{"id":27946045,"url":"https://github.com/911abaddon/securityheaderx","last_synced_at":"2025-05-07T13:47:45.076Z","repository":{"id":291431181,"uuid":"977598323","full_name":"911Abaddon/SecurityHeaderX","owner":"911Abaddon","description":"Instant web security analysis: detect vulnerabilities in HTTP headers, TLS, and CORS with a single scan","archived":false,"fork":false,"pushed_at":"2025-05-04T16:00:27.000Z","size":82,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-04T16:31:26.555Z","etag":null,"topics":["api-security","appsec","cloud-security","container-security","cybersecurity","devsecops","http-headers","javascript","nodejs","owasp","penetration-testing","privacy","security","security-headers","security-tools","web-security"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/911Abaddon.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security-header-checker.js","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-04T15:16:15.000Z","updated_at":"2025-05-04T16:08:35.000Z","dependencies_parsed_at":"2025-05-04T16:43:05.459Z","dependency_job_id":null,"html_url":"https://github.com/911Abaddon/SecurityHeaderX","commit_stats":null,"previous_names":["911abaddon/securityheaderx"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/911Abaddon%2FSecurityHeaderX","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/911Abaddon%2FSecurityHeaderX/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/911Abaddon%2FSecurityHeaderX/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/911Abaddon%2FSecurityHeaderX/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/911Abaddon","download_url":"https://codeload.github.com/911Abaddon/SecurityHeaderX/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252890353,"owners_count":21820375,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-security","appsec","cloud-security","container-security","cybersecurity","devsecops","http-headers","javascript","nodejs","owasp","penetration-testing","privacy","security","security-headers","security-tools","web-security"],"created_at":"2025-05-07T13:47:44.287Z","updated_at":"2025-05-07T13:47:45.068Z","avatar_url":"https://github.com/911Abaddon.png","language":"JavaScript","readme":"# SecurityHeaderX\n\n\u003cdiv align=\"center\"\u003e\n  \n![Version](https://img.shields.io/badge/version-1.0.0-blue.svg)\n![License](https://img.shields.io/badge/license-MIT-green.svg)\n![Node](https://img.shields.io/badge/node-%3E%3D14.16-brightgreen.svg)\n\n\u003c/div\u003e\n\nA comprehensive web security analysis tool focused on detecting HTTP security header vulnerabilities and providing actionable remediation steps. SecurityHeaderX helps developers and security professionals identify and fix security misconfigurations in web applications.\n\n## ✨ Features\n\n- 🔍 **Security Header Analysis**: Thorough scanning of HTTP security headers with detailed findings\n- 📊 **Risk Scoring**: Security grade assessment based on OWASP recommendations\n- 🔐 **TLS/SSL Verification**: (Coming Soon) Analyze TLS configurations for vulnerabilities\n- 🚨 **Remediation Guidance**: Clear instructions for fixing identified issues\n- 📝 **Multiple Report Formats**: Console, HTML, and JSON reports\n- 🔧 **Customizable**: Configurable scanning profiles for different security requirements\n- 🔄 **API Support**: (Coming Soon) REST API for integration with CI/CD pipelines\n\n## 🚀 Installation\n\n```bash\n# Clone the repository\ngit clone https://github.com/911Abaddon/SecurityHeaderX.git\n\n# Navigate to the project directory\ncd SecurityHeaderX\n\n# Install dependencies\nnpm install\n```\n\n## 📋 Usage\n\n### Command Line Interface\n\nScan a website for security headers:\n\n```bash\nnode index.js https://example.com\n```\n\nWith additional options:\n\n```bash\n# Generate HTML and JSON reports\nnode index.js https://example.com --reports\n\n# Enable verbose output\nnode index.js https://example.com --verbose\n```\n\n### Programmatic Usage\n\n```javascript\nconst securityHeaderX = require('./index');\n\n// Scan a URL and get results\nasync function scanWebsite() {\n  const results = await securityHeaderX.scanUrl('https://example.com');\n  console.log(results);\n}\n\n// Generate reports\nasync function generateReports() {\n  const reportResult = await securityHeaderX.scanAndGenerateReports('https://example.com');\n  console.log(`Reports saved to: ${reportResult.reports.html}`);\n}\n\nscanWebsite();\n```\n\n## 