riramar / hsecscan Goto Github PK

Traceback (most recent call last):
File "/usr/local/bin/hsecscan", line 5, in
from hsecscan.hsecscan import main
File "/usr/local/lib/python3.7/dist-packages/hsecscan/hsecscan.py", line 19
print '>> REDIRECT INFO <<'
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print('>> REDIRECT INFO <<')?

>> RESPONSE HEADERS DETAILS << Traceback (most recent call last): File "/usr/bin/hsecscan.py", line 137, in <module> main() File "/usr/bin/hsecscan.py", line 132, in main scan(args.URL, args.redirect, args.useragent, args.postdata, args.proxy) File "/usr/bin/hsecscan.py", line 104, in scan check_header(header) File "/usr/bin/hsecscan.py", line 52, in check_header cur.execute('SELECT "Header Field Name", "Reference", "Security Description", "Security Reference", "Recommendations", "CWE", "CWE URL" FROM headers WHERE "Enable" = "Y" AND "Header Field Name" = ? COLLATE NOCASE', t) sqlite3.OperationalError: no such table: headers

hmm... I think I'm doing something wrong here...

Hi,

First, thanks you very much for this very useful script and the amazing OWASP Security Headers project.

Do you that think that it will be possible to add a running mode to the script in order to allow to run it in a CI/CD process in order to give the following feedback to Dev + Ops teams in a JSON output:

• What are the missing security headers according to the OWASP Security Headers project recommendations?
• What are the misconfigured or too open configured security headers according to the OWASP Security Headers project recommendations?

Thanks you very much in advance 😃

Hello,

nice work!
Maybe you coud take into account certificate validation (SSL: CERTIFICATE_VERIFY_FAILED) because the program fails when such thing happens. Maybe this could be added as another information and try to do the other checks even the certificate is not valid.

Best regards!

Are you planning on porting this to Python 3?

How is hsecscan.db created/populated? I don't see any population code. In that case, I suggest that the database is moved to some other format, like YAML or JSON.

I am enjoyable to run it on our website, but I should log in with my user and password

so how can I add my user & password on the command line?

Waiting for your response

Thanks

We are getting the below error , any help greatly appreciated

hsecscan -i -u https://google.com
Traceback (most recent call last):
  File "/usr/local/bin/hsecscan", line 11, in <module>
    load_entry_point('hsecscan==0.0.1', 'console_scripts', 'hsecscan')()
  File "/usr/local/lib/python3.5/dist-packages/pkg_resources/__init__.py", line 479, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/local/lib/python3.5/dist-packages/pkg_resources/__init__.py", line 2703, in load_entry_point
    return ep.load()
  File "/usr/local/lib/python3.5/dist-packages/pkg_resources/__init__.py", line 2321, in load
    return self.resolve()
  File "/usr/local/lib/python3.5/dist-packages/pkg_resources/__init__.py", line 2327, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/local/lib/python3.5/dist-packages/hsecscan/hsecscan.py", line 19
    print '>> REDIRECT INFO <<'
                              ^
SyntaxError: Missing parentheses in call to 'print'