Headers

Security headers

Info: I built Security Headers after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites were using these headers and I figured I'd turn it into a useful tool for everyone to use!

https://securityheaders.com/?q=https%3A%2F%2Fwww.domain.com%2F&followRedirects=on

shcheck

Installation

Pypi

pip3 install shcheck
shcheck.py https://insecurity.blog

Python Virtual Environment

python3 -m venv shcheck; source shcheck/bin/activate; pip3 install shcheck
shcheck.py https://insecurity.blog

Docker

First build your docker container using something like this:

docker build -t shcheck .

Then simply run your docker container using something like this where you specify which website you want to check headers on:

docker run -it --rm shcheck https://insecurity.blog

From source

git clone https://github.com/santoru/shcheck && cd shcheck
./shcheck.py https://insecurity.blog

Complete Usage

shcheck.py --proxy=http://192.168.1.60:8081 -d -c [COOKIE] -g https://[URL]

-c Set cookies for the request

-d When using --proxy disables SSL/TLS certificate validation

-g Use GET method instead HEAD method

PreviousInfrastructure & Configuration NextWAF Detection/ Evasion

Last updated 1 year ago

hashtagSecurity headers

hashtagshcheckarrow-up-right

hashtagInstallation

hashtagPypi

hashtagPython Virtual Environment

hashtagDocker

hashtagFrom source

hashtagComplete Usage