Nmap Development mailing list archives
New NSE Script http-security-headers.nse
From: Vinamra Bhatia <vinamrabhatia8 () gmail com>
Date: Wed, 31 May 2017 16:49:53 +0530
Hello All, This is regarding a NSE Script my mentor and I were working last week. The script checks for the HTTP response headers related to security given in OWASP Secure Headers Project, shows whether they are configured and gives a brief description of them. The script requests the server for the header with http.head and parses it to list headers found with their configurations. It checks for HSTS(HTTP Strict Transport Security), HPKP(HTTP Public Key Pins), X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, Content-Security-Policy and X-Permitted-Cross-Domain-Policies. There is another script titled http-hsts-verify. The new script already includes the checks provided by http-hsts-verify and does much more comprehensive testing. Hence when we commit the new script, we should remove the other one. Github PR for the same https://github.com/nmap/nmap/pull/793 We would love to take suggestions on this. Thanks and have a great day! With Regards Vinamra
Attachment:
http-security-headers.nse
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New NSE Script http-security-headers.nse Vinamra Bhatia (May 31)
- Re: New NSE Script http-security-headers.nse Robin Wood (May 31)
- Re: New NSE Script http-security-headers.nse George Chatzisofroniou (Jun 01)
- Re: New NSE Script http-security-headers.nse Robin Wood (May 31)