shcheck (Security Header Check)

LSE toolsLSE toolsshcheck (196)shcheck (196)

Tool and Usage

Project details

License
GPLv3
Programming language
Python
Author
Alessio Santoru
Latest release
1.5.0
Latest release date

Project health

60
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

This simple tool is a good option to test if advised HTTP headers are available on web application and websites. It can be used as a defensive measure during development, or offensive to find weaknesses in existing applications.

How it works

The tool connects to the given target and retrieves the available HTTP headers. It parses each header and checks them in the internal database. Depending on the presence of absence of a header, it will show its status.

Usage and audience

shcheck is commonly used for application security or web application analysis. Target users for this tool are developers, pentesters, and security professionals.

Features

  • Colored output
  • Command line interface

Example usage and output

Options:
-h, --help show this help message and exit
-p PORT, --port=PORT Set a custom port to connect to
-c COOKIE_STRING, --cookie=COOKIE_STRING
Set cookies for the request
-d, --disable-ssl-check
Disable SSL/TLS certificate validation
-g, --use-get-method Use GET method instead HEAD method
-i, --information Display information headers
-x, --caching Display caching headers
--proxy=PROXY_URL Set a proxy (Ex: http://127.0.0.1:8080)

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + Very low number of dependencies
  • + The source code of this software is available

Weaknesses

  • - No releases on GitHub available

Author and Maintainers

Shcheck is under development by Alessio Santoru.

Installation

Supported operating systems

Shcheck is known to work on Linux.

shcheck alternatives

Similar tools to shcheck:

97

Arachni

Web Application Security Scanner aimed towards helping users evaluate the security of web applications

64

CMSeeK

CMSeeK is a security scanner for content management systems (CMS) and used for security assessments. Read how it works in this review.

74

Nikto

Nikto is an open source security scanner which tests web servers for potential vulnerabilities.

All shcheck alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information