add new all

main.py

@@ -0,0 +1,97 @@
+#!/usr/bin/env python3
+
+"""
+     /  __       ____
+ ()  _ / () |)    __/ ,_
+ /\ |/|     |/\     \/  |
+/(_)|_/\___/|  |/\__/   |/
+
+Usage:
+    sech3r [--verbose] [--searchForVuln] [--noRedirects] [--noColor]
+    sech3r <urls>... [--verbose] [--searchForVuln] [--noRedirects] [--noColor]
+    sech3r -h | --help
+    sech3r -V | --version
+
+Options:
+    -h --help           Display help, basically this screen.
+    -V --version        Display version number.
+    <urls>               Optional URL(s) input from the Command-Line.
+    -v --verbose        Show verbose output.
+    -s --searchForVuln  Open Default WebBrowser, Googling for Vulnerabilities.
+    -r --noRedirects    Do not follow HTTP-redirects.
+    -c --noColor        No Colours to be used for the Output.
+
+Examples:
+    sech3r demo.testfire.net
+    sech3r demo.testfire.net -vs
+    sech3r demo.testfire.net -vr
+    sech3r demo.testfire.net -c
+    sech3r -vsrc
+"""
+
+__author__ = "naryal2580"
+__version__ = "4"
+
+from secher import *
+from docopt import docopt
+
+def main(urls=[], verbose=False, color=True):
+    if urls:
+        print(takenInput(f"URL(s) separated with double <space> -> {'  '.join(urls)}", color))
+
+    else:
+        urls = coolInput('URL(s) separated with double <space>', color).split(' ')
+    print(info(f'Started [at] {fetchFormatedTime()}  -> Now, Requesting', color), end='\n\n')
+
+    for url in urls:
+        if len(urls) > 1:
+            print(info(f'Requesting -> {url}', color))
+        url = validateUrl(url)
+        if url.startswith('http://'):
+            print(warn('Warning -> Crafting a non TLS request', color))
+        heads = getHeaders(url)
+        if heads:
+            if verbose:
+                print(info('Response Headers -> ', color))
+                for head in heads:
+                    print(f'{head}: {heads[head]}')
+            secHeads = checkSecHeads(heads)
+            secHeadsPresent = secHeads[0]
+            secHeadsNotPresent = secHeads[1]
+            infoHeads = checkInfoHeads(heads)
+            vulnHeads = infoHeads[0]
+            infoHeads = infoHeads[1]
+            if secHeadsPresent:
+                prnHeads(secHeadsPresent, color, False)
+            if secHeadsNotPresent:
+                prnHeads(secHeadsNotPresent, color)
+            if vulnHeads:
+                prnHeads(vulnHeads, color)
+            if infoHeads:
+                prnHeads(infoHeads, color, False)
+            print()
+
+
+if __name__ == "__main__":
+    args = docopt(__doc__, version=__version__)
+    color = True
+    verbose = False
+    if args['--noColor']:
+        color = False
+    if args['--verbose']:
+        verbose = True
+    if args['--searchForVuln']:
+        print('works.')
+    banner(__version__, color)
+    if verbose:
+        print(info('Verbosity -> Enabled', color))
+        if color:
+            print(info('Colorized Output -> Yeah'))
+        else:
+            print(info('Much fanciness -> Nope', False))
+    if args['<urls>']:
+        main(args['<urls>'], verbose, color)
+    else:
+        main([], verbose, color)
+
+    coolExit(0, color)

requirements.txt

@@ -0,0 +1,2 @@
+stoyled
+docopt

secher/__init__.py

@@ -0,0 +1,4 @@
+from .core import *
+
+__author__ = "naryal2580"
+__version__ = "4"

