shcheck (Security Header Check)

LSE toolsLSE toolsshcheck (277)shcheck (277)

Tool and Usage

Security header check (shcheck) is a security tool to scan web applications and their HTTP headers. It can help securing web applications or detect weaknesses.

Why this tool?

This simple tool is a good option to test if advised HTTP headers are available on web application and websites. It can be used as a defensive measure during development, or offensive to find weaknesses in existing applications.

How it works

The tool connects to the given target and retrieves the available HTTP headers. It parses each header and checks them in the internal database. Depending on the presence of absence of a header, it will show its status.

Usage and audience

shcheck is commonly used for application security or web application analysis. Target users for this tool are developers, pentesters, and security professionals.

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + Very low number of dependencies
  • + The source code of this software is available


  • - No releases on GitHub available

Author and Maintainers

Shcheck is under development by Alessio Santoru.


Supported operating systems

Shcheck is known to work on Linux.

shcheck alternatives

Similar tools to shcheck:



VHostScan is a security tool that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases, and dynamic default pages.


Admin Page Finder (PHP)

Admin Page Finder is a tool written in PHP to find admin sections within a website. It can be used during pentesting and security assessments.



BlindElephant is a security tool to perform fingerprinting of web applications. It can discover the name and version of known web applications.

See all alternatives tools for shcheck »

Found an improvement? Become an influencer and submit an update.
Project details
Latest releaseNo release found

Project health

This score is calculated by different factors, like project age, last release date, etc.


GitHub iconGitHub project


This tool is categorized as a website reconnaissance tool and website security audit tool.

Related terms