EasyScan: Light-weight web security scanner
EasyScan is a Python script that analyzes the security of a given website by inspecting its HTTP headers and DNS records. The script generates a security report with recommendations for addressing potential vulnerabilities.
The script covers the following test cases:
- Same Site Scripting
- SPF records
- DMARC records
- Public Admin Page
- Directory Listing
- Missing security headers
- Insecure cookie settings
- Information disclosure
- Cross-Origin Resource Sharing (CORS) misconfigurations
- Content-Type sniffing
pip install requests beautifulsoup4 dnspython
git clone https://github.com/introvertmac/EasyScan.git
To use the EasyScan script, follow these steps:
- Save the code to a file named easyscan.py.
- Open a terminal or command prompt and navigate to the directory containing the script.
- Run the script using Python: python3 easyscan.py
- Enter the URL of the website you want to analyze when prompted.
- Review the generated security report for any potential vulnerabilities and recommendations.
The security report will display the header or test case, the status (Missing, Accessible, Enabled, etc.), the severity (Low, Medium, or High), and the recommendation for addressing the issue.