secher/core.py

@@ -0,0 +1,89 @@
+from re import compile as reCompile
+from urllib.request import urlopen as request
+from urllib.request import Request
+from .style import *
+
+
+def parseUrl(url):
+    pattern = (
+               r'^'
+               r'((?P<protocol>.+?)://)?'
+               r'((?P<user>.+?)(:(?P<password>.*?))?@)?'
+               r'(?P<host>.*?)'
+               r'(:(?P<port>\d+?))?'
+               r'(?P<path>/.*?)?'
+               r'(?P<query>[?].*?)?'
+               r'$'
+               )
+    regex = reCompile(pattern)
+    matches = regex.match(url)
+    matchesAsDict = matches.groupdict() if matches is not None else None
+    return matchesAsDict
+
+
+def validateUrl(url):
+    parsedUrl = parseUrl(url)
+    if not parsedUrl['protocol']:
+        url = 'http://' + url
+    return url
+
+
+def getHeaders(url):
+    try:
+        req = Request(
+                        url,
+                        data=None,
+                        headers={'User-Agent': 'sech3r/0.1'}
+                    )
+        resp = request(req)
+    except Exception as excptn:
+        print(bad(str(excptn).replace(': ', ' -> ')))
+        if 'HTTP Error' in str(excptn):
+            resp = excptn
+        else:
+            return {}
+    return dict(resp.headers)
+
+
+def checkSecHeads(headers):
+    headersPresent = {}
+    headersNotPresent = []
+    security_headers = [
+                        'Referrer-Policy',
+                        'X-XSS-Protection',
+                        'Content-Security-Policy',
+                        'X-Frame-Options',
+                        'Strict-Transport-Security',
+                        'X-Content-Type-Options',
+                        'X-Permitted-Cross-Domain-Policies',
+                        'Public-Key-Pins',
+                        'Expect-CT',
+                        'Feature-Policy',
+                        'Report-To',
+                        'NEL'
+                       ]
+    for security_header in security_headers:
+        if security_header in headers:
+            headersPresent[security_header] = headers[security_header]
+        else:
+            headersNotPresent.append(security_header)
+    return headersPresent, headersNotPresent
+
+
+def checkInfoHeads(headers, searchForVuln=False, color=True):
+    version_disclosure_headers = [
+                                    'Server',
+                                    'X-AspNet-Version',
+                                    'X-Powered-By'
+                                ]
+    disclosedOnes = {}
+    undisclosedOnes = {}
+    for header in version_disclosure_headers:
+        if header in headers.keys():
+            if any(char.isdigit() for char in headers[header]):
+                disclosedOnes[header] = headers[header]
+            else:
+                undisclosedOnes[header] = headers[header]
+    return disclosedOnes, undisclosedOnes
+
+

secher/style.py

@@ -0,0 +1,25 @@
+from stoyled import *
+
+def banner(version, color=True):
+    _banner = """
+     /  __       ____
+ ()  _ / () |)    __/ ,_
+ /\ |/|     |/\     \/  |
+/(_)|_/\___/|  |/\__/   |/ """[1:]
+    if color:
+        print(f"{rst}{bold}{_banner}{rst}  v{version} by --{bold}naryal2580{rst}")
+    else:
+        print(f"{_banner}  v{version} by --naryal2580")
+
+
+def prnHeads(headers, color=True, isVuln=True):
+    if isVuln:
+        if type(headers) != list:
+            for header in headers:
+                print(bad(f'{header} -> {headers[header]}', color))
+        else:
+            for header in headers:
+                print(bad(f'{header} -> Not Present', color))
+    else:
+        for header in headers:
+            print(info(f'{header} -> {headers[header]}', color))

setup.py

@@ -0,0 +1,24 @@
+from setuptools import setup, find_packages
+
+with open("./README.md") as f:
+    long_description = f.read()
+
+setup(
+    name='sech3r',
+    version='4',
+    author="Captain Nick Lucifer",
+    author_email="naryal2580@gmail.com",
+    url="https://github.com/naryal2580/sech3r",
+    download_url='https://github.com/naryal2580/sech3r/tarball/master',
+    description="HTTP Security Header Checker",
+    long_description=long_description,
+    long_description_content_type="text/markdown",
+    packages=find_packages(),
+    py_modules=['secher'],
+    classifiers=[
+         "Programming Language :: Python :: 3",
+         "License :: OSI Approved :: MIT License",
+         "Operating System :: OS Independent",
+     ],
+    python_requires='>=3',
+ )