I am pleased to announce the release of gethead version 0.1.  This python tool inspects HTTP Headers for vulnerabilities and the lack of added Web Application protection.

Screenshot:

Usage:

$ python gethead.py http://domain.com

Changelog

Version 0.1 – Initial Release

  • Written in Python 2.7.5
  • Performs HTTP Header Analysis
  • Reports Header Vulnerabilities

Features in Development

Version 0.2 – Next Release (November 2013 Release)

  • Support for git updates
  • Support for Python 3.3
  • Complete Header Analysis
  • Additional Logic for Severity Classifications
  • Rank Vulnerabilities by Severity
  • Export Findings with Description, Impact, Execution, Fix, and References
  • Export with multi-format options (XML, HTML, TXT)

Version 0.3 – Future Release (February 2014 Release)

  • Replay and Inline Upstream Proxy support to import into other tools
  • Scan domains, sub-domains, and multi-services
  • Header Injection and Fuzzing functionality
  • HTTP Header Policy Bypassing
  • Modularize and port to more platforms
    (e.g. gMinor, Kali, Burp Extension, Metasploit, Chrome, Firefox)