Chopper: An Automated Security Headers Analyzer

Related tags

Command-line ToolsChopper
Overview
  ____ _                                 _ 
 / ___| |__   ___  _ __  _ __   ___ _ __| |
| |   | '_ \ / _ \| '_ \| '_ \ / _ \ '__| |
| |___| | | | (_) | |_) | |_) |  __/ |  |_|
 \____|_| |_|\___/| .__/| .__/ \___|_|  (_)
                  |_|   |_|

Chopper - An Automated Security Headers Analyzer

Chopper is a python script to scrape HTTP Headers from the requests. All you need is to supply a valid domain name. Chopper will automatically check for security related headers, thus saving much of your time.

Currently Chopper is able to check the following headers and flags.

  1. Content-Security-Policy
  2. X-XSS-Protection
  3. X-Frame-Headers
  4. X-Content-Type
  5. Strict-Transport-Security
  6. Referrer-Policy
  7. Feature-Policy
  8. Cache-Control Policy
  9. Access-Control-Allow-Origin
  10. Access-Control-Allow-Credentials
  11. HttpOnly Flag
  12. Secure Flag

Chopper also provides with the complete list of headers. Thus, providing a better view of all the headers.

Required Packages

1. Python3
2. Colorama
3. Validators
4. Requests

Installing Dependencies

  • pip install -r requirements.txt
  • python -m pip install -r requirements.txt

Flying The Chopper

python3 Chopper.py http://testphp.vulnweb.com/login.php

  ____ _                                 _ 
 / ___| |__   ___  _ __  _ __   ___ _ __| |
| |   | '_ \ / _ \| '_ \| '_ \ / _ \ '__| |
| |___| | | | (_) | |_) | |_) |  __/ |  |_|
 \____|_| |_|\___/| .__/| .__/ \___|_|  (_)
                  |_|   |_|                

 An Automated Security Headers Analyzer
 ------------------------------
 Coded by Kamran Saifullah - Frog Man
 Twitter: https://twitter.com/deFr0ggy 
 GitHub: https://github.com/deFr0ggy 
 LinkedIn: https://linkedin.com/in/kamransaifullah 

 Usage: ./Chopper.py <http|https://example.com>


Domain: http://testphp.vulnweb.com/login.php

[-] Content-Security-Policy is not in place!
[-] X-XSS-Protection - XSS Protection is not in place!
[-] X-Frame-Headers - ClickJacking Protection is not in place!
[-] X-Content-Type - MIME Sniffing Protection is not in place!
[-] Strict-Transport-Security - Protection is not in place!
[-] Referrer-Policy is not in place!
[-] Feature-Policy is not in place!
[-] Cache-Control Policy is not in place!
[-] Access-Control-Allow-* - CORS Policy is not in place!
[-] HttpOnly Flag is not in place!
[-] Secure Flag is not in place!


[-] Check These Headers Out! 


Server:  nginx/1.19.0
Date:  Sun, 19 Dec 2021 09:15:46 GMT
Content-Type:  text/html; charset=UTF-8
Transfer-Encoding:  chunked
Connection:  keep-alive
X-Powered-By:  PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1
Content-Encoding:  gzip
Owner
Kamran Saifullah (Frog Man)
An abnormal frog who has been thrown out by the frog community!
Kamran Saifullah (Frog Man)
GitHub Repository
Runs a command in P4wnP1 and displays the output on OLED screen (SH1106)

p4wnp1-oled-terminal Runs a command in P4wnP1 and displays the output on OLED screen (SH1106) Works on Raspberry Pi Zero 2 W Tested successfully on RP

PawnSolo 1 Dec 14, 2021
Kattis shell for getting examples, testing and submitting.

Kattis shell for getting examples, testing and submitting.

Simon Green Kristensen 15 Sep 30, 2022
Commandline script to interact with volkswagencarnet library

volkswagencarnet-client command line script to interact with volkswagencarnet library Table of Contents General Info Setup Usage Example Acknowledgeme

3 Jan 19, 2022
Play WORDLE game in your terminal.

Wordle TUI Play WORDLE game in your terminal. The game will be kept the same as the Web version. Prerequisites Python 3.7+ Linux/MacOS (Windows is not

Frost Ming 61 Oct 30, 2022
My dotfiles -My configuration, with installations steps.

.dotfiles My configuration, with installations steps. Installation Oh My ZSH Install with this command: sh -c "$(curl -fsSL https://raw.githubusercont

Luca Angioloni 4 Dec 14, 2022
Python CLI script to solve wordles.

Wordle Solver Python CLI script to solve wordles. You need at least python 3.8 installed to run this. No dependencies. Sample Usage Let's say the word

Rachel Brindle 1 Jan 16, 2022
A command-line based, minimal torrent streaming client made using Python and Webtorrent-cli.

ABOUT A command-line based, minimal torrent streaming client made using Python and Webtorrent-cli. Installation pip install -r requirements.txt It use

Janardon Hazarika 17 Dec 11, 2022
Command line client for Audience Insights

Dynamics 365 Audience Insights CLI The AuI CLI is a command line tool for Dynamics 365 Audience Insights. It is based on the customerinsights Python l

Microsoft 8 Jan 09, 2023
alternative cli util for update-alternatives

altb altb is a cli utility influenced by update-alternatives of ubuntu. Linked paths are added to $HOME/.local/bin according to XDG Base Directory Spe

Elran Shefer 8 Dec 07, 2022
A simple CLI based any Download Tool, that find files and let you stream or download thorugh WebTorrent CLI or Aria or any command tool

Privateer A simple CLI based any Download Tool, that find files and let you stream or download thorugh WebTorrent CLI or Aria or any command tool How

Shreyash Chavan 2 Apr 04, 2022
PyArmor is a command line tool used to obfuscate python scripts

PyArmor is a command line tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.

Dashingsoft 2k Jan 07, 2023
Investing library and command-line interface inspired by the Bogleheads philosophy

Lakshmi (Screenshot of the lak command in action) Background This project is inspired by Bogleheads forum. Bogleheads focus on a simple but powerful p

Sarvjeet Singh 108 Dec 26, 2022
Command line interface to watch your childhood shows in hindi and english, designed with python

Sweet dreams: Most of your childhood shows Command line interface to watch your

Not Your Surya 3 Feb 13, 2022
Lexeme - CLI to play a word-guessing game like Wordle

What is this? Python program to play a word-guessing game like Wordle, but… More addictive because you can play it over and over and over, not just on

Dan Lenski 6 Oct 26, 2022
Wordle-textual - Play Wordle from the CLI, using Textual

Wordle, playable from the CLI This project seeks to emulate Wordle in your shell

PhenoM4n4n 3 Mar 29, 2022
A command line tool (and Python library) for archiving Twitter JSON

A command line tool (and Python library) for archiving Twitter JSON

Documenting the Now 1.3k Dec 28, 2022
Chat In Terminal - Chat-App in python

Chat In Terminal Hello all. 😉 Sockets and servers are vey important for connection and importantly chatting with others. 😂 😁 I have thought of maki

Shreejan Dolai 5 Nov 17, 2022
Simple CLI tool to track your cryptocurrency portfolio in real time.

Simple tool to track your crypto portfolio in realtime. It can be used to track any coin on the BNB network, even obscure coins that are not listed or trackable by major portfolio tracking applicatio

Trevor White 69 Oct 24, 2022
🕰 The command line tool for scheduling Python scripts

hickory is a simple command line tool for scheduling Python scripts.

Max Humber 146 Dec 07, 2022
command line tool for frequent nmigen tasks (generate sources, show design)

nmigen-tool command line tool for frequent nmigen tasks (generate sources, show design) Usage: generate verilog: nmigen generate verilog nmigen_librar

Hans Baier 8 Nov 27, 2022