Skip to content

Gohanckz/guillotine

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Guillotine

Guillotine - HTTP Security Headers Finder

Finds the security headers that are not enabled in a specific domain.

HTTP Security Headers List

You can detect the following HTTP security headers:

  • Strict-Transport-Security
  • X-Frame-Options
  • X-Content-Type-Options
  • Content-Security-Policy
  • X-Permitted-Cross-Domain-Policies
  • Referrer-Policy
  • Clear-Site-Data
  • Cross-Origin-Embedder-Policy
  • Cross-Origin-Opener-Policy
  • Cross-Origin-Resource-Policy
  • Cache-Control

note: you can add security headers by directly modifying the code.

referer: https://owasp.org/www-project-secure-headers/

INSTALL

  1. Clone the repository
git clone https://github.com/Gohanckz/guillotine.git
  1. Move in to repository
cd guillotine
  1. Install the requirements.
pip3 install -r requirements.txt

USAGE

The use is very simple.

  1. Show http security headers enabled and missing
python guillotine.py -t https://www.domain.com
  1. Show and compare headers with recommended versions.
python guillotine.py -t https://www.domain.com --compare-versions
  1. Show full response
python guillotine.py -t https://www.domain.com -v
  1. Use BASIC Authenticacion to retrieve the site
python guillotine.py -t https://www.domain.com --basic <username>:<password>
  1. Use NTLM Authenticacion to retrieve the site
python guillotine.py -t https://www.domain.com --ntlm [<domain>\\]<username>:<password>
DEVELOPED CONTACT VERSION
Gohanckz Gohanckz@gmail.com 2.0
ignaciocorball ignaciocorball@gmail.com 2.1
BSolarV bastian.solar.v@gmail.com 2.2

About

Guillotine - Security Headers Finder HTTP

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages