gethead.py is a Python HTTP Header Analysis Vulnerability Tool. It identifies security vulnerabilities and the lack of protection in HTTP Headers.
Usage:
$ python gethead.py http://domain.com
Changelog
Version 0.1 - Initial Release
- Written in Python 2.7.5
- Performs HTTP Header Analysis
- Reports Header Vulnerabilities
Features in Development
Version 0.2 - Next Release (April 2014 Release)
- Support for git updates
- Support for Python 3.3
- Complete Header Analysis
- Additional Logic for Severity Classifications
- Rank Vulnerabilities by Severity
- Export Findings with Description, Impact, Execution, Fix, and References
- Export with multi-format options (XML, HTML, TXT)
Version 0.3 - Future Release (May 2014 Release)
- Replay and Inline Upstream Proxy support to import into other tools
- Scan domains, sub-domains, and multi-services
- Header Injection and Fuzzing functionality
- HTTP Header Policy Bypassing
- Modularize and port to more platforms
(e.g. gMinor, Kali, Burp Extension, Metasploit, Chrome, Firefox)