Nmap Development mailing list archives
Re: NSE script contribution - http-hsts-verify
From: jah <jah () zadkiel plus com>
Date: Fri, 16 Dec 2016 11:22:30 +0000
On 07/12/16 03:38, Ícaro Torres wrote:
I would like to contribute with a new script NSE in the Nmap Project. It verify if the HSTS is enabled in the web servise.
Hi Ícaro, This is a useful NSE script; thank you for sharing it. I suggest a few small improvements:- Make the output concise and use the word "Header" instead of "Banner":- PORT STATE SERVICE 443/tcp open https | http-hsts-verify: | HSTS is configured. |_ Header: Strict-Transport-Security: max-age=31558150; includeSubDomains and:- PORT STATE SERVICE 443/tcp open https | http-hsts-verify: |_ HSTS is not configured. The information and references can go in the description field of the script, so that when users do:- nmap --script-help http-hsts-verify they see something like:- """ Verify that HTTP Strict Transport Security is enabled. HTTP Strict-Transport-Security (HSTS) (RFC 6797) forces a web browser to communicate with a web server over HTTPS. This script examines HTTP Response Headers to determine whether HSTS is configured. References: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet """ Finally, since the script does not use the HTTP Response Body, it should suffice to make a HEAD request:- response = http.head(host, port, path) Regards, jah
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE script contribution - http-hsts-verify Ícaro Torres (Dec 09)
- Re: NSE script contribution - http-hsts-verify jah (Dec 16)
- Re: NSE script contribution - http-hsts-verify Ícaro Torres (Dec 19)
- Re: NSE script contribution - http-hsts-verify jah (Dec 30)
- Re: NSE script contribution - http-hsts-verify nnposter (Dec 30)
- Re: NSE script contribution - http-hsts-verify Ícaro Torres (Dec 19)
- Re: NSE script contribution - http-hsts-verify jah (Dec 16)