H2T is a simple tool to help sysadmins to hardening their websites. Until now h2t checks the website headers and recommends how to make it better.
Dependence
Also Read – Androwarn : Static Code Analyzer for Malicious Android Applications
Install
$ git clone https://github.com/gildasio/h2t
$ cd h2t
$ pip install -r requirements.txt
$ ./h2t.py -h
Usage
h2t has subcommands: list and scan.
$ ./h2t.py -h
usage: h2t.py [-h] {list,l,scan,s} …
h2t – HTTP Hardening Tool
positional arguments:
{list,l,scan,s} sub-command help
list (l) show a list of available headers in h2t catalog (that can
be used in scan subcommand -H option)
scan (s) scan url to hardening headers
optional arguments:
-h, –help show this help message and exit
List Subcommand
The list subcommand lists all headers cataloged in h2t and can show informations about it as a description, links for more information and for how to’s.
$ ./h2t.py list -h
usage: h2t.py list [-h] [-p PRINT [PRINT …]] [-B]
[-a | -H HEADERS [HEADERS …]]
optional arguments:
-h, –help show this help message and exit
-p PRINT [PRINT …], –print PRINT [PRINT …]
a list of additional information about the headers to
print. For now there are two options: description and
refs (you can use either or both)
-B, –no-banner don’t print the h2t banner
-a, –all list all available headers [default]
-H HEADERS [HEADERS …], –headers HEADERS [HEADERS …]
a list of headers to look for in the h2t catalog
Scan Subcommand
The scan subcommand perform a scan in a website looking for their headers.
$ ./h2t.py scan -h
usage: h2t.py scan [-h] [-v] [-a] [-g] [-b] [-H HEADERS [HEADERS …]]
[-p PRINT [PRINT …]]
[-i IGNORE_HEADERS [IGNORE_HEADERS …]] [-B] [-E] [-n]
[-u USER_AGENT] [-r | -s]
url
positional arguments:
url url to look for
optional arguments:
-h, –help show this help message and exit
-v, –verbose increase output verbosity: -v print response headers,
-vv print response and request headers
-a, –all scan all cataloged headers [default]
-g, –good scan good headers only
-b, –bad scan bad headers only
-H HEADERS [HEADERS …], –headers HEADERS [HEADERS …]
scan only these headers (see available in list sub-
command)
-p PRINT [PRINT …], –print PRINT [PRINT …]
a list of additional information about the headers to
print. For now there are two options: description and
refs (you can use either or both)
-i IGNORE_HEADERS [IGNORE_HEADERS …], –ignore-headers IGNORE_HEADERS [IGNORE_HEADERS …]
a list of headers to ignore in the results
-B, –no-banner don’t print the h2t banner
-E, –no-explanation don’t print the h2t output explanation
-o {normal,csv,json}, –output {normal,csv,json}
choose which output format to use (available: normal,
csv, json)
-n, –no-redirect don’t follow http redirects
-u USER_AGENT, –user-agent USER_AGENT
set user agent to scan request
-k, –insecure don’t verify SSL certificate as valid
-r, –recommendation output only recommendations [default]
-s, –status output actual status (eg: existent headers only)
Output
For now the output is only in normal mode. Understant it as follows:
-s
flag.Screenshots
List h2t catalog
Scan from file
Scan url
Scan verbose
Headers information
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…
Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…