{"id":13586222,"url":"https://github.com/santoru/shcheck","last_synced_at":"2025-04-08T14:08:35.042Z","repository":{"id":44415936,"uuid":"90084260","full_name":"santoru/shcheck","owner":"santoru","description":"A basic tool to check security headers of a website","archived":false,"fork":false,"pushed_at":"2024-05-17T20:33:11.000Z","size":1207,"stargazers_count":469,"open_issues_count":1,"forks_count":91,"subscribers_count":20,"default_branch":"master","last_synced_at":"2024-05-18T13:03:04.753Z","etag":null,"topics":["headers","http","https","response","security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/santoru.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-05-02T22:38:44.000Z","updated_at":"2024-06-21T05:23:17.639Z","dependencies_parsed_at":"2024-06-21T05:36:25.120Z","dependency_job_id":null,"html_url":"https://github.com/santoru/shcheck","commit_stats":{"total_commits":86,"total_committers":11,"mean_commits":7.818181818181818,"dds":"0.43023255813953487","last_synced_commit":"272f3211cac747804f38e2f083b126c9fb3cf9ef"},"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santoru%2Fshcheck","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santoru%2Fshcheck/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santoru%2Fshcheck/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/santoru%2Fshcheck/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/santoru","download_url":"https://codeload.github.com/santoru/shcheck/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247856541,"owners_count":21007620,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["headers","http","https","response","security"],"created_at":"2024-08-01T15:05:24.564Z","updated_at":"2025-04-08T14:08:35.019Z","avatar_url":"https://github.com/santoru.png","language":"Python","readme":"# shcheck - Security Header Check\n\n\u003cp align=\"center\"\u003e\n    \u003ca href=\"https://pypi.org/project/shcheck/\"\u003e\u003cimg alt=\"PyPI\" src=\"https://img.shields.io/pypi/v/shcheck\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://pypi.org/project/shcheck/\"\u003e\u003cimg alt=\"Pypi\" src=\"https://img.shields.io/pypi/dm/shcheck\"\u003e\u003c/a\u003e\n    \u003ca href=\"#\"\u003e\u003cimg alt=\"Updated\" src=\"https://img.shields.io/github/last-commit/santoru/shcheck?label=updated\"\u003e\u003c/a\u003e\n    \u003cimg src=\"screenshot.png\" alt=\"Output on Facebook\" /\u003e\n\u003c/p\u003e\n\n## Check security headers on a target website\n\nI did this tool to help me to check which security headers are enabled on certain websites.\n\nThe tool is very simple and it's the result of few minutes of coding.\n\nIt just check headers and print a report about which are enabled and which not\n\nI think there is a lot to improve, and I will be grateful if somebody wants to help\n\n## How to run:\n\n### Pypi\n```bash\npip3 install shcheck\nshcheck.py https://insecurity.blog\n```\n\n### Docker\nFirst build your docker container using something like this: \n\n`docker build -t shcheck .`\n\nThen simply run your docker container using something like this where you specify which website you want to check headers on: \n\n`docker run -it --rm shcheck https://insecurity.blog`\n\n### From source\n```bash\ngit clone https://github.com/santoru/shcheck \u0026\u0026 cd shcheck\n./shcheck.py https://insecurity.blog\n```\n\n### Standalone script\nIf you want to run shcheck as a standalone script, just grab the `shcheck.py` script from the `shcheck` module/folder and copy it around.\n\n## Usage\n```\nUsage: ./shcheck.py [options] \u003ctarget\u003e\n\nOptions:\n  -h, --help            show this help message and exit\n  -p PORT, --port=PORT  Set a custom port to connect to\n  -c COOKIE_STRING, --cookie=COOKIE_STRING\n                        Set cookies for the request\n  -a HEADER_STRING, --add-header=HEADER_STRING\n                        Add headers for the request e.g. 'Header: value'\n  -d, --disable-ssl-check\n                        Disable SSL/TLS certificate validation\n  -g, --use-get-method  Use GET method instead HEAD method\n  -j, --json-output     Print the output in JSON format\n  -i, --information     Display information headers\n  -x, --caching         Display caching headers\n  -k, --deprecated      Display deprecated headers\n  --proxy=PROXY_URL     Set a proxy (Ex: http://127.0.0.1:8080)\n  --hfile=PATH_TO_FILE  Load a list of hosts from a flat file\n  --colours=COLOURS     Set up a colour profile [dark/light/none]\n  --colors=COLOURS      Alias for colours for US English\n```\n","funding_links":[],"categories":["Python","Tools"],"sub_categories":["Testing"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsantoru%2Fshcheck","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsantoru%2Fshcheck","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsantoru%2Fshcheck/lists"}