jab2870/Dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
821 commits 1 branch 0 tags 15 MiB
Commit graph

12 commits

Author SHA1 Message Date
Jonathan Hodgson
1fabc27b79 BIN: analyse-headers: Adds generic version disclosure function 
if the header contains the word "version" (case insensitively) it will
flag it as potential information disclosure

Thanks <Dom Ingram> for the suggestion
 2020-12-09 16:26:47 +00:00
Jonathan Hodgson
27b9af6327 BIN: analyse-headers: read from stdin if first arg is - 
This makes testing much easier
 2020-12-09 16:24:59 +00:00
Jonathan Hodgson
039f4e2270 BIN: analyse-headers: Add more notes to expect-ct description 
As pointed out by <Dom Ingram>, the expect-ct is likely to become
obsolete in June 2012

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
 2020-12-09 16:13:39 +00:00
Jonathan Hodgson
bf132e16c2 BIN: analyse-headers: Fix incorrect reporting of SSL issues 
It turns out the SSL flags secure and httponly are not case sensitive.

https://tools.ietf.org/html/rfc6265#section-5.2.5

I cannot find any documentation about the SameSite=Strict so I will
leave it case sensitive for now. The spec for that section is here:

https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05#section-5.2

Thanks <Dom Ingram> for flagging this
 2020-12-09 16:08:26 +00:00
Jonathan Hodgson
69c7355225 BIN: analyse-headers: add expect-ct and start referrer-policy 2020-12-03 11:19:35 +00:00
Jonathan Hodgson
5369861bc8 BIN: Analyse-headers: Adds to description for cookie flag 2020-12-02 10:54:10 +00:00
Jonathan Hodgson
3665bb63a2 BIN: analyse-headers: fix error "wrap command not found" 2020-12-02 09:19:47 +00:00
Jonathan Hodgson
97df97a48b BIN: analyse-headers: adds feature-policy and permissions-policy checks 2020-12-02 09:11:52 +00:00
Jonathan Hodgson
afa3f3495a BIN: analyse-headers: Wrap text in descriptions 
The text in descriptions is now wrapped to 80 chars. This does not
affect the headers printed at the top which are not wrapped
 2020-12-02 08:32:10 +00:00
Jonathan Hodgson
fb5d25dc6c BIN: Adds SameSite check in analyse-headers script 
The script will now warn you if the SameSite option is not set to Strict
on cookies.
 2020-12-01 21:17:34 +00:00
Jonathan Hodgson
c384064641 BIN: Fix webtest script when : in cookies 
If there was a colon in a cookie, the script would misidentify insecure
cookie configurations
 2020-12-01 19:56:33 +00:00
Jonathan Hodgson
ab2c56d9b5 BIN: Adds analyse-headers script 
The script is in early stages of development but should work for some of
the most common mis-configurtaions.
 2020-12-01 18:15:01 +00:00