OSHP alternatives

Looking for an alternative tool to replace OSHP? During the review of OSHP we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. django-security (Security add-ons for Django)
  2. hsecscan (website headers extraction)
  3. shcheck (test HTTP headers of web applications)

These tools are ranked as the best alternatives to OSHP.

Alternatives (by score)

89

django-security

Introduction

Django-security is an extension for developers seeking more security measures in their Django project. The toolkit can set or activate particular settings improving security. Examples of these settings include the use of particular HTTP headers that increase the security defenses of the web application.

Part of the toolkit is middleware to enforce password strength, set the do-not-track header, enable content security policy (CSP), enable privacy policy (P3P), limit session length, use HTTPS (HSTS), XSS protection, and more.

Project details

django-security is written in Python.

Strengths and weaknesses

  • + More than 10 contributors
  • + The source code of this software is available

    Typical usage

    • Application security

    django-security review

    60

    hsecscan (hsecscan)

    Introduction

    The hsecscan utility is written in Python and opens a connection (via HTTP or HTTPS) to the related web server. It will return all headers found and includes an explanation of what each header does. Any security recommendations are listed as well.

    Project details

    hsecscan is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Information gathering
      • Learning
      • Penetration testing
      • Security assessment
      • Web application analysis

      hsecscan review

      64

      shcheck (Security Header Check)

      Introduction

      This simple tool is a good option to test if advised HTTP headers are available on web application and websites. It can be used as a defensive measure during development, or offensive to find weaknesses in existing applications.

      Project details

      shcheck is written in Python.

      Strengths and weaknesses

      • + Very low number of dependencies
      • + The source code of this software is available
      • - No releases on GitHub available

      Typical usage

      • Application security
      • Web application analysis

      shcheck review

      Some relevant tool missing as an alternative to OSHP? Please contact us with your suggestion.