Dotfiles

Author	SHA1	Message	Date
Jonathan Hodgson	2e1dff91a3	BIN: analyse-headers: note on x-frame-options if frame-ancestors present If the frame-ancestors content security policy is present, the x-frame-options warning mentions that the content security helps mitigate against clickjacking although for greater browser support, x-frame-options should also be used Thanks <Dom Ingram> for the suggestion	4 years ago
Jonathan Hodgson	1fabc27b79	BIN: analyse-headers: Adds generic version disclosure function if the header contains the word "version" (case insensitively) it will flag it as potential information disclosure Thanks <Dom Ingram> for the suggestion	4 years ago
Jonathan Hodgson	27b9af6327	BIN: analyse-headers: read from stdin if first arg is - This makes testing much easier	4 years ago
Jonathan Hodgson	039f4e2270	BIN: analyse-headers: Add more notes to expect-ct description As pointed out by <Dom Ingram>, the expect-ct is likely to become obsolete in June 2012 https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT	4 years ago
Jonathan Hodgson	bf132e16c2	BIN: analyse-headers: Fix incorrect reporting of SSL issues It turns out the SSL flags secure and httponly are not case sensitive. https://tools.ietf.org/html/rfc6265#section-5.2.5 I cannot find any documentation about the SameSite=Strict so I will leave it case sensitive for now. The spec for that section is here: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05#section-5.2 Thanks <Dom Ingram> for flagging this	4 years ago
Jonathan Hodgson	69c7355225	BIN: analyse-headers: add expect-ct and start referrer-policy	4 years ago
Jonathan Hodgson	5369861bc8	BIN: Analyse-headers: Adds to description for cookie flag	4 years ago
Jonathan Hodgson	3665bb63a2	BIN: analyse-headers: fix error "wrap command not found"	4 years ago
Jonathan Hodgson	97df97a48b	BIN: analyse-headers: adds feature-policy and permissions-policy checks	4 years ago
Jonathan Hodgson	afa3f3495a	BIN: analyse-headers: Wrap text in descriptions The text in descriptions is now wrapped to 80 chars. This does not affect the headers printed at the top which are not wrapped	4 years ago
Jonathan Hodgson	fb5d25dc6c	BIN: Adds SameSite check in analyse-headers script The script will now warn you if the SameSite option is not set to Strict on cookies.	4 years ago
Jonathan Hodgson	c384064641	BIN: Fix webtest script when : in cookies If there was a colon in a cookie, the script would misidentify insecure cookie configurations	4 years ago
Jonathan Hodgson	ab2c56d9b5	BIN: Adds analyse-headers script The script is in early stages of development but should work for some of the most common mis-configurtaions.	4 years ago
Jonathan Hodgson	085f17ab1f	Adds scripts to help with ssl testing	4 years ago
Jonathan Hodgson	77955b1e18	Renames jwtcat to catjwt to avoid clash with 3rd party tool	4 years ago
Jonathan Hodgson	d106799a8b	Creates script for printing jwt web tokens	4 years ago
Jonathan Hodgson	b19db697e8	A start to webtest script	4 years ago
Jonathan Hodgson	b4bdba9e24	Adds getpaths script	4 years ago
Jonathan Hodgson	4ac6ff54dc	changed profile name to headless	4 years ago
Jonathan Hodgson	031ae34a60	Will create firefox profile	4 years ago
Jonathan Hodgson	045a120083	Adds help and checks url is given	4 years ago
Jonathan Hodgson	f0404cd7fc	Makes clickjacking script look for ff dev edition	4 years ago
Jonathan Hodgson	e973957094	Adds script to make clickjacking screenshot	4 years ago
Jonathan Hodgson	55a7d2da4f	Lots of bin changes	5 years ago
Jonathan Hodgson	187872ab6a	Adds a script for turning an html form into a curl requst	5 years ago

25 Commits (2e1dff91a30eb77546f3d2435bf7408e9bafad83)