Skip to content
/ sech3r Public

A Security HTTP-Header Checker. # Demoisturize it!

License

MIT license
7 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

naryal2580/sech3r

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
secher
secher
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
sech3r.py
sech3r.py
 
 
setup.py
setup.py
 
 

Repository files navigation

SéCh3r v4.9

A Security HTTP-Header Checker. # Demoisturize it!

What's this?

This is a tool, used in order to determine the presence of Security HTTP-Headers along with version disclosure checks.

Features

  • Checks if security headers are present
  • Checks if Version Disclosure headers are present
  • Have got a fancy output
  • Will Google you for CVEs (from the disclosed version number via HTTP Headers)
  • Have got silent mode, in case you wanna see only URL and headers
  • Verbose mode, if you want to inspect whole HTTP Header response
  • No redirect mode, in case don't wanna redirect
  • Insecure mode, if you wanna ignore TLS/SSL warnings
  • No color mode, in case escapes sequences are creating issues
  • Can also take file input, for several URLs to be tested for HTTP Headers
  • Can also save the output, in the form of JSON File

Install

In order to get this tool running, follow the instruction below:

Installation via pip

$ python3 -m pip install sech3r  # Super User permission, accordingly.

Installation via GitHub

$ git clone https://github.com/naryal2580/sech3r.git
$ cd sech3r
$ python3 setup.py install  # Super User permission, accordingly.

Use without installation

$ git clone https://github.com/naryal2580/sech3r.git
$ cd sech3r
$ python3 -m pip install -U -r requirements.txt  # Super User permission, accordingly.
$ python3 ./sech3r.py

Usage

Just provide the command line arguments accordingly, and Demoisturize it! :p

$ sech3r -h
     /  __       ____
 ()  _ / () |)    __/ ,_
 /\ |/|     |/\     \/  |
/(_)|_/\___/|  |/\__/   |/

Usage:
    sech3r [--verbose] [--searchForVuln] [--noRedirects] [--insecure] [--noColor] [--quiet] [--output <filename>]
    sech3r <urls>... [--verbose] [--searchForVuln] [--noRedirects] [--insecure] [--noColor] [--quiet] [--output <filename>]
    sech3r [--verbose] [--searchForVuln] [--noRedirects] [--insecure] [--noColor] [--quiet] [--input <filename>] [--output <filename>]
    sech3r -h | --help
    sech3r -V | --version

Options:
    -h --help               Display help, basically this screen.
    -V --version            Display version number.
    <urls>                  Optional URL(s) input from the Command-Line.
    -v --verbose            Show verbose output.
    -s --searchForVuln      Open Default WebBrowser, Googling for Vulnerabilities.
    -r --noRedirects        Do not follow HTTP-redirects.
    -k --insecure           Bypass TLS/SSL verification.
    -c --noColor            No Colours to be used for the Output.
    -q --quiet              Silent Mode, nothing else not even colors.
    -i --input <filename>   Take URLs from a file, Single URL per line
    -o --output <filename>  Save output to a file, a JSON output of headers

Examples:
    sech3r demo.testfire.net
    sech3r demo.testfire.net -i in.json
    sech3r demo.testfire.net -vs -o out.json
    sech3r demo.testfire.net -vr
    sech3r demo.testfire.net -c
    sech3r demo.testfire.net -q
    sech3r -vsirc

TODOs

  • Additional Header Assesments for better output

</> with <3 --naryal2580

About

A Security HTTP-Header Checker. # Demoisturize it!

Topics

cli security python3 http-header infosec security-tools http-headers security-headers sech3r security-http-header

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages