GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → rfc-st → humble

rfc-st / humble

Licence: MIT license
A humble, and fast, security-oriented HTTP headers analyzer

Programming Languages

python
139335 projects - #7 most used programming language

Labels

checklisthttpsecuritysecurity-auditanalysiscybersecurityheaderssecurity-scannersecurity-toolsheader-parser

Projects that are alternatives of or similar to humble

Vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+51923.53%)
Mutual labels:  security-audit, cybersecurity, security-scanner
Sherlock
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (+111.76%)
Mutual labels:  security-audit, cybersecurity, security-scanner
Yawast
YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications
Stars: ✭ 181 (+964.71%)
Mutual labels:  security-audit, security-scanner
Replica
Ghidra Analysis Enhancer 🐉
Stars: ✭ 194 (+1041.18%)
Mutual labels:  security-audit, analysis
Rails Security Checklist
🔑 Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)
Stars: ✭ 1,265 (+7341.18%)
Mutual labels:  checklist, security-audit
ad-privileged-audit
Provides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (+147.06%)
Mutual labels:  security-audit, cybersecurity
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (+852.94%)
Mutual labels:  security-audit, security-scanner
Php Security Check List
PHP Security Check List [ EN ] 🌋 ☣️
Stars: ✭ 262 (+1441.18%)
Mutual labels:  checklist, security-audit
seo-audits-toolkit
SEO & Security Audit for Websites. Lighthouse & Security Headers crawler, Sitemap/Keywords/Images Extractor, Summarizer, etc ...
Stars: ✭ 311 (+1729.41%)
Mutual labels:  analysis, headers
phisherprice
All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.
Stars: ✭ 38 (+123.53%)
Mutual labels:  analysis, cybersecurity
Chat-Bot-Security-Checklist
Chat Bot Security Checklist
Stars: ✭ 20 (+17.65%)
Mutual labels:  checklist, security-audit
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+10629.41%)
Mutual labels:  security-audit, security-scanner
Btle Sniffer
Passively scan for Bluetooth Low Energy devices and attempt to fingerprint them
Stars: ✭ 87 (+411.76%)
Mutual labels:  security-audit, security-scanner
Vulscan
Advanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+13458.82%)
Mutual labels:  security-audit, security-scanner
Pest
🐞 Primitive Erlang Security Tool
Stars: ✭ 79 (+364.71%)
Mutual labels:  security-audit, security-scanner
Cobra
Source Code Security Audit (源代码安全审计)
Stars: ✭ 2,802 (+16382.35%)
Mutual labels:  security-audit, security-scanner
SWELF
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
Stars: ✭ 23 (+35.29%)
Mutual labels:  analysis, cybersecurity
Hoper
Security tool to trace URL's jumps across the rel links to obtain the last URL
Stars: ✭ 50 (+194.12%)
Mutual labels:  security-audit, security-scanner
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+53647.06%)
Mutual labels:  security-audit, security-scanner
Personal Security Checklist
🔒 A curated checklist of 300+ tips for protecting digital security and privacy in 2021
Stars: ✭ 2,388 (+13947.06%)
Mutual labels:  checklist, cybersecurity
View All Similar Projects ➔

humble



HTTP Headers Analyzer

"A journey of a thousand miles begins with a single step. - Lao Tzu"

"And if you don't keep your feet, there's no knowing where you might be swept off to. - Bilbo Baggins"

Table of contents

Features
Screenshots
Installation & Update
Usage
Missing Headers Check
Fingerprint Headers Check
Deprecated Headers and Insecure Values Checks
Empty Values Check
Guidelines included
To-Do
Further Reading
Contribute
License

Features

✔️ 15 checks of missing HTTP response headers.
✔️ 211 checks of fingerprinting through HTTP response headers.
✔️ 39 checks of deprecated HTTP response headers/protocols or with values considered insecure.
✔️ Browser compatibility check for enabled security headers.
✔️ Two types of analysis: brief and complete, along with HTTP response headers.
✔️ Export of analysis to html, pdf and txt.
✔️ The analysis includes dozens of references, official documentation and technical articles.
✔️ PEP8 compliant code.
✔️ Tested, one by one, on hundreds of URLs.
✔️ Fully working on Windows (10 20H2 - 19042.985) and Linux (Kali 2021.1).
✔️ Permissive license (MIT).
✔️ Regularly updated.
✔️ Technical resource in the OWASP Secure Headers Project.

Screenshots

.: Brief report (Windows)

Brief Analysis


.: Brief report and retrieved headers (Linux)

Brief analysis + retrieved headers


.: Full report (Linux)

Full analysis


.: Analysis exported to PDF. Example.

Export analysis to PDF


.: Analysis exported to HTML. Example.

Export analysis to HTML


Installation & Update

NOTE: Python 3.6 or higher is required.

# install python3 and python3-pip if not exist
(Windows) https://www.python.org/downloads/windows/
(Linux) if not installed by default, install them via, e.g. Synaptic, apt, dnf, yum ...

# install git
(Windows) https://git-scm.com/download/win
(Linux) https://git-scm.com/download/linux

# clone the repository
$ git clone https://github.com/rfc-st/humble.git

# change the working directory to humble
$ cd humble

# install the requirements
$ pip3 install -r requirements.txt

# update humble (every couple of weeks, inside humble's working directory)
$ git pull

# or download the latest release
https://github.com/rfc-st/humble/releases

Usage

(Windows) $ py humble.py
(Linux)   $ python3 humble.py

usage: humble.py [-h] [-d DOMAIN] [-b] [-o {html,pdf,txt} [-r] [-g] [-v]

humble (HTTP Headers Analyzer) - https://github.com/rfc-st/humble

optional arguments:
  -h, --help         show this help message and exit
  -d DOMAIN          domain to analyze, including schema. E.g., https://google.com
  -r                 show HTTP response headers and full analysis (with references and details)
  -b                 show brief analysis (without references or details)
  -o {html,pdf,txt}  save analysis to file (domain_yyyymmdd.ext)
  -g                 show guidelines on securing most used web servers/services

Missing headers check


Show / Hide
Cache-Control Clear-Site-Data Content-Type
Content-Security-Policy Cross-Origin-Embedder-Policy Cross-Origin-Opener-Policy
Cross-Origin-Resource-Policy Expect-CT NEL
Permissions-Policy Pragma Referrer-Policy
Strict-Transport-Security X-Content-Type-Options X-Frame-Options

Fingerprint headers check

Check this file.

Deprecated headers/protocols and insecure values checks

Check this file.

Empty values check

Any HTTP response header.

Guidelines included to enable security HTTP headers

  • Amazon AWS
  • Apache HTTP Server
  • Cloudflare
  • MaxCDN
  • Microsoft Internet Information Services
  • Nginx

To-do

  • Add more header/value checks (only security-oriented)
  • Add analysis rating
  • Show the application related to each fingerprint header
  • Improve PDF output through fpdf2 library

Further reading

https://caniuse.com/
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
https://github.com/search?q=http+headers+analyze
https://github.com/search?q=http+headers+secure
https://github.com/search?q=http+headers+security
https://owasp.org/www-project-secure-headers/
https://securityheaders.com/
https://scotthelme.co.uk/
https://webtechsurvey.com/common-response-headers
https://www.w3.org

Contribute

Thanks for your time!! :).

License

MIT © 2020-2022 Rafa 'Bluesman' Faura ([email protected])
Original Creator - Rafa 'Bluesman' Faura ([email protected])

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].