Content Security Policy(CSP) is additional layer of protection to detect and remediate attack like Cross-Site Scripting (XSS) and injection attacks. Since XSS being commonly found vulnerability and it is always preferred to patched by code level. However, having effective and efficient CSP in place can give a breather for DevSecOps of an organization.
Suppose you have multiple domains to manage. There is any change or new 3rd party domain is added in CSP policy without discussing with security team in some of the domains. With the help of this tool, you can find out which domain's CSP policy is changed from last time in the input list of domains.
The main purpose of this tool is to provide list of domains whose CSP is changed from last time.
- pip3 install validators
- echo '&&&'>Domain_Hash.txt
- Supports single domain or domains list input
- Check for CSP on input domain(s)
- Captures the domain(s), CSP hash, timestamp along with CSP in file
- Compare CSP with stored data and update
Rishu Ranjan
