HTTP Hardening Tool: scans a website and suggests security headers to apply
h2t – HTTP Hardening Tool
h2t is a simple tool to help sysadmins to harden their websites.
Until now h2t checks the website headers and recommends how to make it better.
$ git clone https://github.com/gildasio/h2t
$ cd h2t
$ pip install -r requirements.txt
$ ./h2t.py -h
h2t has subcommands: list and scan.
The list subcommand lists all headers cataloged in h2t and can show information about it as a description, links for more information and for how to’s.
The scan subcommand performs a scan in a website looking for their headers.
For now, the output is only in normal mode. Understand it as follows:
- [+] Red Headers are bad headers that open a breach on your website or maybe show a lot of information. We recommend fix it.
- [+] Yellow Headers are good headers that are not applied on your website. We recommend to apply them.
- [-] Green Headers are good headers that is already used in your website. It’s shown when use
- Cookie HTTP Only would be good to be applied
- Cookie over SSL/TLS would be good to be applied
- Server header would be good to be removed
- Referrer-Policy would be good to be applied
- X-Frame-Options is already in use, nothing to do here
- X-XSS-Protection is already in use, nothing to do here
Copyright (c) 2019 Gildásio Júnior