RubyGems - hedra - Versions diffs - 1.0.0 → 1.0.1 - Mend

hedra 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ab829bc24159c4c23c53be1f82efbc8f61374401c2ae7f882140c8bb8de8e37f
-  data.tar.gz: 9a83e90dfb32a981e978c57c37973dee68d55adfdebe071517127ce9a98f1d92
+  metadata.gz: c7ead36ae675253cd990b46928a4ce3cfa7046dde55e2353c6101b53953edd18
+  data.tar.gz: 3c5361c38a9393ca66310eb19809a9a770b4ef91476d21010c56cccb5d76fec3
 SHA512:
-  metadata.gz: 2f499c341d3ed325fe3be5eb4e9ab6db27a0e3c54441c9dc19d48a6631d79f8c0dcfea050f6d4cc7322c7bcba4d9d3a7149a71044db42bae3c697edc4e360956
-  data.tar.gz: 8b242f020e24deb65b6c218938532d43ddcdc15963015e644c8cd7edc4c5244d04547e38133fae18f139841dd37244a46387186660a2fec4b236257a0f9e5fea
+  metadata.gz: 4505267cfc8111cc24680a5962941786edeae9bbd133d75d9ab7bbc61c7ea32ca2dd4281bd655d090cf8513f1951232fa074edd64ba33b4544e9bd425294566c
+  data.tar.gz: 36616c7e22a2fd223d1d5c760a96bfa6c09c5a06392073c836d4b8414f81a272896ec96f57f348e8c78f65cc9f45481c930dbdeceb899d2b26afd5a9663b7e68

data/LICENSE CHANGED Viewed

@@ -1,6 +1,6 @@
 MIT License
-Copyright (c) 2025 Hedra Team
+Copyright (c) 2025 BlackStack
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md CHANGED Viewed

@@ -1,171 +1,102 @@
 # Hedra 🛡️
-A comprehensive security header analyzer for modern web applications. Scan, audit, and monitor HTTP security headers with ease.
+[![Ruby](https://img.shields.io/badge/ruby-%3E%3D%203.0-ruby.svg)](https://www.ruby-lang.org/)
+[![CI](https://github.com/blackstack/hedra/workflows/CI/badge.svg)](https://github.com/blackstack/hedra/actions)
+[![Gem Version](https://badge.fury.io/rb/hedra.svg)](https://badge.fury.io/rb/hedra)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
-```
- _   _          _
-| | | | ___  __| |_ __ __ _
-| |_| |/ _ \/ _` | '__/ _` |
-|  _  |  __/ (_| | | | (_| |
-|_| |_|\___|\__,_|_|  \__,_|
-Security Header Analyzer
-```
-## Features
-- 🔍 **Comprehensive Scanning** - Analyze security headers for single or multiple URLs
-- 🎯 **Deep Auditing** - Detailed security header analysis with recommendations
-- 👁️ **Continuous Monitoring** - Watch URLs for header changes over time
-- 📊 **Multiple Output Formats** - Table, JSON, and CSV export options
-- 🔌 **Plugin Architecture** - Extend with custom header checks
-- ⚡ **Concurrent Scanning** - Fast parallel URL scanning with configurable concurrency
-- 🌐 **Proxy Support** - HTTP and SOCKS proxy compatibility
-- 🎨 **Beautiful CLI** - Color-coded output with severity badges
-- 📈 **Security Scoring** - 0-100 score based on header coverage
+A comprehensive security header analyzer for modern web applications.
