Check a URL for security headers
shcheck examines the HTTP response headers and source code for a variety of security headers. Basically a command line version of https://securityheaders.io with a few bonus features.
Download the latest release from https://github.com/jakewarren/shcheck/releases
go get github.com/jakewarren/shcheck
cd $GOPATH/src/github.com/jakewarren/shcheck
go run bootstrap.go
This will download the code into your GOPATH, and then run the bootstrap script to build mage with version infomation embedded in it. A normal go get (without -d) will build the binary correctly, but no version info will be embedded. If you've done this, no worries, just go to $GOPATH/src/github.com/jakewarren/shcheck and run mage install or go run bootstrap.go and a new binary will be created with the correct version information.
The shcheck binary will be created in your $GOPATH/bin directory.
Usage: shcheck [<flags>] <URL to scan>
Optional flags:
-A, --agent string user agent to use for requests (default "shcheck/v1.0.0")
-h, --help display help
-i, --insecure disable SSL certificate validation
-v, --verbose display full info about headers
-V, --version display version
@traviscampbell - thanks for his contributions
meliot/shcheck - inspiration for the output format
riramar/hsecscan - inspiration for the verbose output format
All notable changes to this project will be documented in the changelog.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
MIT © 2017 Jake Warren