FrankSpierings · November 8, 2019 09:11
diff --git a/headerchecker.py b/headerchecker.py
 #!/usr/bin/env python3
 import argparse
 import requests
 requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
 import logging
 import logging.config
 logconfig = {'version': 1,
 'disable_existing_loggers': False,
 'formatters': {'standard': {'format': '[%(levelname)s] %(message)s'}},
 'handlers': {'default': {'level': 'DEBUG',
   'formatter': 'standard',
   'class': 'logging.StreamHandler',
   'stream': 'ext://sys.stdout'}},
 'loggers': {'': {'handlers': ['default'],
   'level': 'INFO',
   'propagate': True}}}
 logging.config.dictConfig(logconfig)
 logger = logging.getLogger()

 def checkheaders(response):
 	check_headers = [
 		'Strict-Transport-Security', 'X-Frame-Options', 'X-XSS-Protection', 
 		'X-Content-Type-Options', 'Content-Security-Policy', 'Referrer-Policy'
 	]
 	found = [(key, value) for key, value in response.headers.items() if key.lower() in [ch.lower() for ch in check_headers]]
 	missing = [ch for ch in check_headers if ch.lower() not in [fh[0].lower() for fh in found]]
 	return found, missing

 def checkurl(url):
 	response = requests.get(url, verify=False)
 	history = response.history
 	history.append(response)
 	for response in history:
 		logger.info('Url: {0} - Status: {1}'.format(response.request.url, response.status_code))
 		found, missing = checkheaders(response)
 		if len(found) > 0:
 			headers = ['"{0}: {1}"'.format(key, value) for key,value in found]
 			logger.info('Found: {0}:'.format(', '.join(headers)))
 		if len(missing) > 0:			
 			logger.warning('Missing: {0}'.format(', '.join(missing)))
 		

 if __name__ == "__main__":
 	parser = argparse.ArgumentParser(description='Checks the security headers of a webapplication.')
 	parser.add_argument('url', help='The URL to be checked: http://www.example.com')
 	args = parser.parse_args()
 	checkurl(args.url)
	#!/usr/bin/env python3
	import argparse
	import requests
	requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
	import logging
	import logging.config
	logconfig = {'version': 1,
	'disable_existing_loggers': False,
	'formatters': {'standard': {'format': '[%(levelname)s] %(message)s'}},
	'handlers': {'default': {'level': 'DEBUG',
	'formatter': 'standard',
	'class': 'logging.StreamHandler',
	'stream': 'ext://sys.stdout'}},
	'loggers': {'': {'handlers': ['default'],
	'level': 'INFO',
	'propagate': True}}}
	logging.config.dictConfig(logconfig)
	logger = logging.getLogger()

	def checkheaders(response):
	check_headers = [
	'Strict-Transport-Security', 'X-Frame-Options', 'X-XSS-Protection',
	'X-Content-Type-Options', 'Content-Security-Policy', 'Referrer-Policy'
	]
	found = [(key, value) for key, value in response.headers.items() if key.lower() in [ch.lower() for ch in check_headers]]
	missing = [ch for ch in check_headers if ch.lower() not in [fh[0].lower() for fh in found]]
	return found, missing

	def checkurl(url):
	response = requests.get(url, verify=False)
	history = response.history
	history.append(response)
	for response in history:
	logger.info('Url: {0} - Status: {1}'.format(response.request.url, response.status_code))
	found, missing = checkheaders(response)
	if len(found) > 0:
	headers = ['"{0}: {1}"'.format(key, value) for key,value in found]
	logger.info('Found: {0}:'.format(', '.join(headers)))
	if len(missing) > 0:
	logger.warning('Missing: {0}'.format(', '.join(missing)))


	if __name__ == "__main__":
	parser = argparse.ArgumentParser(description='Checks the security headers of a webapplication.')
	parser.add_argument('url', help='The URL to be checked: http://www.example.com')
	args = parser.parse_args()
	checkurl(args.url)