seespee

LSE toolsLSE toolsseespee (332)seespee (332)

Tool and Usage

Project details

License
BSD 3-clause
Programming language
JavaScript
Author
Andreas Lind
Latest release
3.0.0
Latest release date

Project health

60
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Seespee helps to crawl a website and define a suitable Content Security Policy (CSP). The related Content-Security-Policy header can be added with the discovered value. This header defines what local and external resources can be loaded on a website.

Usage and audience

seespee is commonly used for application security. Target users for this tool are developers and security professionals.

Features

  • Command line interface

Example usage and output

seespee [--root <inputRootDirectory>] [--validate] [--level <number>]
[--ignoreexisting] [--include ...] <url|pathToHtml>

Options:
--help Show help [boolean]
--version Show version number [boolean]
--root Path to your web root so seespe can resolve root-relative
urls correctly (will be deduced from your input files if
not specified) [string]
--ignore-existing Whether to ignore the existing Content-Security-Policy
(<meta> or HTTP header) and start building one from scratch
[boolean] [default: false]
--include CSP directives to include in the policy to be generated,
eg. "script-src *.mycdn.com; img-src 'self'" [string]
--validate Turn on validation mode, useful for CI. If non-whitelisted
assets are detected, a report will be output, and seespee
will return a non-zero status code. [boolean]
--level The CSP level to target. Possible values: 1 or 2. Defaults
to somewhere in between so that all browsers are supported.
[number]
--pretty Whether to reformat the generated CSP in a human friendly
way [boolean] [default: true]
--user-agent Use a specific User-Agent string when retrieving http(s)
resources. Useful with servers that are configured to only
send a Content-Security-Policy header to browsers known to
understand it [string]

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + The source code of this software is available

Author and Maintainers

Seespee is under development by Andreas Lind.

Installation

Supported operating systems

Seespee is known to work on Linux.

seespee alternatives

Similar tools to seespee:

74

Arachni

Web Application Security Scanner aimed towards helping users evaluate the security of web applications

64

SQLMate

SQLMate is a security tool that calls itself a friend of SQLMap. It has similar functionality, yet comes with additional features like finding an admin panel and improved hash cracking. The tool can find possible vulnerable targets, with the option to save the results and feed it to others, like SQLMap.

60

Wfuzz

Wfuzz is a security tool to do fuzzing of web applications. It is modular and can be used to discover and exploit web application vulnerabilities. This makes the tool useful for both developers as security professionals.

All seespee alternatives

Found an improvement? Help the community by submitting an update.

Related tool information

Categories

This tool is categorized as a web application security tool.

Related topics