Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/agis/mcdetect

Catch mixed content issues in the wild
https://github.com/agis/mcdetect

cli headless-chrome https mixed-content mixed-content-error node-cli

Last synced: 3 months ago
JSON representation

Catch mixed content issues in the wild

Host: GitHub
URL: https://github.com/agis/mcdetect
Owner: agis
License: mit
Created: 2017-09-13T19:23:30.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2020-09-03T03:18:28.000Z (over 4 years ago)
Last Synced: 2024-10-06T04:14:21.533Z (3 months ago)
Topics: cli, headless-chrome, https, mixed-content, mixed-content-error, node-cli
Language: JavaScript
Homepage: https://www.npmjs.com/package/mcdetect
Size: 2.19 MB
Stars: 57
Watchers: 6
Forks: 5
Open Issues: 8
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# mcdetect - catch mixed content issues in the wild
[![NPM version](https://img.shields.io/npm/v/mcdetect.svg)](https://www.npmjs.com/package/mcdetect)

_mcdetect_ is a tool that detects [mixed content issues](https://developers.google.com/web/fundamentals/security/prevent-mixed-content/what-is-mixed-content)
with certainty.

![mcdetect demo](demo.gif)

## Motivation

Tools used to catch mixed content issues often rely
on parsing the DOM to determine if insecure content _will_ be loaded in a specific
page. Consequently they may report false negatives since not all such issues
can be detected statically.

_mcdetect_ can determine with absolute certainty if any mixed content
errors or warnings actually occur on a page. It does this by visiting
the pages and evaluating their Javascript like a regular browser would do.
In other words, it _does not report false negatives_.

It does this by leveraging [Headless Chrome](https://developers.google.com/web/updates/2017/04/headless-chrome)
that shipped with Chrome 59 and the [DevTools Protocol](https://chromedevtools.github.io/devtools-protocol/).

## Requirements

- Node 7.6.0 or later

## Installation

```shell
$ npm install -g mcdetect
```

## Usage

Checking a single target page:

```shell
$ mcdetect https://example.com https://google.com
```

Checking multiple targets (if no protocol is specified, it is assumed to be
"https://"):
```shell
$ mcdetect example.com google.com
```

Multiple targets can also be given via a config file:

```shell
$ cat my_urls.json
{
"targets": [
"googlesamples.github.io/web-fundamentals/fundamentals/security/prevent-mixed-content/xmlhttprequest-example.html",
"googlesamples.github.io/web-fundamentals/fundamentals/security/prevent-mixed-content/passive-mixed-content.html"
]
}

$ mcdetect --config my_urls.json
```

For more usage examples and options see `mcdetect --help`.

## TODO

- Add scraping mode (with max depth)
- More output formats (eg. json, csv, pdf)
- error handling (modes: exit on error, ignore errors, report errors)
- interactive mode
- follow redirects
- read targets from stdin

## License

mcdetect is licensed under MIT. See [LICENSE](LICENSE).