 ## Installation
-### From Source
-```bash
-# Clone the repository
-git clone https://github.com/hedra/hedra.git
-cd hedra
-# Install dependencies
-bundle install
-# Build the gem
-rake build
-# Install the gem
-gem install pkg/hedra-1.0.0.gem
-```
-### Quick Start
 ```bash
-bundle install
-chmod +x bin/hedra
-bin/hedra --help
+gem install hedra
 ```
 ## Usage
-### Basic Scanning
+### Scan a URL
-Scan a single URL:
 ```bash
 hedra scan https://example.com
 ```
-Scan multiple URLs from a file:
-```bash
-hedra scan -f urls.txt
-```
-### Deep Audit
+### Detailed Audit
-Perform detailed security analysis:
 ```bash
 hedra audit https://example.com
 ```
-Export audit results as JSON:
-```bash
-hedra audit https://example.com --json --output result.json
-```
-### Advanced Scanning
+### Export as JSON
-Concurrent scanning with custom settings:
 ```bash
-hedra scan -f urls.txt --concurrency 20 --timeout 15
+hedra audit https://example.com --json --output report.json
 ```
-Scan through a proxy:
-```bash
-hedra scan https://example.com --proxy http://127.0.0.1:8080
-```
+### Scan Multiple URLs
-Custom User-Agent and follow redirects:
 ```bash
-hedra scan https://example.com --user-agent "MyBot/1.0" --follow-redirects
+# Create urls.txt with one URL per line
+hedra scan -f urls.txt --concurrency 20
 ```
-### Continuous Monitoring
+### Monitor Over Time
-Watch a URL and check every hour:
 ```bash
 hedra watch https://example.com --interval 3600
 ```
 ### Compare Headers
-Compare security headers between two URLs:
 ```bash
 hedra compare https://staging.example.com https://prod.example.com
 ```
-### Export Results
-Export scan results:
-```bash
-hedra scan -f urls.txt --output results.csv --format csv
-```
-### Plugin Management
+## Security Headers Checked
-List installed plugins:
-```bash
-hedra plugin list
-```
+- **Content-Security-Policy (CSP)** - Prevents XSS attacks
+- **Strict-Transport-Security (HSTS)** - Enforces HTTPS
+- **X-Frame-Options** - Prevents clickjacking
+- **X-Content-Type-Options** - Prevents MIME-sniffing
+- **Referrer-Policy** - Controls referrer information
+- **Permissions-Policy** - Controls browser features
+- **Cross-Origin-Opener-Policy (COOP)**
+- **Cross-Origin-Embedder-Policy (COEP)**
+- **Cross-Origin-Resource-Policy (CORP)**
-Install a custom plugin:
-```bash
-hedra plugin install path/to/plugin.rb
-```
+## Options
-Remove a plugin:
 ```bash
-hedra plugin remove my_plugin
-```
-## Security Headers Checked
+# Concurrent scanning
+hedra scan -f urls.txt --concurrency 20 --timeout 15
-Hedra analyzes the following security headers:
+# Through a proxy
+hedra scan https://example.com --proxy http://127.0.0.1:8080
-### Critical Headers
-- **Content-Security-Policy (CSP)** - Prevents XSS and injection attacks
-- **Strict-Transport-Security (HSTS)** - Enforces HTTPS connections
+# Custom User-Agent
+hedra scan https://example.com --user-agent "MyBot/1.0"
-### Important Headers
-- **X-Frame-Options** - Prevents clickjacking attacks
-- **X-Content-Type-Options** - Prevents MIME-sniffing attacks
+# Follow redirects
+hedra scan https://example.com --follow-redirects
-### Recommended Headers
-- **Referrer-Policy** - Controls referrer information
-- **Permissions-Policy** - Controls browser features
-- **Cross-Origin-Opener-Policy (COOP)** - Isolates browsing context
-- **Cross-Origin-Embedder-Policy (COEP)** - Controls resource embedding
-- **Cross-Origin-Resource-Policy (CORP)** - Controls resource sharing
+# Export as CSV
+hedra scan -f urls.txt --output results.csv --format csv
+```
 ## Configuration
-Create a config file at `~/.hedra/config.yml`:
+Create `~/.hedra/config.yml`:
 ```yaml
 timeout: 10
 concurrency: 10
-follow_redirects: false
 user_agent: "Hedra/1.0.0"
 output_format: table
 ```
-### Custom Rules
+## Custom Rules
-Add custom header checks in `~/.hedra/rules.yml`:
+Create `~/.hedra/rules.yml`:
 ```yaml
 rules:
@@ -174,18 +105,11 @@ rules:
     severity: warning
     message: "Custom security header is missing"
     fix: "Add X-Custom-Security header"
-  - header: "Server"
-    type: pattern
-    pattern: "(Apache|nginx|IIS)"
-    severity: info
-    message: "Server header exposes server software"
-    fix: "Remove or obfuscate Server header"
 ```
-## Plugin Development
+## Plugins
-Create custom plugins to extend Hedra's functionality:
+Create custom header checks:
 ```ruby
 # ~/.hedra/plugins/my_plugin.rb
@@ -193,43 +117,69 @@ module Hedra
   class MyPlugin < Plugin
     def self.check(headers)
       findings = []
       unless headers.key?('x-my-header')
         findings << {
           header: 'x-my-header',
-          issue: 'My custom header is missing',
+          issue: 'Custom header missing',
           severity: :warning,
           recommended_fix: 'Add X-My-Header'
         }
       end
       findings
     end
   end
 end
 ```
+Install plugin:
+```bash
+hedra plugin install ~/.hedra/plugins/my_plugin.rb
