H2T is a simple tool to help sysadmins to hardening their websites. Until now h2t checks the website headers and recommends how to make it better.
Dependence
Also Read – Androwarn : Static Code Analyzer for Malicious Android Applications
Install
$ git clone https://github.com/gildasio/h2t
$ cd h2t
$ pip install -r requirements.txt
$ ./h2t.py -h
Usage
h2t has subcommands: list and scan.
$ ./h2t.py -h
usage: h2t.py [-h] {list,l,scan,s} …
h2t – HTTP Hardening Tool
positional arguments:
{list,l,scan,s} sub-command help
list (l) show a list of available headers in h2t catalog (that can
be used in scan subcommand -H option)
scan (s) scan url to hardening headers
optional arguments:
-h, –help show this help message and exit
List Subcommand
The list subcommand lists all headers cataloged in h2t and can show informations about it as a description, links for more information and for how to’s.
$ ./h2t.py list -h
usage: h2t.py list [-h] [-p PRINT [PRINT …]] [-B]
[-a | -H HEADERS [HEADERS …]]
optional arguments:
-h, –help show this help message and exit
-p PRINT [PRINT …], –print PRINT [PRINT …]
a list of additional information about the headers to
print. For now there are two options: description and
refs (you can use either or both)
-B, –no-banner don’t print the h2t banner
-a, –all list all available headers [default]
-H HEADERS [HEADERS …], –headers HEADERS [HEADERS …]
a list of headers to look for in the h2t catalog
Scan Subcommand
The scan subcommand perform a scan in a website looking for their headers.
$ ./h2t.py scan -h
usage: h2t.py scan [-h] [-v] [-a] [-g] [-b] [-H HEADERS [HEADERS …]]
[-p PRINT [PRINT …]]
[-i IGNORE_HEADERS [IGNORE_HEADERS …]] [-B] [-E] [-n]
[-u USER_AGENT] [-r | -s]
url
positional arguments:
url url to look for
optional arguments:
-h, –help show this help message and exit
-v, –verbose increase output verbosity: -v print response headers,
-vv print response and request headers
-a, –all scan all cataloged headers [default]
-g, –good scan good headers only
-b, –bad scan bad headers only
-H HEADERS [HEADERS …], –headers HEADERS [HEADERS …]
scan only these headers (see available in list sub-
command)
-p PRINT [PRINT …], –print PRINT [PRINT …]
a list of additional information about the headers to
print. For now there are two options: description and
refs (you can use either or both)
-i IGNORE_HEADERS [IGNORE_HEADERS …], –ignore-headers IGNORE_HEADERS [IGNORE_HEADERS …]
a list of headers to ignore in the results
-B, –no-banner don’t print the h2t banner
-E, –no-explanation don’t print the h2t output explanation
-o {normal,csv,json}, –output {normal,csv,json}
choose which output format to use (available: normal,
csv, json)
-n, –no-redirect don’t follow http redirects
-u USER_AGENT, –user-agent USER_AGENT
set user agent to scan request
-k, –insecure don’t verify SSL certificate as valid
-r, –recommendation output only recommendations [default]
-s, –status output actual status (eg: existent headers only)
Output
For now the output is only in normal mode. Understant it as follows:
-s
flag.Screenshots
List h2t catalog
Scan from file
Scan url
Scan verbose
Headers information
AutoExif is a powerful Bash script designed to streamline the process of editing image metadata…
SimpleImager V4.3, your go-to tool for streamlined system imaging and data acquisition. Designed to simplify…
MetaOSINT enables open source intelligence ("OSINT") practitioners to jumpstart their investigations by quickly identifying relevant,…
ThreatPinch Lookup creates informational tooltips when hovering oven an item of interest on any website.…
Myself and any other potential contributors to this website are NOT in any way affiliated…
The Mobile Evidence Acquisition Toolkit designed by BlackStone Discovery. Developed to enhance digital forensics, this…