{"id":14063649,"url":"https://github.com/rhymeswithmogul/SecurityTxtToolkit","last_synced_at":"2025-07-29T15:34:46.966Z","repository":{"id":49256758,"uuid":"378226841","full_name":"rhymeswithmogul/SecurityTxtToolkit","owner":"rhymeswithmogul","description":"A PowerShell module for generating and parsing \"security.txt\" files.","archived":false,"fork":false,"pushed_at":"2023-07-03T04:58:55.000Z","size":173,"stargazers_count":5,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-09T01:51:17.627Z","etag":null,"topics":["pgp-signature","powershell","powershell-adminscripts","powershell-cmdlets","powershell-core","powershell-gallery","powershell-module","powershell-modules","pwsh","rfc-9116","security","security-audit","security-automation","security-scan","security-scanner","security-team","security-testing","security-tools","security-txt","securitytxt"],"latest_commit_sha":null,"homepage":"https://www.powershellgallery.com/packages/SecurityTxtToolkit/","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rhymeswithmogul.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-18T17:50:09.000Z","updated_at":"2025-02-24T05:22:44.000Z","dependencies_parsed_at":"2024-02-04T20:34:50.670Z","dependency_job_id":"f3617516-ecca-4910-9428-0e42104178f0","html_url":"https://github.com/rhymeswithmogul/SecurityTxtToolkit","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/rhymeswithmogul/SecurityTxtToolkit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhymeswithmogul%2FSecurityTxtToolkit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhymeswithmogul%2FSecurityTxtToolkit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhymeswithmogul%2FSecurityTxtToolkit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhymeswithmogul%2FSecurityTxtToolkit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rhymeswithmogul","download_url":"https://codeload.github.com/rhymeswithmogul/SecurityTxtToolkit/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhymeswithmogul%2FSecurityTxtToolkit/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267709624,"owners_count":24131924,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-29T02:00:12.549Z","response_time":2574,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pgp-signature","powershell","powershell-adminscripts","powershell-cmdlets","powershell-core","powershell-gallery","powershell-module","powershell-modules","pwsh","rfc-9116","security","security-audit","security-automation","security-scan","security-scanner","security-team","security-testing","security-tools","security-txt","securitytxt"],"created_at":"2024-08-13T07:03:26.448Z","updated_at":"2025-07-29T15:34:46.602Z","avatar_url":"https://github.com/rhymeswithmogul.png","language":"PowerShell","funding_links":[],"categories":["PowerShell"],"sub_categories":[],"readme":"[![PowerShell Gallery Version (including pre-releases)](https://img.shields.io/powershellgallery/v/SecurityTxtToolkit?include_prereleases)](https://powershellgallery.com/packages/SecurityTxtToolkit/) [![PowerShell Gallery](https://img.shields.io/powershellgallery/dt/SecurityTxtToolkit)](https://powershellgallery.com/packages/v/SecurityTxtToolkit) [![Codacy Badge](https://app.codacy.com/project/badge/Grade/16e09f22dcf9463e8e6ceb5a187432f2)](https://app.codacy.com/gh/rhymeswithmogul/SecurityTxtToolkit/dashboard?utm_source=gh\u0026utm_medium=referral\u0026utm_content=\u0026utm_campaign=Badge_grade)\n\n# SecurityTxtToolkit\n\n## DOWNLOAD IT!\n[It's in the PowerShell Gallery now!](https://www.powershellgallery.com/packages/SecurityTxtToolkit/)\n```powershell\nInstall-Module SecurityTxtToolkit\n```\n\n## SHORT DESCRIPTION\nSecurityTxtToolkit is a module that works with \"security.txt\" files, as defined in RFC 9116.\n\n## LONG DESCRIPTION\nSecurityTxtToolkit is a PowerShell module.   It can create, download, test, and verify \"security.txt\" files.\n\n\"security.txt\" is an RFC for letting web sites post and share information pertinent to security researchers.  This module currently complies with draft version 12.\n\n### Testing \"security.txt\" Files with `Test-SecurityTxtFile`\nTo test a \"security.txt\" file, use the cmdlet `Test-SecurityTxtFile`.  It can be used in both online and offline modes.  