Skip to content

0xdevrel/EasyScan

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
README.md
README.md
 
 
easyscan.py
easyscan.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

EasyScan

EasyScan is a Python script that analyzes the security of a given website by inspecting its HTTP headers, DNS records, and other configurations. The script generates a security report with recommendations for addressing potential vulnerabilities.

Features & Test Cases

The script covers the following test cases:

  1. SSL/TLS Verification: Checks if the site uses HTTPS and validates the certificate.
  2. Same Site Scripting: Checks for Referrer-Policy.
  3. SPF Records: Checks for Sender Policy Framework records.
  4. DMARC Records: Checks for Domain-based Message Authentication, Reporting, and Conformance records.
  5. Public Admin Pages: Scans for common admin paths (e.g., /admin, /wp-admin).
  6. Directory Listing: Checks if directory listing is enabled.
  7. Security Headers: Checks for CSP, HSTS, X-Frame-Options, X-Content-Type-Options, etc.
  8. Cookie Security: Checks for Secure, HttpOnly, and SameSite attributes.
  9. Information Disclosure: Checks for Server, X-Powered-By, etc.
  10. CORS Misconfigurations: Checks for insecure Access-Control-Allow-Origin settings.
  11. Content-Type Sniffing: Checks for mismatched content types and options.
  12. Cache Control: Checks for insecure cache settings on sensitive data.
  13. Robots.txt Analysis: Scans robots.txt for potentially sensitive disallowed paths.

Dependencies

EasyScan requires Python 3.6+ and the following libraries:

  • requests
  • beautifulsoup4
  • dnspython

You can install these dependencies using the provided requirements.txt file:

pip install -r requirements.txt

Usage

To use the EasyScan script, follow these steps:

  1. Clone the repository or save the code to a file named easyscan.py.

  2. Install the dependencies:

    pip install -r requirements.txt

  3. Run the script:

    python3 easyscan.py [url]

    You can pass the URL as a command-line argument or enter it when prompted.

  4. JSON Output: After the scan, you will be prompted to save the report as a JSON file, which is useful for integration with other tools.

Example Output

Scanning https://example.com...

Security Report:
Header                                   Status               Severity   Recommendation
------------------------------------------------------------------------------------------------------------------------
SSL/TLS                                  Valid                Info       SSL Certificate verification passed.
Meta Referrer                            Missing              Low        Add a 'referrer' META tag with 'no-referrer' to prevent leaking referrer information.
SPF Record                               Missing              Low        Add an SPF record to your domain's DNS settings to help prevent email spoofing.
...

Disclaimer

Keep in mind that the script may not cover all possible security scenarios, and it's recommended to perform a thorough security assessment for your website.

EasyScan is also available at https://easyscan.onrender.com/

If you have any questions or need a full security audit, please reach out on Twitter @0xdevrel.

About

Light-weight web security scanner

Resources

Readme
Activity

Stars

149 stars

Watchers

5 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages