https://github.com/kkomelin/insecres

A console tool that finds insecure resources on HTTPS sites
https://github.com/kkomelin/insecres

crawler finder https security

Last synced: 9 months ago
JSON representation

A console tool that finds insecure resources on HTTPS sites

• Host: GitHub
• URL: https://github.com/kkomelin/insecres
• Owner: kkomelin
• License: mit
• Created: 2016-05-17T15:20:48.000Z (almost 10 years ago)
• Default Branch: master
• Last Pushed: 2016-06-08T19:29:14.000Z (almost 10 years ago)
• Last Synced: 2025-06-20T14:52:56.330Z (9 months ago)
• Topics: crawler, finder, https, security
• Language: Go
• Homepage:
• Size: 40 KB
• Stars: 40
• Watchers: 5
• Forks: 2
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# insecRes - Insecure Resource Finder

[![Build Status](https://travis-ci.org/kkomelin/insecres.svg)](https://travis-ci.org/kkomelin/insecres)

[![Go Report Card](https://goreportcard.com/badge/github.com/kkomelin/insecres)](https://goreportcard.com/report/github.com/kkomelin/insecres)

[![GoDoc](https://godoc.org/github.com/kkomelin/insecres?status.png)](http://godoc.org/github.com/kkomelin/insecres)

A console tool that finds insecure resources on HTTPS sites.

It is written in Go language and uses the power of "multi-threading" (goroutines) to crawl and parse site pages.

## The motivation

Some time ago, I switched my site to HTTPS. _And you should too!_

All went well except the fact that my pages contained images, embedded videos and other resources,

which pointed to HTTP content and made browsers display warnings about the insecure content on the pages.

After some research of existing tools, which did not fit my needs, I decided to create my own one.

## Features

- Crawls all site pages in parallel

- Finds the following resources with absolute HTTP (insecure) urls:

  - IMG

  - IFRAME

  - OBJECT

  - AUDIO, VIDEO, SOURCE, TRACK

- Uses a random delay between requests to prevent blacklisting

- Prints results to a CSV file

## Installation

First of all, [install Go](https://golang.org/doc/install).

After that, run the following command:

```

go get github.com/kkomelin/insecres

```

## Usage

- Find insecure resources on a site and print results to the console:

```

$GOPATH/bin/insecres https://example.com

```

- Find insecure resources on a site and print results to a CSV file:

```

$GOPATH/bin/insecres -f="/home/user/report.csv" https://example.com

```

- Display usage guide:

```

$GOPATH/bin/insecres -h

```

## Roadmap

- [ ] Display result counters

- [ ] Compare performance of simple regex parsing and Tokenized parsing, which is currently used

- [x] Implement an option for printing results to a CSV file

- [x] Add random delay between requests to prevent blacklisting

- [x] Ignore trailing slashes (https://example.com and https://example.com/ are considered equivalent)

- [x] Handle domains w/ and w/o WWW

- [x] Support IFRAME tags

- [x] Support OBJECT tags

- [x] Support AUDIO, VIDEO, SOURCE and TRACK tags