{"id":36967465,"url":"https://github.com/dtouzeau/http-audit","last_synced_at":"2026-01-13T20:04:16.327Z","repository":{"id":329145677,"uuid":"1118255181","full_name":"dtouzeau/http-audit","owner":"dtouzeau","description":"An HTTP auditing tool written in Go that investigates all steps required to access a URL - A part of Artica Ecosystem","archived":false,"fork":false,"pushed_at":"2025-12-19T01:11:02.000Z","size":81,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-12-21T04:00:23.003Z","etag":null,"topics":["http","http-client","http-requests","httpclient","tool"],"latest_commit_sha":null,"homepage":"https://wiki.articatech.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dtouzeau.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":"audit/audit.go","citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-17T13:38:52.000Z","updated_at":"2025-12-19T00:55:18.000Z","dependencies_parsed_at":"2025-12-21T04:04:56.057Z","dependency_job_id":null,"html_url":"https://github.com/dtouzeau/http-audit","commit_stats":null,"previous_names":["dtouzeau/http-audit"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/dtouzeau/http-audit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dtouzeau%2Fhttp-audit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dtouzeau%2Fhttp-audit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dtouzeau%2Fhttp-audit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dtouzeau%2Fhttp-audit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dtouzeau","download_url":"https://codeload.github.com/dtouzeau/http-audit/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dtouzeau%2Fhttp-audit/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28399532,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-13T14:36:09.778Z","status":"ssl_error","status_checked_at":"2026-01-13T14:35:19.697Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["http","http-client","http-requests","httpclient","tool"],"created_at":"2026-01-13T20:04:15.751Z","updated_at":"2026-01-13T20:04:16.320Z","avatar_url":"https://github.com/dtouzeau.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# http-audit\n\nAn HTTP auditing tool written in Go that investigates all steps required to access a URL. \n\nIt provides detailed analysis of DNS resolution, SSL/TLS certificates, HTTP responses, and generates visual HTML reports with Chart.js.\n\n## Features\n\n- **DNS Resolution Analysis**: Custom DNS servers, IP validation, resolution timing\n- **SSL/TLS Inspection**: Certificate chain analysis, protocol version detection, cipher suite identification\n- **HTTP Request Auditing**: Detailed timing breakdown, redirect tracking, header inspection\n- **Authentication Support**: HTTP Basic and Kerberos/SPNEGO with automatic keytab generation\n- **Proxy Support**: HTTP proxy with authentication\n- **Network Interface Binding**: Specify outgoing network interface\n- **Detailed Reports**: HTML reports with Chart.js visualizations and JSON exports\n\n## Quick Start\n\n1. Create a configuration file (see `examples/config.json`):\n\n```json\n{\n  \"target\": {\n    \"url\": \"https://www.articatech.com\",\n    \"method\": \"GET\"\n  },\n  \"dns\": {\n    \"enabled\": true\n  },\n  \"ssl\": {\n    \"verify\": true,\n    \"check_protocols\": true\n  },\n  \"output\": {\n    \"html_path\": \"./report.html\",\n    \"json_path\": \"./report.json\"\n  }\n}\n```\n\n2. Run the audit:\n\n```bash\n./http-audit -config config.json\n```\n\n3. View the generated HTML report in your browser.\n\n## Usage\n### -config\n```bash\n# Run with configuration file\n./http-audit -config config.json\n\n# Show version\n./http-audit -version\n```\n### -url\n\nOverrides the `target.url` value from the configuration file. \nUseful for running the same configuration against different endpoints without modifying the config file.\n\n```bash\n# Override URL\n./http-audit -config config.json -url https://wiki.articatech.com\n```\n### -interface\n\nOverrides the `network.interface` value from the configuration file. Binds outgoing connections to a specific network interface.