###Security Headers Tool
This repository contains a set of Python scripts designed to check the presence and configuration of security HTTP headers in web server responses.
Table of Contents Installation Scripts Overview
- check_headers.py
- check_specific_header.py
- check_specific_headerr.py
- enhanced_security_header_checker.py
- security_headers_checker.py
- spider.py
check_headers.py: Analyzes HTTP response headers for security settings. check_specific_header.py: Checks for specific security headers in HTTP responses. check_specific_headerr.py: Checks for specific security headers in HTTP responses using URLs from a file. enhanced_security_header_checker.py: Performs enhanced security header checks on a given URL. security_headers_checker.py: Checks for predefined security headers in the response headers of a specified URL. spider.py: Web crawler to collect URLs for testing
The tool checks for the following security headers and explains their significance:
- Content-Security-Policy (CSP): Specifies approved sources for content, protecting against XSS and data injection attacks.
- X-XSS-Protection: Enables or disables the browser's XSS protection.
- Strict-Transport-Security (HSTS): Ensures that browsers only access a website over HTTPS, preventing protocol downgrade attacks.
- X-Frame-Options: Prevents clickjacking attacks by controlling if and how a page can be loaded within a frame or iframe.
- X-Content-Type-Options: Prevents browsers from MIME-sniffing a response away from the declared content type.
- Referrer-Policy: Controls how much referrer information is included with requests.
Each security header contributes to enhancing the security posture of a web application by mitigating specific types of attacks.
To use the scripts, ensure you have Python installed. Install any required dependencies with:
- Python 3.x installed on your system.
-
Clone the Repository:
git clone https://github.com/Cipherkrish69x/security-headers-tool.git cd security-headers-tool -
Install Requirements:
Ensure you have Python 3 installed. Install the required Python packages using pip:
pip install -r requirements.txt
-
- pip install requests
- pip install requests argparse
-- python check_headers.py --urls-file urls.txt --headers-file headers.txt --output-file output.json This script checks the presence of specified HTTP headers in the response headers of a single URL.
Benefits of JSON Output: Data Persistence: JSON output allows for persistent storage and retrieval of results. Portability: JSON files can be easily shared and transported between different systems. Flexibility: JSON output can be processed and analyzed using a wide range of tools and libraries.
Use the --help Option: Incorporate a built-in help menu (--help option) using argparse
- python check_headers.py --help
Usage:
python3 check_headers.py --urls-file urls.txt --headers-file headers.txt --output-file results.json--urls-file: Path to a text file containing URLs to check.--headers-file: Path to a text file containing HTTP headers to verify.--output-file: (Optional) Path to save the JSON results.
Checks the presence of a specific HTTP header in the response headers of multiple URLs.
Usage:
python3 check_specific_header.py- You will be prompted to enter the header name and URLs separated by spaces.
Similar to check_specific_header.py, but reads URLs from a file (urls.txt).
Usage:
python3 check_specific_headerr.py- Reads URLs from the
urls.txtfile and prompts for the header name.
-- python enhanced_security_header_checker.py https://example.com --output-file result.txt
Performs enhanced security header checks on a single URL.
Usage:
python3 enhanced_security_header_checker.py <url> --output-file output.txt- Replace
<url>with the URL you want to check. - Use
--output-fileto specify a file to save the results.
Checks for the presence and configuration of a set of predefined security headers in a given URL.
Usage:
python3 security_headers_checker.py- You will be prompted to enter the URL you want to test.
- Alla Krishna Vamsi Reddy (GitHub Profile)
- GitHub: Cipherkrish69x
This project is licensed under the MIT License.