-
Notifications
You must be signed in to change notification settings - Fork 14
webheaderscan
The goal of the web_header_scan.rb script is to check a set of web servers provided as input for some common security issues relating to their HTTP headers and provide a concise report about this in different formats, to ease analysis and reporting.
You can install dependent gems using bundle install in the TestingScripts directory or you can install them manually. This script depends on the httparty gem.
Input for the scan is a text file with hosts and ports to be tested, one to each line. If the input file doesn't specify whether a target is accessed over http or https the script will default to http unless the specified port is 443.
There's a couple of output formats available but the best one at the moment is likely the Excel one as it includes checks for security headers which the others don't as yet.
The input file is specified using the -f switch. the report name is specified with the --reportPrefix switch and the excel report with excelReport