\n\n```bash\n# Bind to specific interface\n./http-audit -config config.json -interface eth0\n```\n\n### Combined Overrides\n\n```bash\n# Override both URL and interface\n./http-audit -config config.json -url http://articatech.net -interface eth1\n```\n\n### Example Configurations\n\n- `examples/config.json` - Basic HTTPS audit\n- `examples/config-with-proxy.json` - Audit through HTTP proxy\n- `examples/config-kerberos.json` - Audit with Kerberos authentication\n\n### Key Configuration Options\n\n| Section | Option | Description |\n|---------|--------|-------------|\n| `target.url` | string | Target URL to audit (required) |\n| `target.method` | string | HTTP method (default: GET) |\n| `network.interface` | string | Bind to specific network interface |\n| `network.timeout_total` | duration | Total request timeout (default: 60s) |\n| `dns.enabled` | bool | Enable DNS resolution check |\n| `dns.servers` | array | Custom DNS servers |\n| `proxy.enabled` | bool | Enable HTTP proxy |\n| `proxy.url` | string | Proxy URL |\n| `auth.type` | string | Authentication type: none, basic, kerberos |\n| `ssl.verify` | bool | Verify SSL certificates |\n| `ssl.check_protocols` | bool | Check supported TLS versions |\n| `output.html_path` | string | HTML report output path |\n| `output.json_path` | string | JSON report output path |\n| `output.chartjs_url` | string | Chart.js library URL for HTML reports |\n\n## Output\n\n### Console Output\n\n```\n===========================================\n           HTTP Audit Tool v1.1.1\n===========================================\nTarget URL: https://example.com\nMethod: GET\n-------------------------------------------\nPerforming DNS resolution...\nDNS resolved example.com to [93.184.216.34] in 15.234ms\nAnalyzing SSL/TLS...\nSSL connected with TLS 1.3 using TLS_AES_256_GCM_SHA384\nCertificate: CN=example.com (expires in 365 days)\nExecuting HTTP request...\nHTTP HTTP/2.0 200 in 245.123ms\n-------------------------------------------\nJSON report saved to: ./report.json\nHTML report saved to: ./report.html\n===========================================\n                 SUMMARY\n===========================================\nStatus: SUCCESS\nSteps: 3/3 successful\nTotal Time: 312.456ms\n```\n\n### HTML Report\n\nThe HTML report includes:\n- Summary dashboard with success/failure status\n- Timing waterfall chart (DNS, TCP, TLS, First Byte)\n- DNS resolution details\n- SSL/TLS certificate chain with expiry warnings\n- TLS version support matrix\n- HTTP response headers and redirect chain\n- Request headers sent\n\n### JSON Report\n\nMachine-readable JSON output containing all audit data for integration with other tools.\n\n## Authentication\n\n### Basic Authentication\n\n```json\n{\n  \"auth\": {\n    \"type\": \"basic\",\n    \"basic\": {\n      \"username\": \"user\",\n      \"password\": \"password\"\n    }\n  }\n}\n```\n\n### Kerberos Authentication\n\n```json\n{\n  \"auth\": {\n    \"type\": \"kerberos\",\n    \"kerberos\": {\n      \"username\": \"user@REALM.COM\",\n      \"password\": \"password\",\n      \"kdc_server\": \"kdc.realm.com\",\n      \"realm\": \"REALM.COM\",\n      \"keytab_path\": \"/tmp/user.keytab\",\n      \"generate_keytab\": true\n    }\n  }\n}\n```\n\nWhen `generate_keytab` is `true`, the tool will automatically generate a keytab file using `ktutil` before performing the HTTP request.\n\n## Proxy Configuration\n\n```json\n{\n  \"proxy\": {\n    \"enabled\": true,\n    \"url\": \"http://proxy.example.com:8080\",\n    \"auth\": {\n      \"type\": \"basic\",\n      \"username\": \"proxyuser\",\n      \"password\": \"proxypass\"\n    }\n  }\n}\n```\n\n## Chart.js Configuration\n\nBy default, Chart.js is loaded from the jsdelivr CDN. For offline use or to use a local copy:\n\n```json\n{\n  \"output\": {\n    \"chartjs_url\": \"file:///path/to/chart.js\"\n  }\n}\n```\n\nOr use a different CDN:\n\n```json\n{\n  \"output\": {\n    \"chartjs_url\": \"https://cdnjs.cloudflare.com/ajax/libs/Chart.js/4.4.1/chart.umd.min.js\"\n  }\n}\n```\n\n## Exit Codes\n\n- `0` - All audit steps successful\n- `1` - One or more audit steps failed\n\n## License\n\nApache License 2.0 - See [LICENSE](LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdtouzeau%2Fhttp-audit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdtouzeau%2Fhttp-audit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdtouzeau%2Fhttp-audit/lists"}