def Run(headers):
info = []
fields = [
'Access-Control-Allow-Origin', 'Cache-Control', 'Content-MD5',
'Content-Disposition', 'ETag', 'Expires', 'P3P',
'Proxy-Authenticate', 'Refresh', 'Retry-After', 'Status',
'Strict-Transport-Security', 'Trailer', 'Upgrade', 'Warning',
'WWW-Authenticate', 'X-Frame-Options', 'Public-Key-Pins',
'X-XSS-Protection', 'Content-Security-Policy',
'X-Content-Security-Policy', 'X-WebKit-CSP',
'X-Content-Type-Options'
]
try:
if not re.search(r'X-Frame-Options', str(headers.keys()), re.I):
info.append(
'The Anti-Clickjacking X-Frame-Options header is not present.'
)
if not re.search(r'Strict-Transport-Security', str(headers.keys()),
re.I):
info.append('Strict-Transport-Security header is not present.')
if not re.search(r'x-xss-protection', str(headers.keys()), re.I):
info.append('X-XSS-Protection header is not present.')
for x in fields:
if x in headers.keys():
printer.Printer().plus(
'Uncommon header \'%s\' found, with contents: %s' %
(x, headers[x]))
except Exception, ERROR:
print ERROR
def __init__(self,url,agent,proxy,redirect): self.url = url self.printer = printer.Printer() self.request = http.Http(agent=agent,proxy=proxy,redirect=redirect) self.checker = utils.Checker()
def __init__(self, url, agent, proxy, redirect):
self.url = url
self.printer = printer.Printer()
self.http = http.Http(agent=agent, proxy=proxy, redirect=redirect)
