Published on May 18th, 2017 | by MaxiSoler


hsecscan – HTTP Headers Scan

hsecscan is a security scanner for HTTP response headers. It requires Python 2.x.

Python Modules

  • os.path
  • argparse
  • sqlite3
  • urlparse
  • urllib2
  • urllib
  • json
  • ssl


$ ./hsecscan.py 
usage: hsecscan.py [-h] [-P] [-p] [-u URL] [-R] [-i] [-U User-Agent]
                   [-D DBFILE] [-d 'POST data'] [-x PROXY] [-a]

A security scanner for HTTP response headers.

optional arguments:
  -h, --help            show this help message and exit
  -P, --database        Print the entire response headers database.
  -p, --headers         Print only the enabled response headers from database.
  -u URL, --URL URL     The URL to be scanned.
  -R, --redirect        Print redirect headers.
  -i, --insecure        Disable certificate verification.
  -U User-Agent, --useragent User-Agent
                        Set the User-Agent request header (default: hsecscan).
  -D DBFILE, --dbfile DBFILE
                        Set the database file (default: hsecscan.db).
  -d 'POST data', --postdata 'POST data'
                        Set the POST data (between single quotes) otherwise
                        will be a GET (example: '{ "q":"query string",
                        "foo":"bar" }').
  -x PROXY, --proxy PROXY
                        Set the proxy server (example:
  -a, --all             Print details for all response headers. Good for check
                        the related RFC.

More Info: here


About the Author

www.artssec.com @maxisoler

Back to Top ↑