Skip to content
/ HeaderGuardian Public

HeaderGuardian checks HTTP security headers against recommended values based on OWASP (Open Web Application Security Project) guidelines

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

OlderMutt/HeaderGuardian

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
HeaderGuardian.py
HeaderGuardian.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

HeaderGuardian is a Python script that checks HTTP security headers against recommended values according to OWASP guidelines. It helps ensure that your web application is configured with the appropriate security headers to protect against various security threats.

Features

  • Checks for the presence and correctness of recommended HTTP security headers
  • Supports different HTTP methods (GET, POST, PUT, PATCH, DELETE)
  • Supports authenticated connections using cookies
  • Displays results with color-coded outputs for easy interpretation
  • **Supports import and parse HTTP requests from Burp Suite exported XML files.

Prerequisites

  • Python 3.x: Make sure Python 3 is installed on your system.
  • pip: Ensure you have pip3 installed for Python package management.

Installation

  1. Clone the Repository

    git clone https://github.com/OlderMutt/HeaderGuardian.git
cd HeaderGuardian

  2. Install Dependencies

    pip3 install -r requirements.txt

Usage

  1. Run the Script

    python3 HeaderGuardian.py

  2. Input Required Information

  • Enter the URL to check: Provide the URL of the website you want to analyze (ex. https://your_site.com/).
  • Enter the HTTP method: Specify the HTTP method to use (GET, POST, PUT, PATCH, DELETE).
  • Enter session cookie (optional): If authentication is needed, provide the session cookie.
  • Enter request body data (optional): For methods like POST, PUT, PATCH, provide the request body data.
  1. View Results

The script will display:

  • HTTP Response Headers: Shows all response headers received from the server.
  • Missing Headers: Lists headers that are missing from the response, highlighted in red.
  • Incorrect Headers: Lists headers that are present but do not match the recommended values, highlighted in orange.
  • Correct Headers: Lists headers that match the recommended values, highlighted in green.
  • Headers to be deleted: Lists headers that must be deleted.

Examples

image image

Usage with Burpsuite xml exported request

  1. Run the Script

    python3 HeaderGuardian.py -r req.txt

References

This script follows recommendations for HTTP security headers from OWASP. For more details on best practices for HTTP headers, please refer to the 'OWASP HTTP Headers Cheat Sheet'.

Contributing

Contributions are welcome! Please fork the repository and submit a pull request with your improvements or bug fixes.

License

This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.

Contact

For any questions or issues, please contact [email protected]

About

HeaderGuardian checks HTTP security headers against recommended values based on OWASP (Open Web Application Security Project) guidelines

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages