A tool to checking headers that reveal information
wget https://raw.githubusercontent.com/BrunoThums/HeaderCheck/main/setup.sh; chmod +x setup.sh; sudo ./setup.sh
- You can pass a URL or a file with URLs without any treatment:
- No need to pass http:// or https://
No need to pass www(coming soon)- No port required
- Don't worry about duplicates
- Don't worry about directories
- hc file_with_urls
- hc single_URL
- OBS: if there's some URLs with errors, save to a file and run the auxiliary script:
hc_h file(the extra data or status code come from redirects, stay aware)
- (Obviously) check some headers of a single URL or a file of URLs []
- Convert URL from http to https
- Add https:// to every URL (if there's none)
- Add port 80 and 443 to URL that doesn't contain a port especified (optionally)
- Get rid off for duplicates in file
- Show which URL's don't have:
- Content-Security-Police
- Strict-Transport-Security
--all-headersor-h-> show all headers (yep, like a normal response header)--no-portsor-np-> don't add ports 80 and 443, let it handle automatically--no-csp-hstsor-nr-> don't verify CSP or HSTS--debugor-d-> show detailed errors--show-instant-errorsor-si-> show, at the instant, connection errors- All parameters are False by default
- As it is an automated software, there may be inconsistencies. It is interesting to print the headers directly in the browser. The tool is just for automating the process of finding specific headers (or lack thereof)
- termcolor lib
- ASCII Generator (this theme: slant)
- How to print an ASCII image?
- (bash) Save in a txt, type
cat image.txt | gzip | base64in terminal, copy and paste into scriptbase64 -d <<<"yourBase64image" | gunzip(that's it, only ctrl+v, don't add new lines or remove new lines, leaves as it is) - (python) Add a bunch of print's for each line
- (bash) Save in a txt, type
- Remove www from URLs
- Add (more) custom message for invalid host or error
- Check for duplicates in URL report error list
sudo rm /usr/bin/hc; sudo rm /usr/bin/hc_h