Documentation | API JavaDoc | Changes from Upstream | Reference Tools
DeepViolet is a TLS/SSL scanning API written in Java. It provides programmatic introspection of TLS/SSL connections, including certificate chain analysis, cipher suite enumeration, risk scoring, TLS fingerprinting, DNS security checks (CAA, DANE/TLSA), certificate revocation verification (OCSP, CRL, CT), and support for multiple naming conventions (IANA, OpenSSL, GnuTLS, NSS). Protocols SSLv2 through TLS 1.3 are supported. Multi-host scanning with configurable concurrency, cooperative pause/cancel, event-driven monitoring, and flexible target parsing (hostnames, IPs, CIDR, IP ranges) are also available.
GUI and command-line reference tools that consume this API are available in the DeepVioletTools project.
- Java 21 or higher
- Apache Maven 3.6.3 or higher
mvn clean verifyBuild the JAR:
mvn packageThe JAR will be in target/DeepViolet-5.1.18-SNAPSHOT.jar. Add it to your project as a local dependency in your pom.xml:
<dependency>
<groupId>com.github.spoofzu</groupId>
<artifactId>DeepViolet</artifactId>
<version>5.1.18-SNAPSHOT</version>
<scope>system</scope>
<systemPath>${project.basedir}/lib/DeepViolet-5.1.18-SNAPSHOT.jar</systemPath>
</dependency>A standalone tool that compares DV API results against openssl for the same server, field-by-field:
mvn package -Pvalidate
java -jar target/DeepViolet-5.1.18-SNAPSHOT-validate.jar google.com
java -jar target/DeepViolet-5.1.18-SNAPSHOT-validate.jar expired.badssl.com
java -jar target/DeepViolet-5.1.18-SNAPSHOT-validate.jar --json github.comCompares 17 fields (subjectDN, issuerDN, serialNumber, version, signingAlgorithm, publicKeyAlgorithm, publicKeySize, publicKeyCurve, notValidBefore, notValidAfter, isSelfSigned, sanCount, fingerprint, negotiatedProtocol, negotiatedCipher, chainLength, ocspStapling) with automatic normalization for cross-tool differences. For bad-cert servers, verifies that DV correctly rejects the connection while openssl shows why. Requires openssl installed locally.
See docs/DeepViolet.md for architecture, features, building, API usage, and contributing guidelines.
DeepViolet was previously an OWASP project but is no longer affiliated with OWASP.
This tool implements ideas, code, and takes inspiration from other projects and leaders like: Qualys SSL Labs, Ivan Ristic, OpenSSL, and Oracle's Java Security Team. Original default cipher suite meta was are derived from Mozilla Server Side TLS v5.7 guidelines. TLS/SSL raw socket adapted from code examples by Thomas Pornin. Significant development contributions by Claude Code from Anthropic.
This project leverages the works of other open source community projects and is provided for educational purposes. Use at your own risk.
The author is an employee of Oracle Corporation. This project is a personal endeavor and is not affiliated with, sponsored by, or endorsed by Oracle. All views and code are the author's own.