+hedra plugin list
+```
+## Development
+```bash
+# Clone and install
+git clone https://github.com/blackstack/hedra.git
+cd hedra
+bundle install
+# Run tests
+bundle exec rspec
+# Run linter
+bundle exec rubocop
+# Build gem
+rake build
+```
 ## Output Examples
-### Table Output
+### Table Format
 ```
 https://example.com
 Score: 75/100
 Timestamp: 2025-11-12T10:30:00Z
-┌─────────────────────────────┬──────────────────────────────┬──────────┐
-│ Header                      │ Issue                        │ Severity │
-├─────────────────────────────┼──────────────────────────────┼──────────┤
-│ permissions-policy          │ Header is missing            │ ● INFO   │
-│ cross-origin-opener-policy  │ Header is missing            │ ● INFO   │
-└─────────────────────────────┴──────────────────────────────┴──────────┘
+┌─────────────────────────────┬──────────────────────────────┬──────────────┐
+│ Header                      │ Issue                        │ Severity     │
+├─────────────────────────────┼──────────────────────────────┼──────────────┤
+│ x-frame-options             │ Header is missing            │ ● WARNING    │
+│ referrer-policy             │ Header is missing            │ ● INFO       │
+└─────────────────────────────┴──────────────────────────────┴──────────────┘
 ```
-### JSON Output
+### JSON Format
 ```json
 {
   "url": "https://example.com",
   "timestamp": "2025-11-12T10:30:00Z",
+  "score": 75,
   "headers": {
     "content-security-policy": "default-src 'self'",
     "strict-transport-security": "max-age=31536000"
@@ -241,72 +191,10 @@ Timestamp: 2025-11-12T10:30:00Z
       "severity": "warning",
       "recommended_fix": "Add X-Frame-Options: DENY or SAMEORIGIN"
     }
-  ],
-  "score": 75
+  ]
 }
 ```
-## Development
-### Running Tests
-```bash
-# Run all tests
-bundle exec rspec
-# Run with coverage
-bundle exec rspec --format documentation
-# Run specific test file
-bundle exec rspec spec/hedra/analyzer_spec.rb
-```
-### Linting
-```bash
-# Run RuboCop
-bundle exec rubocop
-# Auto-fix issues
-bundle exec rubocop -a
-```
-### Building
-```bash
-# Build gem
-rake build
-# Install locally
-gem install pkg/hedra-1.0.0.gem
-```
-## CI/CD
-Hedra includes GitHub Actions CI configuration that:
-- Runs tests on Ruby 3.0, 3.1, and 3.2
-- Executes RuboCop linting
-- Builds the gem package
-## Architecture
-### Core Components
-- **CLI** - Thor-based command-line interface with subcommands
-- **Analyzer** - Core logic for header analysis and validation
-- **HttpClient** - HTTP wrapper with retry logic, proxy support, and TLS verification
-- **Scorer** - Calculates security scores based on header coverage
-- **PluginManager** - Discovers and executes custom plugins
-- **Exporter** - Handles JSON and CSV output formats
-### Design Decisions
-1. **Modular Architecture** - Each header check is isolated, making it easy to add new checks
-2. **Secure Defaults** - TLS verification on, no redirect following, conservative timeouts
-3. **Thread-Safe Concurrency** - Uses Ruby's concurrent-ruby gem for safe parallel scanning
-4. **Extensible Plugin System** - Simple base class for custom header checks
-5. **Comprehensive Testing** - WebMock stubs prevent live network calls in tests
 ## Contributing
 1. Fork the repository
@@ -322,21 +210,6 @@ Hedra includes GitHub Actions CI configuration that:
 MIT License - see [LICENSE](LICENSE) file for details.
-## Support
-- 📖 Documentation: [GitHub Wiki](https://github.com/hedra/hedra/wiki)
-- 🐛 Issues: [GitHub Issues](https://github.com/hedra/hedra/issues)
-- 💬 Discussions: [GitHub Discussions](https://github.com/hedra/hedra/discussions)
-## Acknowledgments
-Built with:
-- [Thor](https://github.com/rails/thor) - CLI framework
-- [HTTP.rb](https://github.com/httprb/http) - HTTP client
-- [TTY::Table](https://github.com/piotrmurach/tty-table) - Terminal tables
-- [Pastel](https://github.com/piotrmurach/pastel) - Terminal colors
-- [RSpec](https://rspec.info/) - Testing framework
 ---
-Made with ❤️ by the Hedra Team
+Built by [BlackStack](https://github.com/bl4ckstack)

data/lib/hedra/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Hedra
-  VERSION = '1.0.0'
+  VERSION = '1.0.1'
 end

metadata CHANGED Viewed

@@ -1,10 +1,10 @@
 --- !ruby/object:Gem::Specification
 name: hedra
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
-- Hedra Team
+- BlackStack
 bindir: bin
 cert_chain: []
 date: 2025-11-12 00:00:00.000000000 Z
@@ -96,7 +96,7 @@ dependencies:
 description: A comprehensive security header analyzer with scanning, auditing, and
   monitoring capabilities
 email:
-- team@hedra.dev
+- info@blackstack.com
 executables:
 - hedra
 extensions: []
@@ -116,7 +116,7 @@ files:
 - lib/hedra/plugin_manager.rb
 - lib/hedra/scorer.rb
 - lib/hedra/version.rb
-homepage: https://github.com/hedra/hedra
+homepage: https://github.com/bl4ckstack/hedra
 licenses:
 - MIT
 metadata: