Scan domains and return data based on HTTPS best practices

Check any website (or set of websites) for insecure security headers.

Internet standards compliance test suite

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…

Forced Man-In-The-Middle HTTPs-Avoiding Reverse Proxy

An open-source modular framework capable of identifying a wide range of TLS vulnerabilities and assessing compliance with multiple guidelines. Its actionable report can assist the user in correctly and easily fixing their configurations.

A tool to parse Firefox and Chrome HSTS databases into forensic artifacts!

Chromium HSTS Preload list as a Python package and updated daily.

Webserver vulnerable to HSTS header injection

Personal collection of networking tools and scripts

Python module for scanning websites for network information, such as IP addresses, TLS support, and reverse DNS records.

I code simple tools that I can use in penetration test. hsts-chechker, virustotal subdomain checker, basic auth bruter.