It outputs a `PSCustomObject` that has note-properties corresponding to the fields in the \"security.txt\" file:\n\n```powershell\nPS C:\\\u003e Test-SecurityTxtFile 'github.com'\n```\n\nAs of this writing (June 2021), that will generate the following output:\n```\nTest-SecurityTxtFile: The mandatory Expires field was not found.\n\nFor                : github.com\nIsValid            : False\nIsCanonical        : True\nAcknowledgements   : {https://bounty.github.com/bounty-hunters.html}\nCanonical          : {https://github.com/.well-known/security.txt}\nContact            : {https://hackerone.com/github}\nEncryption         : {}\nExpires            :\nHiring             : {}\nPolicy             : {https://bounty.github.com/}\nPreferredLanguages : {en}\nIsSigned           : False\n```\n\nIt looks like GitHub's \"security.txt\" file is not compliant with the specification (at the time of this writing)!\n\nThe `Test-SecurityTxtFile` cmdlet also accepts string input via `-InputObject` or the pipeline:\n```powershell\nPS C:\\\u003e Get-Content \"security.txt\" | Test-SecurityTxtFile\n```\n\nThat will test the file and validate its input:\n```\nFor                : stdin\nIsValid            : False\nIsCanonical        : False\nAcknowledgements   : {https://bounty.github.com/bounty-hunters.html}\nCanonical          : {https://github.com/.well-known/security.txt}\nContact            : {https://hackerone.com/github}\nEncryption         : {}\nExpires            :\nHiring             : {}\nPolicy             : {https://bounty.github.com/}\nPreferredLanguages : {en}\nIsSigned           : False\n```\n\nHowever, that cannot be validated for canonicity. In this case, you can add the file's original URL to the cmdlet with the `-TestCanonicalUri` parameter:\n```powershell\nPS C:\\\u003e Invoke-WebRequest -OutFile 'security.txt' -Uri 'https://github.com/.well-known/security.txt'\n\nPS C:\\\u003e Get-Content 'security.txt' | Test-SecurityTxtFile -TestCanonicalUri 'https://github.com/.well-known/security.txt'\n```\n\nThe latter command will parse the previously-downloaded \"security.txt\" file as if it had been fetched directly from a web server:\n```\nFor                : stdin\nIsValid            : False\nIsCanonical        : True\nAcknowledgements   : {https://bounty.github.com/bounty-hunters.html}\nCanonical          : {https://github.com/.well-known/security.txt}\nContact            : {https://hackerone.com/github}\nEncryption         : {}\nExpires            :\nHiring             : {}\nPolicy             : {https://bounty.github.com/}\nPreferredLanguages : {en}\nIsSigned           : False\n```\n\n### Generating Your Own \"security.txt\" Files\nThe `New-SecurityTxtFile` cmdlet will generate a \"security.txt\" file, sending its output to the pipeline. You may redirect it via standard means, or with the `-OutFile` parameter.   The fields in the \"security.txt\" specification correspond to this cmdlet's parameters.\n```powershell\nPS C:\\\u003e New-SecurityTxtFile -OutFile '.well-known/security.txt' -Canonical \"https://contoso.com/.well-known/security.txt\" -Contact \"mailto:security@contoso.com\" -Hiring \"https://jobs.contoso.com\"\n```\n\nThat example will genereate the following output. The Expires field and PGP signature will vary:\n```\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n# This is a \"security.txt\" file that complies with RFC 9116:\n# \u003chttps://www.rfc-editor.org/rfc/rfc9116\u003e\n#\n# This file was made with SecurityTxtToolkit:\n# \u003chttps://github.com/rhymeswithmogul/SecurityTxtToolkit\u003e\n\nCanonical: https://contoso.com/.well-known/security.txt\nContact: mailto:security@contoso.com\nExpires: 2022-06-18T16:41:06-04:00\nHiring: https://jobs.contoso.com/\n\n-----BEGIN PGP SIGNATURE-----\n\nsignature-goes-here\n-----END PGP SIGNATURE-----\n```\n\n## SEE ALSO\nFor more information about \"security.txt\" files in general, the creators of the specification, Edwin \"EdOverflow\" Foudil and Yakov Shafranovich, have a web page at https://securitytxt.org.  This module might be listed on their web site, but I'm not affiliated with them.\n\nWhy not read [my article about this](https://colincogle.name/blog/security-txt) to see it in action?\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhymeswithmogul%2FSecurityTxtToolkit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frhymeswithmogul%2FSecurityTxtToolkit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhymeswithmogul%2FSecurityTxtToolkit/lists"}