FilesExpand file tree

 master

/

shcheck.py

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

executable file

·

250 lines (199 loc) · 7.47 KB

 master

/

shcheck.py

Top

File metadata and controls

• Code
• Blame

executable file

·

250 lines (199 loc) · 7.47 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

#!/usr/bin/env python

# shcheck - Security Headers checks!

# Copyright (C) 2017 m3liot

#

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program. If not, see <http://www.gnu.org/licenses/>.

import urllib2

import socket

import sys

import ssl

from optparse import OptionParser

parser = OptionParser("Usage: %prog [options] <target>", prog=sys.argv[0])

parser.add_option("-p", "--port", dest="port",

help="Set a custom port to connect to", metavar="PORT")

parser.add_option('-d', "--disable-ssl-check", dest="ssldisabled",

default=False, help="Disable SSL/TLS certificate validation",

action="store_true")

parser.add_option('-g', "--use-get-method", dest="useget",

default=False, help="Use GET method instead HEAD method",

action="store_true")

parser.add_option("-i", "--information", dest="information", default=False,

help="Display present information headers",

action="store_true")

(options, args) = parser.parse_args()

class bcolors:

HEADER = '\033[95m'

OKBLUE = '\033[94m'

OKGREEN = '\033[92m'

WARNING = '\033[93m'

FAIL = '\033[91m'

ENDC = '\033[0m'

BOLD = '\033[1m'

UNDERLINE = '\033[4m'

# Client headers to send to the server during the request.

client_headers = {

'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0',

'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',

'Accept-Language': 'en-US;q=0.8,en;q=0.3',

'Upgrade-Insecure-Requests': 1

}

# Security headers that should be enabled

sec_headers = {

'X-XSS-Protection': 'warning',

'X-Frame-Options': 'warning',

'X-Content-Type-Options': 'warning',

'Strict-Transport-Security': 'error',

'Public-Key-Pins': 'none',

'Content-Security-Policy': 'warning',

'X-Permitted-Cross-Domain-Policies': 'warning',

'Referrer-Policy': 'warning'

}

information_headers = {

'X-Powered-By',

'Server'

}

headers = {}

def banner():

print

print "======================================================="

print " > safetycheck.py by @m3liot..........................."

print "-------------------------------------------------------"

print " Simple tool to check security headers on a webserver "

print "======================================================="

print

def colorize(string, alert):

if alert == 'error':

return bcolors.FAIL + string + bcolors.ENDC

elif alert == 'warning':

return bcolors.WARNING + string + bcolors.ENDC

elif alert == 'ok':

return bcolors.OKGREEN + string + bcolors.ENDC

elif alert == 'info':

return bcolors.OKBLUE + string + bcolors.ENDC

return string

return string

def parse_headers(hdrs):

for header in hdrs:

htype = header.split(':')[0].strip()

hvalue = header.split(':')[1].strip()

headers.update({htype: hvalue})

def append_port(target, port):

if target[-1:] == '/':

return target[:-1] + ':' + port + '/'

return target + ':' + port + '/'

def check_target(target, ssldisabled, useget):

'''

Just put a protocol to a valid IP and check if connection works,

returning HEAD response

'''

try:

if (socket.inet_aton(target)):

target = 'http://' + target

except (ValueError, socket.error):

pass

try:

if useget:

method = 'GET'

else:

method = 'HEAD'

request = urllib2.Request(target, headers=client_headers)

request.get_method = lambda: method

if ssldisabled:

context = ssl.create_default_context()

context.check_hostname = False

context.verify_mode = ssl.CERT_NONE

response = urllib2.urlopen(request, timeout=10, context=context)

else:

response = urllib2.urlopen(request, timeout=10)

except ValueError:

print "Unknown url type"

sys.exit(5)

except urllib2.URLError, e:

if "CERTIFICATE_VERIFY_FAILED" in str(e.reason):

print "SSL: Certificate validation error.\nIf you want to \

ignore it run the program with the \"-d\" option."

else:

print "Target host seems to be unreachable"

sys.exit(4)

return response

def check_https(target):

'''

Check if target support HTTPS for Strict-Transport-Security

'''

return target.startswith('https://')

def report(target, safe, unsafe):

print "-------------------------------------------------------"

print "[!] Headers analyzed for {}".format(colorize(target, 'info'))

print "[+] There are {} security headers".format(colorize(str(safe), 'ok'))

print "[-] There are not {} security headers".format(

colorize(str(unsafe), 'error'))

print

def main(argv):

if len(argv) < 2:

parser.print_help()

sys.exit(1)

# Getting options

port = options.port

information = options.information

ssldisabled = options.ssldisabled

useget = options.useget

banner()

target = argv[1]

safe = 0

unsafe = 0

if port is not None:

target = append_port(target, port)

# Check if target is valid

response = check_target(target, ssldisabled, useget)

rUrl = response.geturl()

print "[*] Analyzing headers of {}".format(colorize(target, 'info'))

print "[*] Effective URL: {}".format(colorize(rUrl, 'info'))

parse_headers(response.info().headers)

for safeh in sec_headers:

if safeh in headers:

safe += 1

# Taking care of special headers that could have bad values

# X-XSS-Protection Should be enabled

if safeh == 'X-XSS-Protection' and headers.get(safeh) == '0':

print "[*] Header {} is present! (Value: {})".format(

colorize(safeh, 'ok'),

colorize(headers.get(safeh), 'warning'))

# Printing generic message if not specified above

else:

print "[*] Header {} is present! (Value: {})".format(

colorize(safeh, 'ok'),

headers.get(safeh))

else:

unsafe += 1

# HSTS works obviously only on HTTPS

if safeh == 'Strict-Transport-Security' and not check_https(rUrl):

unsafe -= 1

continue

print '[!] Missing security header: {}'.format(

colorize(safeh, sec_headers.get(safeh)))

if information:

chk = False

print

for infoh in information_headers:

if infoh in headers:

chk = True

print "[!] Possible information disclosure: \

header {} is present! (Value: {})".format(

colorize(infoh, 'warning'),

headers.get(infoh))

if not chk:

print "[*] No information disclosure headers detected"

report(target, safe, unsafe)

if __name__ == "__main__":

main(sys.argv)