gixy v0.1.20 releases: Nginx configuration static analyzer
Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.
Currently supported Python versions are 2.7 and 3.5+.
Right now Gixy can find:
- [ssrf] Server Side Request Forgery
- [http_splitting] HTTP Splitting
- [origins] Problems with referrer/origin validation
- [add_header_redefinition] Redefining of response headers by “add_header” directive
- [host_spoofing] Request’s Host header forgery
- [valid_referers] none in valid_referers
- [add_header_multiline] Multiline response headers
- Added perl_set directive: #72
- Handle inline block comments: #85
- Trying to fixing encoding issues: #86
By default, Gixy will try to analyze Nginx configuration placed in /etc/nginx/nginx.conf.
But you can always specify the needed path: