HSTS Preload Readiness Checker
Prior to submitting a domain to the HSTS preload list you'll want to make sure that all of the subdomains of a given domain are all available on HTTPS.
This project helps you do that. It takes either a BIND master file as input or fetches a zone from Route53. It then attempts to connect to each host on both HTTP and HTTPS and then outputs the results in an easy to action format (or CSV if you prefer).
How to run
You'll need to have a 1.8 JVM and SBT. If you are on OSX then simply
brew install sbt should do the job.
Once installed you can run the SBT build tool using
sbt in the root of the repository. Once you have an
sbt prompt you can run it using
run. Usage information will be displayed with no arguments.
run -b example.net.zonefile -o csv= write out a CSV report for the zone stored in the specified BIND file
run -z example.net -r eu-west-1 -v= write out a verbose report for a zone in Route53 that includes results that are successful on HTTPS with a suitable HSTS header and also results where no connection could be made on HTTP or HTTPS
This only checks services that are found on standard HTTP and HTTPS ports. Hosts that provide HTTP services on non-standard ports will not be discovered.