Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/h4sh5/securitytxt-scan

scan websites for security.txt files based on RFC 9116
https://github.com/h4sh5/securitytxt-scan

Last synced: about 1 month ago
JSON representation

scan websites for security.txt files based on RFC 9116

Host: GitHub
URL: https://github.com/h4sh5/securitytxt-scan
Owner: h4sh5
Created: 2024-06-15T10:54:51.000Z (5 months ago)
Default Branch: main
Last Pushed: 2024-09-16T07:39:11.000Z (2 months ago)
Last Synced: 2024-09-17T05:25:15.542Z (2 months ago)
Language: HTML
Homepage: https://h4sh5.github.io/securitytxt-scan/
Size: 1.48 MB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# security.txt scanning

Scan websites for security.txt files.

A front-end interface for getting the results for a domain is available [here](https://h4sh5.github.io/securitytxt-scan/).

## Usage

`go build sectxtscanner.go`

`./sectxtscanner.go `

## Why

This project aims to implement a simple way to scan a list of domains for security.txt files (as per [RFC 9116: A File Format to Aid in Security Vulnerability Disclosure](https://www.rfc-editor.org/rfc/rfc9116.html), and act as a central repository to check for security.txt files for Australian domains (but can be used with any domains).

It's important to have a security.txt file so that responsible disclosure of vulnerabilities belonging to your organization can go to the right place, like when you are vulnerable to CVEs being exploited by ransomware that need urgent patching.

A very small percentage organizations actually implement this, although it's very easy to do. See [securitytxt.org](https://securitytxt.org/) for how to do it.