Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/GoSecure/csp-auditor
Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
https://github.com/GoSecure/csp-auditor
burp burp-plugin csp hacktoberfest http security zap zap-plugin
Last synced: about 1 month ago
JSON representation
Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
- Host: GitHub
- URL: https://github.com/GoSecure/csp-auditor
- Owner: GoSecure
- Created: 2016-03-16T14:36:55.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2020-04-29T18:27:24.000Z (over 4 years ago)
- Last Synced: 2024-08-02T05:15:57.359Z (4 months ago)
- Topics: burp, burp-plugin, csp, hacktoberfest, http, security, zap, zap-plugin
- Language: Java
- Homepage:
- Size: 3.76 MB
- Stars: 136
- Watchers: 12
- Forks: 34
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- WebHackersWeapons - csp-auditor - auditor?label=%20)|[`csp`](/categorize/tags/csp.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| (Weapons / Burpsuite, Caido and ZAP Addons)
- awesome-hacking-lists - GoSecure/csp-auditor - Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website (Java)
README
# CSP Auditor [![Build Status](https://travis-ci.org/GoSecure/csp-auditor.png)](https://travis-ci.org/GoSecure/csp-auditor)
This plugin provides:
* a readable view of CSP Headers in Response Tab
* passive scan rules to detect weak CSP configuration
* a CSP configuration generator based on the Burp crawler or using manual browsingThis project is packaged as a ZAP and Burp plugin.
## Download
Last updated : August 3th 2017
- [Burp plugin](https://github.com/GoSecure/csp-auditor/blob/master/downloads/csp-auditor-burp-1.jar?raw=true)
- [ZAP plugin](https://github.com/GoSecure/csp-auditor/blob/master/downloads/cspauditor-alpha-1.zap?raw=true)## Screenshots
Passive rules and custom tab:
![CSP Auditor Burp Plugin](https://raw.githubusercontent.com/GoSecure/csp-auditor/master/demo.gif)
Configuration builder:
![CSP Auditor Burp Plugin](https://raw.githubusercontent.com/GoSecure/csp-auditor/master/demo2.gif)
## Building the plugin
Type the following command:
```
./gradlew build
```or if you have already Gradle installed on your machine:
```
gradle build
```## Read more
For more context around Content-Security-Policy and how to apply it to your website see our blog posts on the topic:
* http://gosecure.net/2017/07/20/building-a-content-security-policy-configuration-with-csp-auditor
* https://gosecure.net/2016/06/28/auditing-csp-headers-with-burp-and-zap/