gethead

Welcome to the gethead Project.

gethead.py is a Python HTTP Header Analysis Vulnerability Tool. It identifies security vulnerabilities and the lack of protection in HTTP Headers.

Usage:

$ python gethead.py http://domain.com

Changelog

• Written in Python 2.7.5
• Performs HTTP Header Analysis
• Reports Header Vulnerabilities

Features in Development

• Support for git updates
• Support for Python 3.3
• Complete Header Analysis
• Additional Logic for Severity Classifications
• Rank Vulnerabilities by Severity
• Export Findings with Description, Impact, Execution, Fix, and References
• Export with multi-format options (XML, HTML, TXT)

• Replay and Inline Upstream Proxy support to import into other tools
• Scan domains, sub-domains, and multi-services
• Header Injection and Fuzzing functionality
• HTTP Header Policy Bypassing
• Modularize and port to more platforms
  (e.g. gMinor, Kali, Burp Extension, Metasploit, Chrome, Firefox)

About the Author

Nathan LaFollette “httphacker” has been leading international security engagements in the areas of Web Application Penetration Testing for many years. Nathan’s vast experience with web vulnerability analysis is unmatched in the industry. Currently employed by a Fortune 10 company as a Senior Security Consultant, Nathan has advised and performed Web Application Penetration Testing for some of the world’s largest publicly and privately traded companies. Nathan brings a great deal of international security threat expertise and corporate security experience to the information security community. Nathan also acts as the lead project developer for other upcoming projects such as getcookies, getoff, and getssl python projects.

Contact Info

github: https://github.com/httphacker
email: httphacker@icloud.com
website: httphacker.com
twitter: @httphacker

Bugs and Feature Requests

Contact Nathan at httphacker@icloud.com and he’ll sort it out and take your feature requests.