{"id":26649017,"url":"https://github.com/aymaneallaoui/kafka-http-scanner","last_synced_at":"2025-06-11T03:13:27.990Z","repository":{"id":284067578,"uuid":"953689163","full_name":"aymaneallaoui/kafka-http-scanner","owner":"aymaneallaoui","description":"An advanced HTTP security vulnerability scanner that detects a wide range of web application vulnerabilities.","archived":false,"fork":false,"pushed_at":"2025-03-24T00:39:12.000Z","size":28,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-24T01:29:18.661Z","etag":null,"topics":["cli","golang","golang-application","golang-package","hsr","http","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aymaneallaoui.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-23T22:55:56.000Z","updated_at":"2025-03-24T01:03:03.000Z","dependencies_parsed_at":"2025-03-24T01:39:47.777Z","dependency_job_id":null,"html_url":"https://github.com/aymaneallaoui/kafka-http-scanner","commit_stats":null,"previous_names":["aymaneallaoui/http-scanner"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aymaneallaoui%2Fkafka-http-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aymaneallaoui%2Fkafka-http-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aymaneallaoui%2Fkafka-http-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aymaneallaoui%2Fkafka-http-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aymaneallaoui","download_url":"https://codeload.github.com/aymaneallaoui/kafka-http-scanner/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248333605,"owners_count":21086199,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","golang","golang-application","golang-package","hsr","http","security"],"created_at":"2025-03-25T00:47:43.979Z","updated_at":"2025-04-11T03:02:26.085Z","avatar_url":"https://github.com/aymaneallaoui.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kafka HTTP Scanner\n\n![terminal](docs/image/terminal.png)\n\nAn advanced HTTP security vulnerability scanner that detects a wide range of web application vulnerabilities.\n\n## Features\n\n- **Comprehensive Vulnerability Detection:** Identifies HTTP smuggling, XSS, SQL injection, and many other vulnerabilities.\n- **Modular Architecture:** Easy to extend with new vulnerability checks.\n- **Concurrent Scanning:** Fast multi-threaded testing.\n- **Multiple Output Formats:** Results in text, JSON, or YAML.\n- **Detailed Remediation:** Provides actionable fixes for discovered vulnerabilities.\n- **Production-Ready:** Robust error handling and retry mechanisms.\n\n## Installation\n\n### From Source\n\n```sh\ngit clone https://github.com/aymaneallaoui/go-http-scanner.git\ncd go-http-scanner\n\ngo build -o httpscan\n\nsudo mv httpscan /usr/local/bin/\n```\n\n## Supported modules\n\n| Module                   | Description                                                                  | Severity |\n| ------------------------ | ---------------------------------------------------------------------------- | -------- |\n| **HeaderSecurity**       | Checks for missing or insecure HTTP security headers.                        | Medium   |\n| **HttpSmuggling**        | Detects HTTP request smuggling vulnerabilities.                              | High     |\n| **SSLTLSSecurity**       | Checks for SSL/TLS security issues like outdated protocols and weak ciphers. | High     |\n| **ContentSecurity**      | Checks for content security issues like MIME type confusion.                 | Medium   |\n| **HTTPMethods**          | Checks for support of dangerous HTTP methods.                                | Medium   |\n| **ServerInfoLeakage**    | Checks for server information leakage.                                       | Low      |\n| **XSSVulnerability**     | Checks for Cross-Site Scripting vulnerabilities.                             | High     |\n| **SQLInjection**         | Checks for SQL injection vulnerabilities.                                    | High     |\n| **DirectoryTraversal**   | Checks for directory traversal vulnerabilities.                              | High     |\n| **HostHeaderAttack**     | Checks for host header attack vulnerabilities.                               | Medium   |\n| **CORSMisconfiguration** | Checks for CORS misconfigurations.                                           | Medium   |\n| **CacheAttack**          | Checks for web cache poisoning vulnerabilities.                              | Medium   |\n| **WebCacheDeception**    | Checks for web cache deception vulnerabilities.                              | Medium   |\n| **OpenRedirect**         | Checks for open redirect vulnerabilities.                                    | Medium   |\n| **Clickjacking**         | Checks for clickjacking vulnerabilities.                                     | Medium   |\n| **CookieSecurity**       | Checks for cookie security issues.                                           | Medium   |\n\n## Example Configuration File (configs/default.yaml)\n\n```yaml\ntimeout: 10\nmax_retries: 3\nconcurrency: 5\nfollow_redirects: true\nskip_ssl_verify: false\noutput_format: text\nlog_level: info\nenabled_modules:\n  - HeaderSecurity\n  - HttpSmuggling\n  - SSLTLSSecurity\ndisabled_modules:\n  - ServerInfoLeakage\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faymaneallaoui%2Fkafka-http-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faymaneallaoui%2Fkafka-http-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faymaneallaoui%2Fkafka-http-scanner/lists"}