Chopper: An Automated Security Headers Analyzer

Related tags

CLI Tools Chopper
Overview
  ____ _                                 _ 
 / ___| |__   ___  _ __  _ __   ___ _ __| |
| |   | '_ \ / _ \| '_ \| '_ \ / _ \ '__| |
| |___| | | | (_) | |_) | |_) |  __/ |  |_|
 \____|_| |_|\___/| .__/| .__/ \___|_|  (_)
                  |_|   |_|

Chopper - An Automated Security Headers Analyzer

Chopper is a python script to scrape HTTP Headers from the requests. All you need is to supply a valid domain name. Chopper will automatically check for security related headers, thus saving much of your time.

Currently Chopper is able to check the following headers and flags.

  1. Content-Security-Policy
  2. X-XSS-Protection
  3. X-Frame-Headers
  4. X-Content-Type
  5. Strict-Transport-Security
  6. Referrer-Policy
  7. Feature-Policy
  8. Cache-Control Policy
  9. Access-Control-Allow-Origin
  10. Access-Control-Allow-Credentials
  11. HttpOnly Flag
  12. Secure Flag

Chopper also provides with the complete list of headers. Thus, providing a better view of all the headers.

Required Packages

1. Python3
2. Colorama
3. Validators
4. Requests

Installing Dependencies

  • pip install -r requirements.txt
  • python -m pip install -r requirements.txt

Flying The Chopper

python3 Chopper.py http://testphp.vulnweb.com/login.php

  ____ _                                 _ 
 / ___| |__   ___  _ __  _ __   ___ _ __| |
| |   | '_ \ / _ \| '_ \| '_ \ / _ \ '__| |
| |___| | | | (_) | |_) | |_) |  __/ |  |_|
 \____|_| |_|\___/| .__/| .__/ \___|_|  (_)
                  |_|   |_|                

 An Automated Security Headers Analyzer
 ------------------------------
 Coded by Kamran Saifullah - Frog Man
 Twitter: https://twitter.com/deFr0ggy 
 GitHub: https://github.com/deFr0ggy 
 LinkedIn: https://linkedin.com/in/kamransaifullah 

 Usage: ./Chopper.py <http|https://example.com>


Domain: http://testphp.vulnweb.com/login.php

[-] Content-Security-Policy is not in place!
[-] X-XSS-Protection - XSS Protection is not in place!
[-] X-Frame-Headers - ClickJacking Protection is not in place!
[-] X-Content-Type - MIME Sniffing Protection is not in place!
[-] Strict-Transport-Security - Protection is not in place!
[-] Referrer-Policy is not in place!
[-] Feature-Policy is not in place!
[-] Cache-Control Policy is not in place!
[-] Access-Control-Allow-* - CORS Policy is not in place!
[-] HttpOnly Flag is not in place!
[-] Secure Flag is not in place!


[-] Check These Headers Out! 


Server:  nginx/1.19.0
Date:  Sun, 19 Dec 2021 09:15:46 GMT
Content-Type:  text/html; charset=UTF-8
Transfer-Encoding:  chunked
Connection:  keep-alive
X-Powered-By:  PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1
Content-Encoding:  gzip
You might also like...
Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe

Welcome to HubbleStack!! You can find the docs here You can file an issue here Follow us on Twitter! Development Below are sample instructions to setu

HubbleStack 368 Jan 4, 2023
A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources to make Ubuntu 20.04 capable of both offensive and defensive security work.

infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s

James 41 Dec 30, 2022
A CLI tool to disable and enable security standards controls in AWS Security Hub

Security Hub Controls CLI A CLI tool to disable and enable security standards controls in AWS Security Hub. It is designed to work together with AWS S

AWS Samples 4 Nov 14, 2022
Security-TXT is a python package for retrieving, parsing and manipulating security.txt files.

Security-TXT is a python package for retrieving, parsing and manipulating security.txt files.

Frank 3 Feb 7, 2022
Security audit Python project dependencies against security advisory databases.

Security audit Python project dependencies against security advisory databases.

null 52 Dec 17, 2022
RedTeam-Security - In this repo you will get the information of Red Team Security related links
RedTeam-Security - In this repo you will get the information of Red Team Security related links

OSINT Passive Discovery Amass - https://github.com/OWASP/Amass (Attack Surface M

Abhinav Pathak 5 May 18, 2022
Middleware for Starlette that allows you to store and access the context data of a request. Can be used with logging so logs automatically use request headers such as x-request-id or x-correlation-id.

starlette context Middleware for Starlette that allows you to store and access the context data of a request. Can be used with logging so logs automat

Tomasz Wójcik 300 Dec 26, 2022
Django app for handling the server headers required for Cross-Origin Resource Sharing (CORS)

django-cors-headers A Django App that adds Cross-Origin Resource Sharing (CORS) headers to responses. This allows in-browser requests to your Django a

