headsec (β)

Test a site's HTTP headers for possible security issues. This is a little like Scott Helme's SecurityHeaders.com, but it can be run locally on your machine or CI

Basic usage

This will analise the headers returned by the supplied URL and print the results. By default, non-security headers are omitted in the output, but can be printed as well by passing the --show-all-headers flag (or -a)

$ headsec google.com

By default it'll follow redirects and only print the results of the last URL. To stop following redirects, pass the --ignore-redirects flag (or -r)

$ headsec google.com --ignore-redirects

Advanced usage

If you're trying to test an URL that requires authentication, a POST request, or anything of the like, you can use curl and pipe the result to headsec

$ curl https://yahoo.com/ --head -sS | headsec

Installation

$ curl https://raw.githubusercontent.com/nicoSWD/headsec/master/install.sh -sS | sh

Build from source

Build

$ make

Test

$ make test

Install

$ make install

Name		Name	Last commit message	Last commit date
Latest commit History 59 Commits
app		app
bin		bin
build		build
screenshots		screenshots
src		src
tests		tests
.gitignore		.gitignore
.scrutinizer.yml		.scrutinizer.yml
.travis.yml		.travis.yml
LICENSE.md		LICENSE.md
Makefile		Makefile
README.md		README.md
composer.json		composer.json
install.sh		install.sh
phpunit.xml.dist		phpunit.xml.dist

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

headsec (β)

About

Releases

Packages

Languages

License

nicoSWD/headsec

Folders and files

Latest commit

History

Repository files navigation

headsec (β)

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages