-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathheadercheck.py
80 lines (61 loc) · 2.6 KB
/
headercheck.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
import argparse
"""Used to parse command line arguments"""
import urllib3
class HeaderExpectedItem:
def __init__(self, header, expected, message, risk):
self.header = header
self.expected = expected
self.message = message
self.risk = risk
def printitem(self):
print(self.header)
print(self.expected)
print(self.message)
print(self.risk)
class HeaderResultItem:
def __init__(self, url, rawheader, headerexpecteditems):
self.url = url
self.rawheader = rawheader
self.headerexpecteditems = headerexpecteditems
def valid_url(url):
print('Validating Url: ' + url )
return True
def scan_url(url, expectedHeaders):
print('Scanning Url' + url)
http = urllib3.PoolManager()
response = http.request('GET', url)
print('---Response---')
print(response.status)
print(response.headers)
for k in response.headers:
print(k)
print(response.headers[k])
def initialize():
"""Used the guidance provided here https://blog.appcanary.com/2017/http-security-headers.html to create this list"""
headers = []
headers.append(HeaderExpectedItem('X-Frame-Options', 'testing2', 'testing3', 'testing4'))
headers.append(HeaderExpectedItem('X-XSS-Protection', 'testing2', 'testing3', 'testing4'))
headers.append(HeaderExpectedItem('Content-Security-Policy', 'testing2', 'testing3', 'testing4'))
headers.append(HeaderExpectedItem('Strict-Transport-Security', 'testing2', 'testing3', 'testing4'))
headers.append(HeaderExpectedItem('Public-Key-Pins', 'testing2', 'testing3', 'testing4'))
headers.append(HeaderExpectedItem('X-Frame-Options', 'testing2', 'testing3', 'testing4'))
headers.append(HeaderExpectedItem('X-Content-Type-Options', 'testing2', 'testing3', 'testing4'))
headers.append(HeaderExpectedItem('Referrer-Policy', 'testing2', 'testing3', 'testing4'))
headers.append(HeaderExpectedItem('Set-Cookie', 'testing2', 'testing3', 'testing4'))
return headers
def main():
"""Application entry point"""
parser = argparse.ArgumentParser(description='Http Header Security Scanner')
parser.add_argument('-s', '--scan', action='store_true', help='Scans the specified url')
parser.add_argument('-u', '--URL', help='The Url to be checked')
args = parser.parse_args()
if args.scan:
expectedheaders = initialize()
valid_url(args.URL)
scan_url(args.URL, expectedheaders)
# for item in expectedheaders:
# print(item.printitem())
else:
print('Not going to scan')
if __name__ == '__main__':
main()