Adam Johnson 4.8k Jan 3, 2023
Middleware for Starlette that allows you to store and access the context data of a request. Can be used with logging so logs automatically use request headers such as x-request-id or x-correlation-id.

starlette context Middleware for Starlette that allows you to store and access the context data of a request. Can be used with logging so logs automat

Tomasz Wójcik 300 Dec 26, 2022
Middleware for Starlette that allows you to store and access the context data of a request. Can be used with logging so logs automatically use request headers such as x-request-id or x-correlation-id.

starlette context Middleware for Starlette that allows you to store and access the context data of a request. Can be used with logging so logs automat

Tomasz Wójcik 110 Feb 16, 2021
Django app for handling the server headers required for Cross-Origin Resource Sharing (CORS)

django-cors-headers A Django App that adds Cross-Origin Resource Sharing (CORS) headers to responses. This allows in-browser requests to your Django a

Adam Johnson 4.8k Jan 5, 2023
Python tool to check a web applications compliance with OWASP HTTP response headers best practices

Check Your Head A quick and easy way to check a web applications response headers!

Zak 6 Nov 9, 2021
An forensics tool to help aid in the investigation of spoofed emails based off the email headers.
An forensics tool to help aid in the investigation of spoofed emails based off the email headers.

A forensic tool to make analysis of email headers easy to aid in the quick discovery of the attacker. Table of Contents About mailMeta Installation Us

Syed Modassir Ali 59 Nov 26, 2022
Generate Azure Blob Storage account authentication headers for Munki

Azure Blob Storage Authentication for Munki The Azure Blob Storage Middleware allows munki clients to connect securely, and directly to a munki repo h

Oliver Kieselbach 10 Apr 12, 2022
Expose multicam options in the Blender VSE headers.
Expose multicam options in the Blender VSE headers.

Multicam Expose multicam options in the Blender VSE headers. Install Download space_sequencer.py and swap it with the one that comes with the Blender

null 4 Feb 27, 2022
This Ivy plugin adds support for TOML file headers.

This Ivy plugin adds support for TOML file headers as an alternative to YAML.

Darren Mulholland 1 Nov 9, 2021
Create a table with row explanations, column headers, using matplotlib
Create a table with row explanations, column headers, using matplotlib

Create a table with row explanations, column headers, using matplotlib. Intended usage was a small table containing a custom heatmap.

null 4 Aug 14, 2022
wsvuls - website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.]
wsvuls - website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.]

WSVuls Website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.] What's WSVuls? WSVuls is a simple and powerf

Anouar Ben Saad 47 Sep 22, 2022
Automated Security Testing For REST API's
Automated Security Testing For REST API's

Astra REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers

Flipkart Incubator 2.1k Dec 31, 2022
Owner
Kamran Saifullah (Frog Man)
An abnormal frog who has been thrown out by the frog community!
Kamran Saifullah (Frog Man)
GitHub
Output Analyzer for you terminal commands

Output analyzer (OZER) You can specify a few words inside config.yaml file and specify the color you want to be used. installing: Install command usin

Ehsan Shirzadi 1 Oct 21, 2021
a CLI that provides a generic automation layer for assessing the security of ML models

a CLI that provides a generic automation layer for assessing the security of ML models

Microsoft Azure 268 May 9, 2021
GitFun - A Simplified Automated CLI tool for GIT😃

GitFun A Simplified Automated CLI tool for GIT, It's for Lazy Developers and Newbies ?? Table of contents GitFun Installation Usage Development Contri

Astaqc 8 Feb 22, 2022
Fylm is a wonderful automated command line app for organizing your film media.

Overview Fylm is a wonderful automated command line app for organizing your film media. You can pronounce it Film or File 'em, whichever you like! It

Brandon Shelley 30 Dec 5, 2022
Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.

GitGuardian Shield: protect your secrets with GitGuardian GitGuardian shield (ggshield) is a CLI application that runs in your local environment or in

GitGuardian 1.2k Jan 6, 2023
Vpw analyzer - A visual J1850 VPW analyzer written in Python

VPW Analyzer A visual J1850 VPW analyzer written in Python Requires Tkinter, Pan

null 7 May 1, 2022
HTTP security headers for Flask

Talisman: HTTP security headers for Flask Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few co

Google Cloud Platform 853 Dec 19, 2022
HTTP security headers for Flask

Talisman: HTTP security headers for Flask Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few co

Google Cloud Platform 854 Dec 30, 2022
Web Headers Security Scanner

Web Headers Security Scanner

Emre Koybasi 3 Dec 16, 2022
The core packages of security analyzer web crawler

Security Analyzer ?? A large scale web crawler (considered also as vulnerability scanner tool) to take an overview about security of Moroccan sites Cu

Security Analyzer 10 Jul 3, 2022