Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

0xdevrel/EasyScan

Open more actions menu

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
10 Commits
 
 
 
 
 
 

Repository files navigation

EasyScan

EasyScan is a Python script that analyzes the security of a given website by inspecting its HTTP headers, DNS records, and other configurations. The script generates a security report with a score, grade, and recommendations for addressing potential vulnerabilities.

Features & Test Cases

The script covers the following test cases:

  1. SSL/TLS Verification: Checks if the site uses HTTPS, validates the certificate, and reports expiry (warns if <30 days).
  2. Same Site Scripting: Checks for Referrer-Policy header and meta tag.
  3. SPF Records: Checks for Sender Policy Framework records.
  4. DMARC Records: Checks for Domain-based Message Authentication, Reporting, and Conformance records.
  5. DNS CAA Records: Checks for Certificate Authority Authorization records to restrict certificate issuance.
  6. Public Admin Pages: Scans for common admin paths (e.g., /admin, /wp-admin, /phpmyadmin, /cpanel).
  7. Directory Listing: Checks common directories (/images, /uploads, /files, etc.) for exposed directory listings.
  8. Security Headers: Checks for CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Permissions-Policy, Referrer-Policy, and more.
  9. Cookie Security: Checks all Set-Cookie headers for Secure, HttpOnly, SameSite attributes and __Secure-/__Host- prefixes.
  10. Information Disclosure: Checks for Server, X-Powered-By, X-AspNet-Version headers.
  11. CORS Misconfigurations: Checks for insecure Access-Control-Allow-Origin settings and wildcard + credentials conflicts.
  12. Content-Type Sniffing: Checks for mismatched content types and missing Content-Type header.
  13. Cache Control: Checks for insecure or missing cache settings.
  14. Robots.txt Analysis: Scans robots.txt for potentially sensitive disallowed paths.
  15. HTTP Methods: Sends OPTIONS requests to detect dangerous verbs (TRACE, DELETE, PUT, CONNECT).
  16. Sensitive File Exposure: Probes for .git/config, .env, .htaccess, backup.sql, wp-config.php.bak, and more.
  17. Subresource Integrity (SRI): Scans external <script> and <link> tags for missing integrity attributes.
  18. Mixed Content: Detects http:// resource URLs loaded on HTTPS pages.
  19. Email Address Exposure: Scans page source for exposed email addresses.
  20. Clickjacking: Checks both X-Frame-Options and CSP frame-ancestors for clickjacking protection.
  21. Host Header Injection: Tests if a forged Host header is reflected in redirects or response body.
  22. Open Redirect: Tests common URL parameters (url, next, redirect, return, etc.) for open redirect vulnerabilities.
  23. JavaScript Library Versions: Detects outdated jQuery, AngularJS, Bootstrap, Lodash, and Handlebars from page source.

Dependencies

EasyScan requires Python 3.6+ and the following libraries:

  • requests
  • beautifulsoup4
  • dnspython
  • certifi

You can install these dependencies using the provided requirements.txt file:

pip install -r requirements.txt

Usage

To use the EasyScan script, follow these steps:

  1. Clone the repository or save the code to a file named easyscan.py.
  2. Install the dependencies:
    pip install -r requirements.txt
  3. Run the script:
    python3 easyscan.py [url]
    You can pass the URL as a command-line argument or enter it when prompted.

CLI Flags

Flag Description
url Positional argument. The URL to scan (e.g. example.com or https://example.com).
--json Output results as JSON to stdout.
--output FILE / -o FILE Save the report to a specific file.
--timeout SECS / -t SECS Set the request timeout in seconds (default: 10).
--verbose / -v Enable debug-level logging output.

Examples

Basic scan:

python3 easyscan.py example.com

Scan with JSON output saved to a file:

python3 easyscan.py example.com --json --output report.json

Scan with a longer timeout and verbose logging:

python3 easyscan.py https://example.com --timeout 20 --verbose

JSON Output

Use the --json flag to get structured JSON output, which is useful for integration with other tools:

python3 easyscan.py example.com --json

The JSON report includes a score object with the aggregate score (0-100), a letter grade (A-F), severity counts, and all findings.

Example Output

================================================================================================================================================================
  SECURITY REPORT
================================================================================================================================================================

Header                                     Status                       Severity   Recommendation
================================================================================================================================================================
[CRI] SSL/TLS                                Missing                      Critical   The site is not using HTTPS. Implement SSL/TLS to encrypt data in transit.
[HI]  Clickjacking                           No Protection                High       Set 'X-Frame-Options: DENY' or CSP 'frame-ancestors' directive to prevent clickjacking.
[HI]  Public Admin Page (/admin)             Accessible                   High       Restrict access to /admin to specific IP addresses and/or enable authentication.
[MED] Content-Security-Policy                Missing                      Medium     Implement a Content Security Policy (CSP) to prevent XSS and code injection attacks.
[MED] Strict-Transport-Security              Missing                      Medium     Implement Strict Transport Security (HSTS) to enforce secure connections.
[MED] Permissions-Policy                     Missing                      Medium     Set a 'Permissions-Policy' header to restrict browser features (camera, microphone, geolocation).
[LOW] SPF Record                             Missing                      Low        Add an SPF record to your domain's DNS settings to help prevent email spoofing.
[INF] Meta Referrer                          Missing                      Low        Add a 'referrer' META tag with 'no-referrer' to prevent leaking referrer information.

============================================================
  SECURITY SCORE: 55/100 (Grade: C)
============================================================
  Total Issues : 8
  Critical     : 1
  High         : 2
  Medium       : 4
  Low          : 1
  Info         : 0
============================================================

Disclaimer

Keep in mind that the script may not cover all possible security scenarios, and it's recommended to perform a thorough security assessment for your website.

EasyScan is also available at https://easyscan.onrender.com/

If you have any questions or need a full security audit, please reach out on Twitter @0xdevrel.

About

Light-weight web security scanner

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages

Morty Proxy This is a proxified and sanitized view of the page, visit original site.