Chopper: An Automated Security Headers Analyzer

Related tags

Command-line ToolsChopper
Overview
  ____ _                                 _ 
 / ___| |__   ___  _ __  _ __   ___ _ __| |
| |   | '_ \ / _ \| '_ \| '_ \ / _ \ '__| |
| |___| | | | (_) | |_) | |_) |  __/ |  |_|
 \____|_| |_|\___/| .__/| .__/ \___|_|  (_)
                  |_|   |_|

Chopper - An Automated Security Headers Analyzer

Chopper is a python script to scrape HTTP Headers from the requests. All you need is to supply a valid domain name. Chopper will automatically check for security related headers, thus saving much of your time.

Currently Chopper is able to check the following headers and flags.

  1. Content-Security-Policy
  2. X-XSS-Protection
  3. X-Frame-Headers
  4. X-Content-Type
  5. Strict-Transport-Security
  6. Referrer-Policy
  7. Feature-Policy
  8. Cache-Control Policy
  9. Access-Control-Allow-Origin
  10. Access-Control-Allow-Credentials
  11. HttpOnly Flag
  12. Secure Flag

Chopper also provides with the complete list of headers. Thus, providing a better view of all the headers.

Required Packages

1. Python3
2. Colorama
3. Validators
4. Requests

Installing Dependencies

  • pip install -r requirements.txt
  • python -m pip install -r requirements.txt

Flying The Chopper

python3 Chopper.py http://testphp.vulnweb.com/login.php

  ____ _                                 _ 
 / ___| |__   ___  _ __  _ __   ___ _ __| |
| |   | '_ \ / _ \| '_ \| '_ \ / _ \ '__| |
| |___| | | | (_) | |_) | |_) |  __/ |  |_|
 \____|_| |_|\___/| .__/| .__/ \___|_|  (_)
                  |_|   |_|                

 An Automated Security Headers Analyzer
 ------------------------------
 Coded by Kamran Saifullah - Frog Man
 Twitter: https://twitter.com/deFr0ggy 
 GitHub: https://github.com/deFr0ggy 
 LinkedIn: https://linkedin.com/in/kamransaifullah 

 Usage: ./Chopper.py <http|https://example.com>


Domain: http://testphp.vulnweb.com/login.php

[-] Content-Security-Policy is not in place!
[-] X-XSS-Protection - XSS Protection is not in place!
[-] X-Frame-Headers - ClickJacking Protection is not in place!
[-] X-Content-Type - MIME Sniffing Protection is not in place!
[-] Strict-Transport-Security - Protection is not in place!
[-] Referrer-Policy is not in place!
[-] Feature-Policy is not in place!
[-] Cache-Control Policy is not in place!
[-] Access-Control-Allow-* - CORS Policy is not in place!
[-] HttpOnly Flag is not in place!
[-] Secure Flag is not in place!


[-] Check These Headers Out! 


Server:  nginx/1.19.0
Date:  Sun, 19 Dec 2021 09:15:46 GMT
Content-Type:  text/html; charset=UTF-8
Transfer-Encoding:  chunked
Connection:  keep-alive
X-Powered-By:  PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1
Content-Encoding:  gzip
Owner
Kamran Saifullah (Frog Man)
An abnormal frog who has been thrown out by the frog community!
Kamran Saifullah (Frog Man)
GitHub Repository
Objexplore is an interactive Python object explorer for the terminal.

Objexplore is an interactive Python object explorer for the terminal. Use it while debugging, or exploring a new library, or whatever! 9D1FAC73-B2A5-4

kylepollina 249 Dec 23, 2022
A user-friendly python CLI for Fmask 4.3 software (GERS Lab, UCONN).

pyFmask What is pyFmask pyFmask is a user-friendly python CLI for Fmask 4.3 software (GERS Lab, UCONN; https://github.com/GERSL/Fmask). Fmask (Zhu et

1 Jan 05, 2022
This is a simple Termo application in command line style

my-termo This is a simple Termo application in command line style. This app run a Linux crontab task every day to get a new word. Type termo in your t

Gustavo Soares 1 Feb 14, 2022
Stream comments, submissions from subreddits and users across reddit right in your terminal

reddit_from_terminal stream comments, submissions from subreddits and users across reddit right in your terminal Alert! : Can't watch media contents(p

Pritam Dhara 2 Dec 30, 2021
xonsh is a Python-powered, cross-platform, Unix-gazing shell language and command prompt.

xonsh xonsh is a Python-powered, cross-platform, Unix-gazing shell language and command prompt. The language is a superset of Python 3.6+ with additio

xonsh 6.7k Jan 08, 2023
DShell, a tool that combines with discord.py and Jishaku to present to you, shell channels.

Discord shell or dshell for short is a Python package that combines with discord.py and Jishaku to transform an ordinary Discord channel into one capable of running bash commands using a Discord bot.

11 Nov 15, 2022
telescope.nvim is a highly extendable fuzzy finder over lists.

telescope.nvim is a highly extendable fuzzy finder over lists. Built on the latest awesome features from neovim core. Telescope is centered around modularity, allowing for easy customization.

nvim-telescope 8.4k Jan 05, 2023
Enlighten Progress Bar is a console progress bar library for Python.

Overview Enlighten Progress Bar is a console progress bar library for Python. The main advantage of Enlighten is it allows writing to stdout and stder

Rockhopper Technologies 265 Dec 28, 2022
A stupidly simple task list to keep you productive and focused.

StupidlySimple-TaskList A stupidly simple task list to keep you productive and focused. There is really nothing to it. This is a terminal-based script

Jack Soderstrom 1 Nov 28, 2021
Python CLI vm manager for remote access of docker images via noVNC

vmman is a tool to quickly boot and view docker-based VMs running on a linux server through noVNC without ssh tunneling on another network.

UCSD Engineers for Exploration 1 Nov 29, 2021
This a simple tool to query the awesome ippsec.rocks website from your terminal

ippsec-cli This a simple tool to query the awesome ippsec.rocks website from your terminal Installation and usage cd /opt git clone https://github.com

stark0de 5 Nov 26, 2022
Custom function scheduler TUI (text-based user interface) in the console

Custom function scheduler TUI (text-based user interface) in the console

Luke 1 Oct 26, 2022
Find your broken links, so users don't.

PyAnchor Dead links are an annoyance for websites with an extensive amount of content. A side from the negative impact on SEO, dead links are an annoy

Ricky White 61 Dec 14, 2022
A CLI based task manager tool which helps you track your daily task and activity.

CLI based task manager tool This is the simple CLI tool can be helpful in increasing your productivity. More like your todolist. It uses Postgresql as

ritik 1 Jan 19, 2022
Plumbum: Shell Combinators

Plumbum: Shell Combinators Ever wished the compactness of shell scripts be put into a real programming language? Say hello to Plumbum Shell Combinator

Tomer Filiba 2.5k Dec 28, 2022
Spongebob-cli - Watch classic spongebob from the terminal

spongebob-cli Watch classic spongebob from the terminal! Thanks to everyone that

523 Jan 02, 2023
An question and answer shell environment based on xonsh using ansible for setup

An question and answer shell environment based on xonsh using ansible for setup

Steven Hollingsworth 2 Jan 11, 2022
Arithmos cipher on CLI based

Arithmos Cipher CLI This is the CLI version of Arithmos Cipher. Install pip inst

LyQuid :3 1 Jan 16, 2022
⌨ Toward a more useful keyboard

Toward a more useful keyboard Steve Losh's Modern Space Cadet is an inspiration. It opened my eyes to the fact that there's a more useful keyboard hid

Jason Rudolph 1.7k Jan 01, 2023
GitFun - A Simplified Automated CLI tool for GITπŸ˜ƒ

GitFun A Simplified Automated CLI tool for GIT, It's for Lazy Developers and Newbies 😜 Table of contents GitFun Installation Usage Development Contri

Astaqc 8 Feb 22, 2022