| Name | secheaders JSON |
| Version |
0.1.1
JSON |
| download |
| home_page | None |
| Summary | Scan HTTP security headers |
| upload_time | 2024-10-27 09:56:41 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.8 |
| license | None |
| keywords |
security
web
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# secheaders
Python script to check HTTP security headers
Same functionality as securityheaders.io but as Python script. Also checks some server/version headers. Written and tested using Python 3.8.
With minor modifications could be used as a library for other projects.
**NOTE**: The project renamed (2024-10-19) from **securityheaders** to **secheaders** to avoid confusion with PyPI package with similar name.
## Installation
The following assumes you have Python installed and command `python` refers to python version >= 3.8.
### Install
```
$ pip install secheaders
```
### Building and running locally
1. Clone into repository
2. `python -m build`
3. `pip install dist/secheaders-0.1.1-py3-none-any.whl`
4. Run `secheaders --help`
### Running from source without installation
1. Clone into repository
2. Run `python -m secheaders`
## Usage
```
$ secheaders --help
usage: secheaders [-h] [--max-redirects N] [--insecure] [--json] [--no-color]
[--verbose]
URL
Scan HTTP security headers
positional arguments:
URL Target URL
options:
-h, --help show this help message and exit
--max-redirects N Max redirects, set 0 to disable (default: 2)
--insecure Do not verify TLS certificate chain (default: False)
--json JSON output instead of text (default: False)
--no-color Do not output colors in terminal (default: False)
--verbose, -v Verbose output (default: False)
```
## Example output
```
$ secheaders example.com
Header 'x-frame-options' is missing [ WARN ]
Header 'strict-transport-security' is missing [ WARN ]
Header 'content-security-policy' is missing [ WARN ]
Header 'x-content-type-options' is missing [ WARN ]
Header 'x-xss-protection' is missing [ OK ]
Header 'referrer-policy' is missing [ WARN ]
Header 'permissions-policy' is missing [ WARN ]
server: ECAcc (nyd/D147) [ WARN ]
HTTPS supported [ OK ]
HTTPS valid certificate [ OK ]
HTTP -> HTTPS automatic redirect [ WARN ]
```
## Design principles
The following design principles have been considered:
* Simplicity of the codebase.
* The code should be easy to understand and follow without in-depth Python knowledge.
* Avoidance of external dependencies.
* The Python Standard Libary provides enough tools and libraries for quite many use cases.
* Unix philosophy in general
* *"Do one thing and do it well"*
These are not rules set in stone, but should be revisited when doing big design choices.
Raw data
{
"_id": null,
"home_page": null,
"name": "secheaders",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": "Jussi-Pekka Erkkil\u00e4 <jp.erkkila@gmail.com>",
"keywords": "security, web",
"author": null,
"author_email": "Jussi-Pekka Erkkil\u00e4 <jp.erkkila@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/a2/f6/f8808e4570d652c62ff2effcd0c778f378faf9d4fe356ad6549382e6c5be/secheaders-0.1.1.tar.gz",
"platform": null,
"description": "# secheaders\nPython script to check HTTP security headers\n\n\nSame functionality as securityheaders.io but as Python script. Also checks some server/version headers. Written and tested using Python 3.8.\n\nWith minor modifications could be used as a library for other projects.\n\n**NOTE**: The project renamed (2024-10-19) from **securityheaders** to **secheaders** to avoid confusion with PyPI package with similar name.\n\n## Installation\n\nThe following assumes you have Python installed and command `python` refers to python version >= 3.8.\n\n### Install\n\n```\n$ pip install secheaders\n```\n\n### Building and running locally\n\n1. Clone into repository\n2. `python -m build`\n3. `pip install dist/secheaders-0.1.1-py3-none-any.whl`\n4. Run `secheaders --help`\n\n\n### Running from source without installation\n\n1. Clone into repository\n2. Run `python -m secheaders`\n\n\n## Usage\n```\n$ secheaders --help\nusage: secheaders [-h] [--max-redirects N] [--insecure] [--json] [--no-color]\n [--verbose]\n URL\n\nScan HTTP security headers\n\npositional arguments:\n URL Target URL\n\noptions:\n -h, --help show this help message and exit\n --max-redirects N Max redirects, set 0 to disable (default: 2)\n --insecure Do not verify TLS certificate chain (default: False)\n --json JSON output instead of text (default: False)\n --no-color Do not output colors in terminal (default: False)\n --verbose, -v Verbose output (default: False)\n```\n\n\n## Example output\n```\n$ secheaders example.com\nHeader 'x-frame-options' is missing [ WARN ]\nHeader 'strict-transport-security' is missing [ WARN ]\nHeader 'content-security-policy' is missing [ WARN ]\nHeader 'x-content-type-options' is missing [ WARN ]\nHeader 'x-xss-protection' is missing [ OK ]\nHeader 'referrer-policy' is missing [ WARN ]\nHeader 'permissions-policy' is missing [ WARN ]\nserver: ECAcc (nyd/D147) [ WARN ]\nHTTPS supported [ OK ]\nHTTPS valid certificate [ OK ]\nHTTP -> HTTPS automatic redirect [ WARN ]\n```\n\n## Design principles\n\nThe following design principles have been considered:\n\n* Simplicity of the codebase. \n\t* The code should be easy to understand and follow without in-depth Python knowledge.\n* Avoidance of external dependencies.\n\t* The Python Standard Libary provides enough tools and libraries for quite many use cases.\n* Unix philosophy in general \n\t* *\"Do one thing and do it well\"*\n\nThese are not rules set in stone, but should be revisited when doing big design choices.\n",
"bugtrack_url": null,
"license": null,
"summary": "Scan HTTP security headers",
"version": "0.1.1",
"project_urls": {
"Homepage": "https://github.com/juerkkil/secheaders",
"Issues": "https://github.com/juerkkil/secheaders/issues",
"Repository": "https://github.com/juerkkil/secheaders"
},
"split_keywords": [
"security",
" web"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "1378b7d4ec4a0bb7f59d4321d8fb4116ba58ceaddb13daa438b629a41c69ed6f",
"md5": "44f646dffe604b0e6724740abaac656c",
"sha256": "5dcc844f97743317e6f64ccf8768caf33030d2f513fdea3ea347dfd985192f88"
},
"downloads": -1,
"filename": "secheaders-0.1.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "44f646dffe604b0e6724740abaac656c",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 10111,
"upload_time": "2024-10-27T09:56:39",
"upload_time_iso_8601": "2024-10-27T09:56:39.811674Z",
"url": "https://files.pythonhosted.org/packages/13/78/b7d4ec4a0bb7f59d4321d8fb4116ba58ceaddb13daa438b629a41c69ed6f/secheaders-0.1.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "a2f6f8808e4570d652c62ff2effcd0c778f378faf9d4fe356ad6549382e6c5be",
"md5": "8aa40fe28736bdc932a346ad374738fa",
"sha256": "88854bda71cfa6dd494d28a490c32efe6bc3648e3a8e5675527f250a5b20beff"
},
"downloads": -1,
"filename": "secheaders-0.1.1.tar.gz",
"has_sig": false,
"md5_digest": "8aa40fe28736bdc932a346ad374738fa",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 9987,
"upload_time": "2024-10-27T09:56:41",
"upload_time_iso_8601": "2024-10-27T09:56:41.384418Z",
"url": "https://files.pythonhosted.org/packages/a2/f6/f8808e4570d652c62ff2effcd0c778f378faf9d4fe356ad6549382e6c5be/secheaders-0.1.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-10-27 09:56:41",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "juerkkil",
"github_project": "secheaders",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "secheaders"
}
