilities
  • Supports both client-side and server-side testing
  • Highly customizable and extensible
  • Open-source and actively maintained by Google

Cons

  • Requires some technical expertise to set up and use effectively
  • May generate false positives in certain scenarios
  • Documentation could be more extensive for advanced use cases
  • Limited support for newer protocols and encryption methods

Getting Started

To get started with Nogotofail:

  1. Clone the repository:

    git clone https://github.com/google/nogotofail.git
    
  2. Install dependencies:

    cd nogotofail
    pip install -r requirements.txt
    
  3. Run the MitM server:

    python nogotofail/mitm/start.py
    
  4. Configure your device or application to use the Nogotofail proxy for testing.

  5. Analyze the results and address any identified vulnerabilities.

For more detailed instructions and advanced usage, refer to the project's documentation on GitHub.

Competitor Comparisons

Easy SSL pinning validation and reporting for iOS, macOS, tvOS and watchOS.

Pros of TrustKit

  • Focused on SSL/TLS pinning for iOS and macOS applications
  • Easier to integrate into existing mobile apps
  • Provides runtime reporting and monitoring capabilities

Cons of TrustKit

  • Limited to iOS and macOS platforms
  • Narrower scope, focusing primarily on certificate pinning
  • Less comprehensive network security testing compared to nogotofail

Code Comparison

TrustKit (Swift):

let trustKitConfig = [
    kTSKSwizzleNetworkDelegates: false,
    kTSKPinnedDomains: [
        "www.example.com": [
            kTSKPublicKeyAlgorithms: [kTSKAlgorithmRsa2048],
            kTSKPublicKeyHashes: [
                "HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY=",
                "0SDf3cRToyZJaMsoS17oF72VMavLxj/N7WBNasNuiR8="
            ]
        ]
    ]
]

nogotofail (Python):

class AttackPlugin(object):
    name = "Example Attack"
    description = "An example attack plugin"
    
    def on_request(self, request):
        # Modify request or perform actions
        pass
    
    def on_response(self, response):
        # Modify response or perform actions
        pass

The code snippets highlight the different focus areas of the two projects. TrustKit emphasizes certificate pinning configuration, while nogotofail provides a framework for creating custom network attack plugins.

3,249

Fast and powerful SSL/TLS scanning library.

Pros of SSLyze

  • Focused specifically on SSL/TLS scanning and analysis
  • Provides detailed reports on SSL/TLS configuration issues
  • Supports scanning multiple servers simultaneously

Cons of SSLyze

  • Limited to SSL/TLS vulnerabilities, not a comprehensive network security tool
  • May require more technical knowledge to interpret results

Code Comparison

SSLyze (Python):

from sslyze import ServerNetworkLocationViaDirectConnection, ServerConnectivityTester, Scanner, ServerScanRequest, ScanCommand

server_location = ServerNetworkLocationViaDirectConnection("example.com", 443)
server_info = ServerConnectivityTester().perform(server_location)
scanner = Scanner()
scan_request = ServerScanRequest(server_info=server_info, scan_commands={ScanCommand.CERTIFICATE_INFO, ScanCommand.SSL_2_0_CIPHER_SUITES})

Nogotofail (Python):

from nogotofail.mitm import MITMProxy
from nogotofail.mitm.connection import handlers

proxy = MITMProxy()
proxy.add_handler(handlers.LoggingHandler())
proxy.add_handler(handlers.SSLStrippingHandler())
proxy.start()

Both tools focus on network security, but SSLyze specializes in SSL/TLS analysis, while Nogotofail offers a broader range of network attack simulations. SSLyze provides more in-depth SSL/TLS vulnerability scanning, while Nogotofail is designed for testing various network security aspects beyond just SSL/TLS.

Testing TLS/SSL encryption anywhere on any port

Pros of testssl.sh

  • More comprehensive SSL/TLS testing capabilities, including cipher suite analysis and protocol support checks
  • Actively maintained with frequent updates and a large community of contributors
  • Can be run as a standalone script without complex setup or dependencies

Cons of testssl.sh

  • Focused solely on SSL/TLS testing, lacking the broader network security features of nogotofail
  • May require more manual interpretation of results compared to nogotofail's automated analysis

Code Comparison

testssl.sh:

#!/usr/bin/env bash
# testssl.sh - Testing TLS/SSL encryption anywhere on any port
TESTSSL_INSTALL_DIR="$(dirname "$0")"
PROG_NAME="$(basename "$0")"

nogotofail:

#!/usr/bin/env python

import sys
from nogotofail.mitm import MITMProxy
from nogotofail.mitm.connection import handlers

Summary

testssl.sh is a specialized tool for in-depth SSL/TLS testing, offering comprehensive analysis of server configurations. It's easy to use and regularly updated. nogotofail, on the other hand, provides a broader range of network security testing features, including MitM attack simulation. While testssl.sh excels in SSL/TLS-specific tests, nogotofail offers a more holistic approach to network security assessment.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

nogotofail

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

Design

Nogotofail is composed of an on-path network MiTM and optional clients for the devices being tested. See docs/design.md for the overview and design goals of nogotofail.

Dependencies

Nogotofail depends only on Python 2.7 and pyOpenSSL>=0.13. The MiTM is designed to work on Linux machines and the transparent traffic capture modes are Linux specific and require iptables as well.

Additionally the Linux client depends on psutil.

Getting started

See docs/getting_started.md for setup and a walkthrough of nogotofail.

Discussion

For discussion please use our nogotofail Google Group.