Security Header Check

About

Shcheck detects which security headers are enabled on certain websites. It just check headers and print a report about which are enabled and which not. It just check the security headers on a target website.

Installation

Docker Installation:

Step 1: To build a docker container use the code below.

docker build -t shcheck .

Step 2: Then run the docker container by specifying the target website that you want to scan. Use the below command,

docker run -it --rm https://www.example.com/

Traditional Installation:

Step 1: Download or Clone the Shcheck tool in to your system.

root~#git clone https://github.com/meliot/shcheck.git

Step 2: The Navigate to the shcheck tool directory in your system.

root~#cd shcheck

Step 3: Now run the installation file as shown below.

root~shcheck# ./shcheck.py https://www.example.com/ -i –x

Usage with options

Usage: ./shcheck.py [options]

Options:

  -h, --help            show this help message and exit

  -p PORT, --port=PORT  Set a custom port to connect to

  -c COOKIE_STRING, --cookie=COOKIE_STRING

                        Set cookies for the request

  -a HEADER_STRING, --add-header=HEADER_STRING

                        Add headers for the request e.g. 'Header: value'

  -d, --disable-ssl-check

                        Disable SSL/TLS certificate validation

  -g, --use-get-method  Use GET method instead HEAD method

  -j, --json-output     Print the output in JSON format

  -i, --information     Display information headers

  -x, --caching         Display caching headers

  --proxy=PROXY_URL     Set a proxy (Ex: http://127.0.0.1:8080)

  --hfile=PATH_TO_FILE  Load a list of hosts from a flat file