Functions

Welcome to the htrace.sh wiki!

You can file an issue about it and ask that it be added.

---

Several functions of this script:

• check properly website/domain configuration (web servers or reverse proxies)
• display basic information about HTTP/HTTPS protocols including URLs, GeoIP, status codes and protocol version
• check HTTP request latency (time_connect and time_total)
• redirects analysis (and follows it), e.g. to eliminate redirect loops
• view and analyze response headers for each request
  • try bypassing cache (e.g Varnish Cache)
• view and analyzing response body for each request
• view setting HTTP request method and header(s)
• check basic ssl configuration
  • validation of the certificates (e.g. date, cn, san)
  • check the Chain of Trust
  • check the Server Name Indication
  • verification ssl connection
• test extended ssl configuration (protocols and ciphers) with testssl.sh
• scan website for Mixed Content (non-secure resources)
• scan website and domain using Nmap NSE Library (34 scripts)
• analyze website with Mozilla Observatory
• deep analysis of the ssl web server with SSL Labs API
• detect and bypass web application firewalls with WhatWaf
• enumerate subdomains of website with SubFinder