/simple-security-headers

Simple tool for checking HTTP headers, cookies and technology

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

Simple Security Headers

Simple tool for checking HTTP headers, cookies and technology

Security HTTP headers checked

  • Content-Security-Policy (CSP)
  • Feature-Policy
  • Strict-Transport-Security (HSTS)
  • X-Frame-Options
  • X-Content-Type-Options
  • X-XSS-Protection
  • Referrer-Policy

Cookie attributes checked

  • Expires
  • HttpOnly
  • Secure
  • Path=/

Basic technology identification

Performs a basic technology identification using the apps.json file from Wappalyzer.

Usage

usage: simple-security-headers.py [-h] -u URL [--verify] [--verbose]

output

This basic tool is inspired by CrossHead project from alvarodh5 and Cristian Barrientos. Definitions are from securityheaders.com