-
Notifications
You must be signed in to change notification settings - Fork 237
Functions
Key4051 edited this page Dec 30, 2019
·
22 revisions
You can file an issue about it and ask that it be added.
Several functions of this script:
- check website/domain configuration (web servers or reverse proxies)
- display basic information about HTTP/HTTPS protocols including URLs, GeoIP, status codes and protocol version
- check HTTP request latency (
time_connectandtime_total) - redirects analysis (and follows it), e.g. to eliminate redirect loops
- view and analyze response headers for each request
- try bypassing cache (e.g Varnish Cache)
- view and analyze response body for each request
- view setting HTTP request method and headers
- check basic ssl configuration
-
validation of the certificates (e.g.
date,cn,san) - check the Chain of Trust
- check the Server Name Indication
- verification ssl connection
-
validation of the certificates (e.g.
- test extended ssl configuration (protocols and ciphers) with testssl.sh
- scan website for Mixed Content (non-secure resources)
- scan website and domain using Nmap NSE Library (40 scripts)
- support advanced vulnerability scanning with Vulscan
- analyze website with Mozilla Observatory
- deep analysis of the ssl web server with SSL Labs API
- detect and bypass web application firewalls with wafw00f
- enumerate subdomains of website with SubFinder
- perform zone transfer attack (with
api.hackertarget.comordig)
- perform zone transfer attack (with
- test HTTP/2 connection with nghttp2
htrace.sh v1.1.7