Tool to do more easy the web scan proccess to check if the secure and HTTPOnly flags are enabled in the cookies (path and expires too).
This tools allows probe multiple urls through a input file, by a google domain (looking in all subdomains) or by a unique url. Also, supports multiple output like json, xml and csv.
Features:
- Multiple options for output (and export using >). xml, json, csv, grepable
- Check the flags in multiple sites by a file input (one per line). This is very useful for pentesters when they want check the flags in multiple sites.
- Google search. Search in google all subdomains and check the cookies for each domain.
- Colors for the normal output.
Usage
Usage: cookiescanner.py [options]
Example: ./cookiescanner.py -i ips.txt
Options:
-h, --help show this help message and exit
-i INPUT, --input=INPUT
File input with the list of webservers
-I, --info More info
-u URL, --url=URL URL
-f FORMAT, --format=FORMAT
Output format (json, xml, csv, normal, grepable)
--nocolor Disable color (for the normal format output)
-g GOOGLE, --google=GOOGLE
Search in google by domain
Requirements
requests >= 2.8.1
BeautifulSoup >= 4.2.1
Install requirements
pip3 install --upgrade -r requirements.txt