Skip to content

imolinuevo/widow-sweeper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
controllers
controllers
 
 
models
models
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
__init__.py
__init__.py
 
 
example.json
example.json
 
 
requirements.txt
requirements.txt
 
 
widow-sweeper.py
widow-sweeper.py
 
 

Repository files navigation

Widow Sweeper

The aim of this project is to provide a simple CLI using python 3 in order to evaluate HTTP security headers defined by OWASP Security Headers.

Requirements and installation

In order to run this program you will need and installation of python 3 and pip 3 for dependency installation.

Note:

  • The latest version of python 3 is recommended for a better efficiency, currently python 3.6.

After installing python and pip just run the following command to install pip dependencies:

pip3 install -r requirements.txt

Usage

To display available running options run:

python3 widow-sweeper.py -h
usage: widow-sweeper.py [-h] [-v] [-c CONFIG] [-u URL] [-m METHOD]

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show program version and exit
  -c CONFIG, --config CONFIG
                        configuration file in JSON format
  -u URL, --url URL     complete url
  -m METHOD, --method METHOD
                        HTTP method

There are two running modes: Run a single request and Run from configuration file.

In order to run a single request just define the URL with -u and the HTTP method with -m, take the following as an example:

python3 widow-sweeper.py -u http://pokeapi.co/api/v2/pokemon/1/ -m GET
=> Security Request 
	- Url: http://pokeapi.co/api/v2/pokemon/1/
	- Method: GET
        - Security headers status:
            :: X-Frame-Options: Safe header
            :: X-XSS-Protection: Safe header
            :: X-Content-Type-Options: Header is missing
            :: Content-Type: Invalid header, should be: text/html;charset=utf-8

If you prefer to use a configuration file for multiple requests you can provide a JSON file with -c with the following format:

[
  {
    "url": "http://pokeapi.co/api/v2/pokemon/1/",
    "method": "GET"
  },
  {
    "url": "http://pokeapi.co/api/v2/pokemon/2/",
    "method": "GET"
  },
  {
    "url": "http://pokeapi.co/api/v2/pokemon/3/",
    "method": "GET"
  }
]

Just run the following command:

python3 widow-sweeper.py -c example.json
=> Security Request 
	- Url: http://pokeapi.co/api/v2/pokemon/1/
	- Method: GET
        - Security headers status:
            :: X-Frame-Options: Safe header
            :: X-XSS-Protection: Safe header
            :: X-Content-Type-Options: Header is missing
            :: Content-Type: Invalid header, should be: text/html;charset=utf-8
=> Security Request 
	- Url: http://pokeapi.co/api/v2/pokemon/2/
	- Method: GET
        - Security headers status:
            :: X-Frame-Options: Safe header
            :: X-XSS-Protection: Safe header
            :: X-Content-Type-Options: Header is missing
            :: Content-Type: Invalid header, should be: text/html;charset=utf-8
=> Security Request 
	- Url: http://pokeapi.co/api/v2/pokemon/3/
	- Method: GET
        - Security headers status:
            :: X-Frame-Options: Safe header
            :: X-XSS-Protection: Safe header
            :: X-Content-Type-Options: Header is missing
            :: Content-Type: Invalid header, should be: text/html;charset=utf-8

About

Python 3 CLI for HTTP headers quick analysis

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages