Thursday, 19 November 2015

GetHead - HTTP Header Analysis Vulnerability Tool


gethead.py is a Python HTTP Header Analysis Vulnerability Tool. It identifies security vulnerabilities and the lack of protection in HTTP Headers.

Usage:

$ python gethead.py http://domain.com

Changelog

Version 0.1 - Initial Release
  • Written in Python 2.7.5
  • Performs HTTP Header Analysis
  • Reports Header Vulnerabilities

Features in Development

Version 0.2 - Next Release (April 2014 Release)
  • Support for git updates
  • Support for Python 3.3
  • Complete Header Analysis
  • Additional Logic for Severity Classifications
  • Rank Vulnerabilities by Severity
  • Export Findings with Description, Impact, Execution, Fix, and References
  • Export with multi-format options (XML, HTML, TXT)

Version 0.3 - Future Release (May 2014 Release)
  • Replay and Inline Upstream Proxy support to import into other tools
  • Scan domains, sub-domains, and multi-services
  • Header Injection and Fuzzing functionality
  • HTTP Header Policy Bypassing
  • Modularize and port to more platforms (e.g. gMinor, Kali, Burp Extension, Metasploit, Chrome, Firefox)


No comments:

Post a Comment