riramar / hsecscan Goto Github PK
View Code? Open in Web Editor NEWA security scanner for HTTP response headers.
License: GNU General Public License v2.0
A security scanner for HTTP response headers.
License: GNU General Public License v2.0
Traceback (most recent call last):
File "/usr/local/bin/hsecscan", line 5, in
from hsecscan.hsecscan import main
File "/usr/local/lib/python3.7/dist-packages/hsecscan/hsecscan.py", line 19
print '>> REDIRECT INFO <<'
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print('>> REDIRECT INFO <<')?
>> RESPONSE HEADERS DETAILS << Traceback (most recent call last): File "/usr/bin/hsecscan.py", line 137, in <module> main() File "/usr/bin/hsecscan.py", line 132, in main scan(args.URL, args.redirect, args.useragent, args.postdata, args.proxy) File "/usr/bin/hsecscan.py", line 104, in scan check_header(header) File "/usr/bin/hsecscan.py", line 52, in check_header cur.execute('SELECT "Header Field Name", "Reference", "Security Description", "Security Reference", "Recommendations", "CWE", "CWE URL" FROM headers WHERE "Enable" = "Y" AND "Header Field Name" = ? COLLATE NOCASE', t) sqlite3.OperationalError: no such table: headers
hmm... I think I'm doing something wrong here...
Hi,
First, thanks you very much for this very useful script and the amazing OWASP Security Headers project.
Do you that think that it will be possible to add a running mode to the script in order to allow to run it in a CI/CD process in order to give the following feedback to Dev + Ops teams in a JSON output:
Thanks you very much in advance ๐
Hello,
nice work!
Maybe you coud take into account certificate validation (SSL: CERTIFICATE_VERIFY_FAILED) because the program fails when such thing happens. Maybe this could be added as another information and try to do the other checks even the certificate is not valid.
Best regards!
Are you planning on porting this to Python 3?
How is hsecscan.db created/populated? I don't see any population code. In that case, I suggest that the database is moved to some other format, like YAML or JSON.
I am enjoyable to run it on our website, but I should log in with my user and password
so how can I add my user & password on the command line?
Waiting for your response
Thanks
We are getting the below error , any help greatly appreciated
hsecscan -i -u https://google.com
Traceback (most recent call last):
File "/usr/local/bin/hsecscan", line 11, in <module>
load_entry_point('hsecscan==0.0.1', 'console_scripts', 'hsecscan')()
File "/usr/local/lib/python3.5/dist-packages/pkg_resources/__init__.py", line 479, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/local/lib/python3.5/dist-packages/pkg_resources/__init__.py", line 2703, in load_entry_point
return ep.load()
File "/usr/local/lib/python3.5/dist-packages/pkg_resources/__init__.py", line 2321, in load
return self.resolve()
File "/usr/local/lib/python3.5/dist-packages/pkg_resources/__init__.py", line 2327, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "/usr/local/lib/python3.5/dist-packages/hsecscan/hsecscan.py", line 19
print '>> REDIRECT INFO <<'
^
SyntaxError: Missing parentheses in call to 'print'
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.