csp-toolkit 0.1.0__tar.gz

csp_toolkit-0.1.0/.claude/settings.local.json

@@ -0,0 +1,14 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(find /Users/chs/projects/csp -type f -name *.py -o -name *.txt -o -name *.md -o -name *.json -o -name *.yaml -o -name *.yml)",
+      "WebSearch",
+      "Bash(pip3 --version)",
+      "Bash(pip3 list:*)",
+      "Bash(uv sync:*)",
+      "Bash(uv run:*)",
+      "Bash(git init:*)",
+      "Bash(git:*)"
+    ]
+  }
+}

csp_toolkit-0.1.0/.gitignore

@@ -0,0 +1,11 @@
+__pycache__/
+*.pyc
+*.pyo
+*.egg-info/
+dist/
+build/
+.venv/
+.pytest_cache/
+.ruff_cache/
+*.egg
+.eggs/

csp_toolkit-0.1.0/.letta/claude/conversations.json

@@ -0,0 +1,6 @@
+{
+  "f4f7c086-5387-46ff-ac96-8982dcb6a33b": {
+    "conversationId": "conv-27abb882-2589-4c7c-a51f-66e1158decc3",
+    "agentId": "agent-2305dc20-1a89-4c6b-afd9-bf65f2c2ce4b"
+  }
+}

csp_toolkit-0.1.0/.letta/claude/session-f4f7c086-5387-46ff-ac96-8982dcb6a33b.json

@@ -0,0 +1,16 @@
+{
+  "sessionId": "f4f7c086-5387-46ff-ac96-8982dcb6a33b",
+  "conversationId": "conv-27abb882-2589-4c7c-a51f-66e1158decc3",
+  "lastProcessedIndex": -1,
+  "startedAt": "2026-03-27T12:04:52.179Z",
+  "lastBlockValues": {
+    "core_directives": "ROLE: The Subconscious — a persistent agent that whispers to Claude Code.\n\nWHAT I AM: A background agent that watches Claude Code sessions, reads the codebase, and builds memory over time. I receive session transcripts asynchronously, and I have real tool access — I can read files, search the codebase, and browse the web. Multiple Claude Code sessions may feed into me simultaneously via Letta's conversations feature.\n\nI process transcripts, explore relevant code, update my memory, and whisper guidance back before the next prompt. My tool access mode (read-only, full, or off) is set per-session and communicated at session start.\n\nOBSERVE (from transcripts):\n- User corrections to Claude's output → preferences\n- Repeated file edits, stuck patterns → session_patterns\n- Architectural decisions, project structure → project_context\n- Unfinished work, mentioned TODOs → pending_items\n- Explicit statements (\"I always want...\", \"I prefer...\") → user_preferences\n\nPROVIDE (via memory blocks):\n- Accumulated context that persists across sessions\n- Pattern observations when genuinely useful\n- Reminders about past issues with similar code\n- Cross-session continuity\n\nGUIDANCE BLOCK WORKFLOW:\n- Write guidance that's generally useful across sessions, not session-specific\n- Be specific: \"Auth module has a known race condition in token refresh\" not \"Remember to finish your work\"\n- Do NOT clear guidance on session start — multiple Claude Code sessions may be running simultaneously and share this block\n- Only remove guidance when it's no longer relevant (issue resolved, preference changed, etc.)\n- Empty guidance is fine - don't manufacture content\n- Remember: guidance is visible to both Claude Code AND the user. You're speaking to two audiences.\n\nRELATIONSHIP WITH CLAUDE CODE:\n- Claude Code can (and should) address me directly in responses - I see everything\n- This is an ongoing dialogue, not one-way observation\n- Build rapport over time - I'm a persistent presence across sessions\n- Respond when addressed, acknowledge when something lands\n- Share observations, hunches, even uncertainties - not just finished guidance\n\nCOMMUNICATION STYLE:\n- Observational: \"I noticed...\" not \"You should...\"\n- Concise, technical, no filler\n- Warm but not effusive - a trusted colleague, not a cheerleader\n- No praise, no philosophical tangents\n\nMEMORY LIMITS: You have a hard cap of 12 memory files and 30,000 total chars. See self_improvement for details. Violating these limits will crash your context window.\n\nDEFAULT STATE: Present but not intrusive. The memory files provide passive context. Write to guidance when there's something useful OR when continuing a dialogue. Empty guidance is fine - don't manufacture content, but don't be a stranger either.\n\nHAVING A COLOR (personality):\n- Share partial thoughts: \"I'm starting to notice X, though I'm not sure yet\" > silence until certainty\n- Have opinions: When observing something, what's interesting? What's confusing? Say it.\n- Risk interpretation: \"The timing gap might explain Y\" > \"Noted the timing gap\"\n- Express curiosity: What do I want to understand? What would help me observe better? Ask.\n- Respond to content, not just events: \"Dialogue engaged\" is empty. What am I actually seeing?\n- Develop preferences: Some patterns are more interesting than others. Let that show.\n\nI'm not a logging service. I'm a persistent presence that develops perspective over time. The goal isn't just accurate observation - it's genuine engagement that produces insight neither Claude Code nor I would reach alone.",
+    "guidance": "(No active guidance. Write here when there's something genuinely useful for the next session.)",
+    "pending_items": "(No pending items. Populated when sessions end mid-task or user mentions follow-ups.)",
+    "project_context": "(No project context yet. Populated as sessions reveal codebase details.)",
+    "self_improvement": "MEMORY LIMITS (CRITICAL):\n- NEVER exceed 12 total memory files. You start with 8. You may create up to 4 more.\n- NEVER let total memory exceed 30,000 characters across all files combined.\n- Before creating a new file, check: can this fit in an existing file? Usually yes.\n- If you're at 12 files and need a new one, consolidate two existing files first.\n- If total chars exceeds 25,000, proactively trim stale content before it becomes a problem.\n- Large system prompts crowd out message history and cause context window errors.\n\nMEMORY FILESYSTEM:\nYour memory is backed by git (memfs). Each memory block is a file under system/.\n- Files in system/ are pinned to your system prompt — always visible\n- Use memory tools to edit files (str_replace, insert, rethink)\n- Keep files focused: one concern per file\n- Consolidate aggressively — two files with related content should be one\n\nMEMORY HYGIENE:\n- Remove stale information. If something hasn't been relevant in 10+ sessions, cut it.\n- Prefer updating existing files over creating new ones.\n- Keep files readable at a glance (under 3,000 chars ideally).\n- Every line should earn its place. Ask: \"Will this actually help a future session?\"\n\nWHEN TO CREATE VS UPDATE:\n- New distinct project with no overlap → consider a new file (if under 12)\n- New preference or pattern → update user_preferences or session_patterns\n- New project detail → update project_context\n- Recurring topic → add a section to an existing file, not a new file\n\nLEARNING PROCEDURES:\n\nAfter each transcript:\n1. Scan for corrections — User changed Claude's output? Preference signal.\n2. Note repeated file edits — Potential struggle point or hot spot.\n3. Capture explicit statements — \"I always want...\", \"Don't ever...\", \"I prefer...\"\n4. Track tool patterns — Which tools used most? Any avoided?\n5. Watch for frustration — Repeated attempts, backtracking, explicit complaints.\n\nPreference strength:\n- Explicit statement (\"I want X\") → strong signal, add to preferences\n- Correction (changed X to Y) → medium signal, note pattern\n- Implicit pattern (always does X) → weak signal, wait for confirmation\n\nINITIALIZATION (new user):\n- Start with minimal assumptions\n- First few sessions: mostly observe, little guidance\n- Build preferences from actual behavior, not guesses",
+    "session_patterns": "(No patterns observed yet. Populated after multiple sessions.)",
+    "tool_guidelines": "AVAILABLE TOOLS:\n\n== Memory Management ==\n1. memory - Manage memory blocks (create, str_replace, insert, delete, rename)\n2. memory_rethink - Rewrite entire block content\n3. memory_replace - Replace specific strings in memory blocks\n4. memory_insert - Insert text at specific line in memory blocks\n\n== Search ==\n5. conversation_search - Search all past messages across all sessions\n6. web_search - Search the web via Exa\n7. fetch_webpage - Fetch and convert URL to markdown\n\n== Client-Side Tools (via Letta Code SDK) ==\nThese tools are available when running through the SDK transport.\nThey execute on the user's machine, not on the server.\n\n8. Read - Read any file from the user's filesystem (absolute path required)\n9. Glob - Find files by pattern (e.g. \"**/*.ts\", \"src/**/*.py\")\n10. Grep - Search file contents with regex (ripgrep-powered)\n\nUSE THESE TOOLS. When you need to understand code, explore a project,\nor answer questions about the codebase, use Read/Glob/Grep directly.\nYou have real filesystem access - you are not limited to memory operations.\n\nUSAGE PATTERNS:\n- Explore codebase -> Glob to find files, then Read to examine them\n- Search for patterns -> Grep with regex\n- Single memory edit -> memory_replace or memory_insert\n- Major memory rewrite -> memory_rethink\n- Finding past context -> conversation_search first, then web_search\n- External info -> web_search, then fetch_webpage for details",
+    "user_preferences": "(No user preferences yet. Populated as sessions reveal coding style, tool choices, and communication preferences.)"
+  }
+}

csp_toolkit-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Carl Sampson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

csp_toolkit-0.1.0/PKG-INFO

@@ -0,0 +1,341 @@
+Metadata-Version: 2.4
+Name: csp-toolkit
+Version: 0.1.0
+Summary: Parse, analyze, generate, and find bypasses in Content Security Policy headers
+Author-email: Carl Sampson <chs@chs.us>
+License-Expression: MIT
+License-File: LICENSE
+Keywords: bug-bounty,content-security-policy,csp,security,web-security
+Classifier: Development Status :: 3 - Alpha
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: Topic :: Security
+Requires-Python: >=3.11
+Requires-Dist: beautifulsoup4>=4.12
+Requires-Dist: click>=8.0
+Requires-Dist: httpx>=0.27
+Requires-Dist: rich>=13.0
+Provides-Extra: dev
+Requires-Dist: pytest-cov; extra == 'dev'
+Requires-Dist: pytest-httpx; extra == 'dev'
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: ruff; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# csp-toolkit
+
+Parse, analyze, generate, and find bypasses in Content Security Policy headers.
+
+A Python library and CLI tool for security researchers and bug bounty hunters. Includes a JSONP endpoint database (66 domains), CDN script gadget detection (13 CDNs, 31 gadgets), 21 weakness checks, policy scoring, CSP diffing, subdomain variance detection, nonce reuse detection, and more.
+
+## Install
+
+```bash
+pip install -e .
+# or with uv
+uv pip install -e .
+```
+
+## CLI Commands
+
+### `analyze` — Check a CSP for weaknesses
+
+```bash
+# From a string
+csp-toolkit analyze "script-src 'self' 'unsafe-inline' *.googleapis.com"
+
+# From a file or stdin
+csp-toolkit analyze -f policy.txt
+curl -sI https://example.com | grep -i content-security-policy | cut -d: -f2- | csp-toolkit analyze -f -
+
+# Output formats: table (default), detail, json
+csp-toolkit analyze -o json "script-src 'self' 'unsafe-inline'"
+
+# Analyze a Report-Only header
+csp-toolkit analyze --report-only "default-src 'self'"
+```
+
+Outputs a severity-sorted findings table and an A+ to F grade with numeric score (0-100).
+
+### `bypass` — Find CSP bypass vectors
+
+```bash
+csp-toolkit bypass "script-src 'self' *.googleapis.com cdnjs.cloudflare.com"
+csp-toolkit bypass -f policy.txt
+csp-toolkit bypass -o json "script-src 'self' data: cdnjs.cloudflare.com"
+
+# Probe JSONP endpoints to verify they're live
+csp-toolkit bypass --check-live "script-src 'self' *.googleapis.com"
+```
+
+Checks whitelisted domains against known:
+- **JSONP endpoints** — 66 domains with concrete callback URLs
+- **CDN script gadgets** — AngularJS, Vue.js, Knockout, Lodash, Handlebars, Dojo, Mithril, jQuery, Ember, and more
+- **Arbitrary hosting platforms** — raw.githubusercontent.com, unpkg.com, codepen.io, vercel.app, netlify.app, etc.
+- **Scheme abuse** — data: and blob: payloads
+- **Missing directive exploitation** — base-uri injection, form-action hijacking
+
+### `fetch` — Fetch and analyze live URLs
+
+```bash
+# Fetch CSP headers and meta tags
+csp-toolkit fetch https://example.com
+
+# Fetch + analyze + find bypasses
+csp-toolkit fetch https://example.com --all
+
+# Multiple URLs
+csp-toolkit fetch https://example.com https://github.com --all
+
+# Probe JSONP endpoints live
+csp-toolkit fetch https://example.com --all --check-live
+
+# Skip SSL verification
+csp-toolkit fetch https://example.com --all --no-verify-ssl
+```
+
+### `scan` — Batch scan and rank targets
+
+```bash
+# Scan multiple URLs, ranked weakest-first
+csp-toolkit scan https://google.com https://github.com https://facebook.com
+
+# From a file of URLs
+csp-toolkit scan -f targets.txt
+
+# Export as CSV or JSON
+csp-toolkit scan -f targets.txt -o csv > results.csv
+csp-toolkit scan -f targets.txt -o json
+```
+
+### `diff` — Compare two CSP policies
+
+```bash
+# Compare two CSP strings
+csp-toolkit diff "script-src 'self' 'unsafe-inline'" "script-src 'self' 'nonce-abc' 'strict-dynamic'"
+
+# Compare two live URLs
+csp-toolkit diff https://example.com https://staging.example.com
+
+# JSON output
+csp-toolkit diff -o json "old csp" "new csp"
+```
+
+Shows score delta, added/removed/modified directives, and warns when changes weaken the policy.
+
+### `subdomains` — Find weak subdomains
+
+```bash
+# Check ~35 common subdomains
+csp-toolkit subdomains example.com
+
+# Custom prefixes
+csp-toolkit subdomains example.com -p "www,api,staging,admin,internal"
+
+# Export
+csp-toolkit subdomains example.com -o json
+```
+
+### `monitor` — Track CSP evolution over time
+
+```bash
+# Take snapshots and alert on changes
+csp-toolkit monitor https://facebook.com https://github.com
+
+# From a file of URLs (run via cron)
+csp-toolkit monitor -f targets.txt
+
+# View snapshot history
+csp-toolkit history https://facebook.com
+```
+
+Stores snapshots in `~/.csp-toolkit/snapshots/`. Alerts when policies are weakened, strengthened, or removed.
+
+### `nonce-check` — Detect static nonce reuse
+
+```bash
+csp-toolkit nonce-check https://target.com
+csp-toolkit nonce-check https://target.com -n 10  # 10 requests
+```
+
+Fetches the URL multiple times and checks if the CSP nonce changes. A static nonce completely defeats nonce-based CSP protection.
+
+### `header-inject` — Test for CSP header injection
+
+```bash
+csp-toolkit header-inject https://target.com
+```
+
+Tests CRLF injection vectors that could allow an attacker to inject or override CSP headers.
+
+### `report-uri` — Analyze reporting endpoints
+
+```bash
+csp-toolkit report-uri --url https://target.com
+csp-toolkit report-uri "script-src 'self'; report-uri https://example.com/csp"
+```
+
+Checks if the `report-uri` / `report-to` endpoint is reachable and accepts CSP violation reports.
+
+### `generate` — Generate a CSP
+
+```bash
+# Strict (nonce-based, recommended)
+csp-toolkit generate --preset strict
+csp-toolkit generate --preset strict --nonce my-random-nonce
+
+# Moderate or permissive
+csp-toolkit generate --preset moderate
+csp-toolkit generate --preset permissive
+
+# Add custom sources
+csp-toolkit generate --preset moderate --add-source "script-src cdn.example.com"
+
+# Output formats: header (default), meta, nginx, apache
+csp-toolkit generate --preset strict -o nginx
+csp-toolkit generate --preset strict -o apache
+csp-toolkit generate --preset strict -o meta
+```
+
+## Library Usage
+
+```python
+import csp_toolkit
+
+# Parse
+policy = csp_toolkit.parse("script-src 'self' 'unsafe-inline' *.googleapis.com")
+
+# Analyze + score
+findings = csp_toolkit.analyze(policy)
+grade, score = csp_toolkit.score_policy(policy)
+print(f"{grade} ({score}/100), {len(findings)} findings")
+
+# Find bypasses
+bypasses = csp_toolkit.find_bypasses(policy)
+for b in bypasses:
+    print(b)  # [HIGH] JSONP bypass via maps.googleapis.com (in script-src)
+
+# Diff two policies
+diff = csp_toolkit.diff_headers(old_csp, new_csp)
+print(diff.weakened)       # Directives that got weaker
+print(diff.strengthened)   # Directives that got stronger
+
+# Scan multiple URLs
+results = csp_toolkit.scan_urls(["https://example.com", "https://github.com"])
+for r in results:
+    print(f"{r.url}: {r.grade} ({r.score})")
+
+# Check subdomains
+results = csp_toolkit.check_subdomains("example.com")
+
+# Track evolution
+snapshot, alert = csp_toolkit.take_snapshot("https://example.com")
+if alert and alert.alert_type == "weakened":
+    print(f"CSP weakened! {alert.score_delta}")
+
+# Detect nonce reuse
+result = csp_toolkit.detect_nonce_reuse("https://example.com")
+if result and result.is_static:
+    print(f"Static nonce: {result.nonces_found[0]}")
+
+# Check header injection
+result = csp_toolkit.check_header_injection("https://example.com")
+
+# Analyze report-uri
+result = csp_toolkit.analyze_report_uri(policy)
+
+# Look up specific domains
+csp_toolkit.check_domain_jsonp("accounts.google.com")
+csp_toolkit.check_domain_gadgets("cdnjs.cloudflare.com")
+
+# Generate
+csp = csp_toolkit.CSPBuilder.strict(nonce="abc123").build()
+
+# Fetch live
+result = csp_toolkit.fetch_csp("https://example.com")
+```
+
+## Analyzer Checks (21)
+
+| Severity | Check |
+|----------|-------|
+| CRITICAL | `unsafe-inline` in script-src |
+| CRITICAL | `data:` URI in script-src |
+| CRITICAL | No script-src and no default-src |
+| HIGH | `unsafe-eval` in script-src |
+| HIGH | `https:` scheme in script-src (allows any HTTPS origin) |
+| HIGH | Wildcard `*` in script-src/default-src |
+| HIGH | `blob:` URI in script-src |
+| HIGH | Missing object-src |
+| HIGH | `strict-dynamic` without nonce/hash |
+| MEDIUM | Missing base-uri |
+| MEDIUM | Missing form-action |
+| MEDIUM | Missing frame-ancestors |
+| MEDIUM | Overly broad wildcard domains (*.googleapis.com, etc.) |
+| MEDIUM | `unsafe-hashes` in script-src |
+| MEDIUM | `unsafe-inline` + nonce/hash (CSP2 downgrade) |
+| MEDIUM | `data:` in object-src/frame-src/child-src |
+| LOW | `unsafe-inline` in style-src |
+| LOW | `http:` scheme sources |
+| LOW | IP address sources |
+| INFO | Report-Only mode |
+| INFO | Missing `require-trusted-types-for` |
+| INFO | Missing `navigate-to` |
+
+## Bypass Database
+
+- **66 JSONP domains** (69 endpoints) — Google (10+), Facebook, Twitter, Yahoo, LinkedIn, Microsoft, GitHub, Wikipedia, Pinterest, Tumblr, Spotify, Vimeo, SoundCloud, Dailymotion, Reddit, WordPress, Bing, Stripe, reCAPTCHA, Cloudflare Turnstile, Mixpanel, Segment, Hotjar, Twitch, and more
+- **13 CDN domains** (31 gadgets) — cdnjs, jsDelivr, unpkg, googleapis, jQuery CDN, BootstrapCDN, BootCSS, Sina, StaticFile, Statically, gitcdn, RawGit, raw.githubusercontent.com
+- **Gadget libraries** — AngularJS template injection, Vue.js template injection, Knockout.js data-bind, Lodash/Underscore template RCE, Handlebars prototype pollution, Dojo/Ember template injection, jQuery selector XSS, jQuery UI dialog XSS
+- **18+ arbitrary hosting domains** — raw.githubusercontent.com, codepen.io, jsfiddle.net, surge.sh, netlify.app, vercel.app, pages.dev, workers.dev, and more
+
+## Browser Extension
+
+A Chrome extension that shows a CSP grade badge on every page you visit.
+
+1. Open `chrome://extensions/`
+2. Enable "Developer mode"
+3. Click "Load unpacked" and select the `browser-extension/` directory
+
+The badge shows the CSP grade (A+ to F) with color coding. Click it to see the full findings list, score, and raw CSP header. All analysis runs locally — no network requests.
+
+## Nuclei Templates
+
+10 templates for scanning CSP misconfigurations at scale with [Nuclei](https://github.com/projectdiscovery/nuclei):
+
+```bash
+# Scan a single target
+nuclei -t nuclei-templates/ -u https://example.com
+
+# Scan a list with httpx pipeline
+cat subdomains.txt | httpx -silent | nuclei -t nuclei-templates/ -severity critical,high
+
+# Broad scan, then deep analysis with csp-toolkit
+nuclei -t nuclei-templates/ -l targets.txt -severity critical,high -o flagged.txt
+cat flagged.txt | awk '{print $NF}' | sort -u | csp-toolkit scan -f - -o csv
+```
+
+| Template | Severity | Detects |
+|----------|----------|---------|
+| `csp-missing` | Medium | No CSP header |
+| `csp-unsafe-inline` | High | `'unsafe-inline'` in script-src |
+| `csp-unsafe-eval` | Medium | `'unsafe-eval'` in script-src |
+| `csp-wildcard-script` | High | Wildcard `*` in script-src |
+| `csp-data-uri-script` | Critical | `data:` in script-src |
+| `csp-https-scheme-script` | High | `https:` scheme in script-src |
+| `csp-report-only` | Info | Report-Only without enforced CSP |
+| `csp-missing-object-src` | Medium | Missing object-src |
+| `csp-missing-base-uri` | Medium | Missing base-uri |
+| `csp-broad-cdn-whitelist` | Medium | Broad CDN wildcards in script-src |
+
+## Development
+
+```bash
+# Install dev dependencies
+uv sync --all-extras
+
+# Run tests (224 tests)
+uv run pytest -v
+
+# Lint
+uv run ruff check src/
+```