Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Security Testing Tool
Python
branch: master
Failed to load latest commit information.
.gitignore
README.md Merge branch 'master' of github.com:AutomatedTester/Garmr
config.txt Added support for check parameters, ability to exclude checks, and th…
corechecks.py Grammar and text cleanup.
djangochecks.py Added support for check parameters, ability to exclude checks, and th…
garmr.py
reporter.py
scanner.py Added support for check parameters, ability to exclude checks, and th…

README.md

I NO LONG MAINTAIN THIS. Please follow Yvan's Fork

Garmr

Garmr is a tool to inspect the responses from websites for basic security requirements.

Garmr includes a set of core test cases implemented in corechecks that are derived from the Secure Coding Guidelines that can be found at [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines]

Installation

This version of Garmr :

Usage

usage: garmr.py [-h] [-u TARGETS] [-m MODULES] [-f TARGET_FILES] [-p] [-d]

optional arguments: -h, --help show this help message and exit -u TARGETS, --url TARGETS add a target to test -m MODULES, --module MODULES load a test suite -f TARGET_FILES, --file TARGET_FILES File with urls to test -p, --force-passive Force passives to be run for each active test -d, --dns Skip DNS resolution when registering a target.

Tasks

  • Implement sequences (i.e. a series of ActiveTests that once invoked, maintains a cookie jar until the list of URLs is exhausted)
  • Implement a proper detailed reporter; currently a range of data is accumulated, but never reported.
  • Implement more checks
Something went wrong with that request. Please try again.