https://github.com/jakewarren/shcheck

check a URL for security headers
https://github.com/jakewarren/shcheck

golang headers security-headers security-tools

Last synced: about 1 month ago
JSON representation

check a URL for security headers

• Host: GitHub
• URL: https://github.com/jakewarren/shcheck
• Owner: jakewarren
• License: mit
• Created: 2018-02-19T20:04:38.000Z (about 8 years ago)
• Default Branch: master
• Last Pushed: 2018-03-07T23:34:25.000Z (almost 8 years ago)
• Last Synced: 2025-10-10T15:24:48.223Z (5 months ago)
• Topics: golang, headers, security-headers, security-tools
• Language: Go
• Size: 1020 KB
• Stars: 3
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# shcheck

[![GitHub release](http://img.shields.io/github/release/jakewarren/shcheck.svg?style=flat-square)](https://github.com/jakewarren/shcheck/releases])

[![MIT License](http://img.shields.io/badge/license-MIT-blue.svg?style=flat-square)](https://github.com/jakewarren/shcheck/blob/master/LICENSE)

[![Go Report Card](https://goreportcard.com/badge/github.com/jakewarren/shcheck)](https://goreportcard.com/report/github.com/jakewarren/shcheck)

[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=shields)](http://makeapullrequest.com)

> Check a URL for security headers

shcheck examines the HTTP response headers and source code for a variety of security headers. Basically a command line version of [https://securityheaders.io](https://securityheaders.io/) with a few bonus features.

![](screenshot.png)

## Install

### Option 1: Binary

Download the latest release from [https://github.com/jakewarren/shcheck/releases](https://github.com/jakewarren/shcheck/releases)

### Option 2: From source

```

go get github.com/jakewarren/shcheck

cd $GOPATH/src/github.com/jakewarren/shcheck

go run bootstrap.go

```

This will download the code into your GOPATH, and then run the bootstrap script to build mage with version infomation embedded in it. A normal `go get` (without -d) will build the binary correctly, but no version info will be embedded. If you've done this, no worries, just go to $GOPATH/src/github.com/jakewarren/shcheck and run `mage install` or `go run bootstrap.go` and a new binary will be created with the correct version information.

The shcheck binary will be created in your $GOPATH/bin directory.

## Usage

```

Usage: shcheck [] 

Optional flags:

  -A, --agent string   user agent to use for requests (default "shcheck/v1.0.0")

  -h, --help           display help

  -i, --insecure       disable SSL certificate validation

  -v, --verbose        display full info about headers

  -V, --version        display version

```

## Acknowledgements

[@traviscampbell](http://github.com/traviscampbell) - thanks for his contributions  

[meliot/shcheck](https://github.com/meliot/shcheck) - inspiration for the output format  

[riramar/hsecscan](https://github.com/riramar/hsecscan) - inspiration for the verbose output format

## Changes

All notable changes to this project will be documented in the [changelog].

The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).

## License

MIT © 2017 Jake Warren

[changelog]: https://github.com/jakewarren/shcheck/blob/master/CHANGELOG.md