📊 Security Headers Analyzed\n\nSecurityHeaderX thoroughly analyzes the following HTTP security headers:\n\n| Header | Description | Security Impact |\n|--------|-------------|----------------|\n| Content-Security-Policy | Controls resources the browser can load | Critical - Prevents XSS |\n| Strict-Transport-Security | Forces HTTPS connections | Critical - Prevents MITM attacks |\n| X-Content-Type-Options | Prevents MIME-sniffing | High - Prevents content-type attacks |\n| X-Frame-Options | Controls framing of the page | High - Prevents clickjacking |\n| Referrer-Policy | Controls referrer information | Medium - Prevents information leakage |\n| Permissions-Policy | Restricts browser features | Medium - Reduces attack surface |\n| X-XSS-Protection | Enables browser XSS filtering | Medium - Additional XSS protection |\n| Cache-Control | Controls browser caching | Medium - Prevents sensitive data exposure |\n\n## 🛠️ Project Structure\n\n```\nSecurityHeaderX/\n├── api/                # REST API server\n│   └── routes/         # API endpoints\n├── cli/                # Command line interface\n├── config/             # Configuration files\n│   ├── compliance/     # Security standards (NIST, OWASP, PCI)\n│   └── default.js      # Default configuration\n├── docs/               # Documentation\n├── src/\n│   ├── analyzers/      # Specialized analyzers\n│   ├── core/           # Core functionality\n│   ├── headers/        # Header modules\n│   ├── remediation/    # Remediation suggestions\n│   ├── reports/        # Report generators\n│   └── utils/          # Utility functions\n├── tests/              # Test files\n├── index.js            # Main entry point\n└── package.json        # Project metadata\n```\n\n## 🧪 Development\n\nRun tests:\n\n```bash\nnpm test\n```\n\nRun tests with coverage:\n\n```bash\nnpm run test:coverage\n```\n\n## 📝 Sample Report\n\nSecurityHeaderX generates comprehensive reports with findings categorized by severity:\n\n```\n📊 SECURITY HEADER SCAN RESULTS\n--------------------------------------------------\nURL: https://example.com\nStatus: 200\nScore: 65/100 (Grade C)\nScan Time: May 4, 2025, 10:15:00 AM\n--------------------------------------------------\n\n❌ MISSING HEADERS (3)\n  HIGH SEVERITY ISSUES (1):\n    Content-Security-Policy (CSP)\n      Description: Controls resources the browser is allowed to load\n      Recommendation: Add Content-Security-Policy header with appropriate directives\n\n  MEDIUM SEVERITY ISSUES (2):\n    Referrer-Policy\n      Description: Controls how much referrer information should be included with requests\n      Recommendation: Add \"Referrer-Policy: strict-origin-when-cross-origin\" header\n    \n    Permissions-Policy\n      Description: Controls which browser features can be used on the page\n      Recommendation: Implement a Permissions-Policy to restrict unnecessary features\n\n⚠️ MISCONFIGURED HEADERS (1)\n  HIGH SEVERITY ISSUES (1):\n    Strict-Transport-Security (HSTS)\n      Current Value: max-age=15768000\n      Issue: HSTS max-age is less than 1 year\n      Recommendation: Increase max-age to at least 31536000 (1 year)\n```\n\n## 🗺️ Roadmap\n\n- [x] HTTP security header analysis\n- [x] Multiple report formats (Console, HTML, JSON)\n- [ ] TLS/SSL verification\n- [ ] API security assessment\n- [ ] Web UI for interactive scanning\n- [ ] CI/CD integration\n- [ ] Custom scan profiles\n- [ ] Docker containerization\n\n## 🤝 Contributing\n\nContributions are welcome! Feel free to submit a Pull Request.\n\n1. Fork the repository\n2. Create your feature branch (`git checkout -b feature/amazing-feature`)\n3. Commit your changes (`git commit -m 'Add some amazing feature'`)\n4. Push to the branch (`git push origin feature/amazing-feature`)\n5. Open a Pull Request\n\n## 📄 License\n\nThis project is licensed under the MIT License - see the LICENSE file for details.\n\n## 🙏 Acknowledgements\n\n- [OWASP Secure Headers Project](https://owasp.org/www-project-secure-headers/)\n- [Mozilla Observatory](https://observatory.mozilla.org/)\n- [SecurityHeaders.com](https://securityheaders.com/)","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F911abaddon%2Fsecurityheaderx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F911abaddon%2Fsecurityheaderx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F911abaddon%2Fsecurityheaderx/lists"}