Guillotine - HTTP Security Headers Finder
You can detect the following HTTP security headers:
- Strict-Transport-Security
- X-Frame-Options
- X-Content-Type-Options
- Content-Security-Policy
- X-Permitted-Cross-Domain-Policies
- Referrer-Policy
- Clear-Site-Data
- Cross-Origin-Embedder-Policy
- Cross-Origin-Opener-Policy
- Cross-Origin-Resource-Policy
- Cache-Control
- Permissions-Policy
note: you can add security headers by directly modifying the code.
referer: https://owasp.org/www-project-secure-headers/
- Clone the repository
git clone https://github.com/Gohanckz/guillotine.git
- Move in to repository
cd guillotine
- Install the requirements.
pip3 install -r requirements.txt
The use is very simple.
- Show http security headers enabled and missing
python guillotine.py -t https://www.domain.com
- Show and compare headers with recommended versions.
python guillotine.py -t https://www.domain.com --compare-versions
- Show warnings on important headers.
python guillotine.py -t https://www.domain.com --warnings
python guillotine.py -t https://www.domain.com -w
- Show full response
python guillotine.py -t https://www.domain.com --verbose
python guillotine.py -t https://www.domain.com -v
- Use custom headers.
python guillotine.py -t https://www.domain.com --headers "<header>:<value>|<header2>:<value2>|..."
python guillotine.py -t https://www.domain.com -H "<header>:<value>|<header2>:<value2>|..."
- Use BASIC Authenticacion to retrieve the site
python guillotine.py -t https://www.domain.com --basic <username>:<password>
- Use NTLM Authenticacion to retrieve the site
python guillotine.py -t https://www.domain.com --ntlm [<domain>\\]<username>:<password>
| DEVELOPED | CONTACT | VERSION |
|---|---|---|
| Gohanckz | Gohanckz@gmail.com | 2.0 |
| ignaciocorball | ignaciocorball@gmail.com | 2.1 |
| BSolarV | bastian.solar.v@gmail.com | 2.2.31 |