site-inspector 0.1.2 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/site-inspector +15 -0
- data/lib/site-inspector/dns.rb +1 -1
- data/lib/site-inspector/headers.rb +14 -22
- data/lib/site-inspector.rb +2 -2
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4942c0885c9e08824ecde08d6b29864ef028f94f
|
|
4
|
+
data.tar.gz: 95b45f2c948946eca91f1d37c46b9c868afb6aa3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5a953be1f1a17923acfd4b1565ca3ceca28a0b06dc64bf4e9caa9308865496134de31fcde53b1562263dd77ebf7c3aabba3c421ee965040f08d145e2a344093e
|
|
7
|
+
data.tar.gz: 7e9af2ba7bc62fb0bc4895acb5d99c500673cbb664ba457cd7f00d9a5c90102fbb16bba960fff7d3df6ffa62b0c61312f418058e008e96df8bbc77ae6b25418a
|
data/bin/site-inspector
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
#!/usr/bin/env ruby
|
|
2
|
+
|
|
3
|
+
require_relative "../lib/site-inspector"
|
|
4
|
+
require "json"
|
|
5
|
+
|
|
6
|
+
domain = ARGV[0]
|
|
7
|
+
|
|
8
|
+
if domain.to_s.empty?
|
|
9
|
+
puts "Usage: site-inspector [DOMAIN]"
|
|
10
|
+
exit 1
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
details = SiteInspector.new(domain).to_hash
|
|
14
|
+
|
|
15
|
+
puts JSON.pretty_generate(details)
|
data/lib/site-inspector/dns.rb
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
class SiteInspector
|
|
2
2
|
|
|
3
|
-
#
|
|
3
|
+
# cookies can have multiple set-cookie headers, so this detects
|
|
4
|
+
# whether cookies are set, but not all their values.
|
|
4
5
|
def has_cookies?
|
|
5
|
-
!!
|
|
6
|
+
!!headers["set-cookie"]
|
|
6
7
|
end
|
|
7
8
|
|
|
8
9
|
def strict_transport_security?
|
|
@@ -19,28 +20,24 @@ class SiteInspector
|
|
|
19
20
|
|
|
20
21
|
# return the found header value
|
|
21
22
|
|
|
22
|
-
def has_cookies
|
|
23
|
-
header_from("Set-Cookie")
|
|
24
|
-
end
|
|
25
|
-
|
|
26
23
|
def strict_transport_security
|
|
27
|
-
|
|
24
|
+
headers["strict-transport-security"]
|
|
28
25
|
end
|
|
29
26
|
|
|
30
27
|
def content_security_policy
|
|
31
|
-
|
|
28
|
+
headers["content-security-policy"]
|
|
32
29
|
end
|
|
33
30
|
|
|
34
31
|
def click_jacking_protection
|
|
35
|
-
|
|
32
|
+
headers["x-frame-options"]
|
|
36
33
|
end
|
|
37
34
|
|
|
38
35
|
def server
|
|
39
|
-
|
|
36
|
+
headers["server"]
|
|
40
37
|
end
|
|
41
38
|
|
|
42
39
|
def xss_protection
|
|
43
|
-
|
|
40
|
+
headers["x-xss-protection"]
|
|
44
41
|
end
|
|
45
42
|
|
|
46
43
|
# more specific checks than presence of headers
|
|
@@ -49,19 +46,14 @@ class SiteInspector
|
|
|
49
46
|
end
|
|
50
47
|
|
|
51
48
|
def secure_cookies?
|
|
52
|
-
return nil if !
|
|
53
|
-
cookie =
|
|
49
|
+
return nil if !has_cookies?
|
|
50
|
+
cookie = headers["set-cookie"]
|
|
54
51
|
cookie = cookie.first if cookie.is_a?(Array)
|
|
55
|
-
|
|
56
|
-
marked_http_only = !!(cookie.downcase =~ /httponly/)
|
|
57
|
-
marked_secure and marked_http_only
|
|
52
|
+
!!(cookie =~ /(; secure.*; httponly|; httponly.*; secure)/i)
|
|
58
53
|
end
|
|
59
54
|
|
|
60
|
-
#
|
|
61
|
-
def
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
the_header = response.headers.keys.find {|h| h.downcase =~ /^#{header.downcase}/}
|
|
65
|
-
response.headers[the_header]
|
|
55
|
+
# Returns an array of hashes of downcased key/value header pairs (or nil)
|
|
56
|
+
def headers
|
|
57
|
+
@headers ||= Hash[response.headers.map{ |k,v| [k.downcase,v] }] if response
|
|
66
58
|
end
|
|
67
59
|
end
|
data/lib/site-inspector.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: site-inspector
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ben Balter
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2015-02-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|
|
@@ -222,11 +222,13 @@ dependencies:
|
|
|
222
222
|
version: '1.0'
|
|
223
223
|
description: Returns information about a domain's technology and capabilities
|
|
224
224
|
email: ben@balter.com
|
|
225
|
-
executables:
|
|
225
|
+
executables:
|
|
226
|
+
- site-inspector
|
|
226
227
|
extensions: []
|
|
227
228
|
extra_rdoc_files: []
|
|
228
229
|
files:
|
|
229
230
|
- LICENSE
|
|
231
|
+
- bin/site-inspector
|
|
230
232
|
- lib/data/cdn.yml
|
|
231
233
|
- lib/data/cloud.yml
|
|
232
234
|
- lib/site-inspector.rb
|