Welcome to the gethead Project.

gethead.py is a Python HTTP Header Analysis Vulnerability Tool. It identifies security vulnerabilities and the lack of protection in HTTP Headers.

Usage:

$ python gethead.py http://domain.com

Changelog

Version 0.1 - Initial Release

Written in Python 2.7.5

Performs HTTP Header Analysis

Reports Header Vulnerabilities

Features in Development

Version 0.2 - Next Release (April 2014 Release)

Support for git updates

Support for Python 3.3

Complete Header Analysis

Additional Logic for Severity Classifications

Rank Vulnerabilities by Severity

Export Findings with Description, Impact, Execution, Fix, and References

Export with multi-format options (XML, HTML, TXT)

Version 0.3 - Future Release (May 2014 Release)

Replay and Inline Upstream Proxy support to import into other tools

Scan domains, sub-domains, and multi-services

Header Injection and Fuzzing functionality

HTTP Header Policy Bypassing

Modularize and port to more platforms

(e.g. gMinor, Kali, Burp Extension, Metasploit, Chrome, Firefox)

About the Author

Nathan LaFollette “httphacker” has been leading international security engagements in the areas of Web Application Penetration Testing for many years. Nathan’s vast experience with web vulnerability analysis is unmatched in the industry. Currently employed by a Fortune 10 company as a Senior Security Consultant, Nathan has advised and performed Web Application Penetration Testing for some of the world’s largest publicly and privately traded companies. Nathan brings a great deal of international security threat expertise and corporate security experience to the information security community. Nathan also acts as the lead project developer for other upcoming projects such as getcookies, getoff, and getssl python projects.

Contact Info

github: https://github.com/httphacker

email: httphacker@icloud.com

website: httphacker.com

twitter: @httphacker



Bugs and Feature Requests

Contact Nathan at httphacker@icloud.com and he’ll sort it out and take your feature requests.