View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0007213Kali LinuxQueued Tool Additionpublic2021-06-05 23:322023-05-02 16:43
Reporterbluesman Assigned Tosbrun  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Fixed in Version2023.2 
Summary0007213: humble - A humble, and fast, security-oriented HTTP headers analyzer
Description

Tool author here! :).

@kali-team, I have no prior experience in project packaging, but if you think that this little tool can be useful for the community, it would be an honor if it was packaged and added to the Kali repositories.

Thanks!

Name: humble
Homepage/repo: https://github.com/rfc-st/humble
Description: A humble, and fast, security-oriented HTTP headers analyzer
Dependencies: colorama, fpdf, requests and tldextract

Activities

bluesman

bluesman

2021-06-05 23:50

reporter   ~0014681

License: MIT.
g0tmi1k

g0tmi1k

2021-06-26 07:22

administrator   ~0014860

@kali-team, please could this be packaged up.
g0tmi1k

g0tmi1k

2021-06-26 07:24

administrator   ~0014861

@author, nice tool.
Will see about it =)

Suggestion, able to explain/on into more depth with content-security-policy
bluesman

bluesman

2021-06-26 22:18

reporter   ~0014868

Indeed!, i'll try my best to improve it. Thanks for your suggestion! :).
bluesman

bluesman

2021-12-08 19:27

reporter   ~0015493

Hi!,

I would like to mention the main features of this tool, and the improvements since I suggested to include it in Kali, in June of this year:

  • Releases available!, with detailed changelogs: https://github.com/rfc-st/humble/releases.

  • A total of 13 checks for missing HTTP response headers.

  • A total of 73 checks for HTTP response headers related to fingerprint.

  • A total of 22 checks for HTTP response headers with values considered insecure.

*Export of analysis to html, pdf and txt.

  • PEP8 compliant.

  • Tested on Linux and Windows.

Thanks!.
bluesman

bluesman

2022-05-27 23:13

reporter   ~0016220

Update of the features of this humble program:

  • 14 checks of missing HTTP response headers.
  • 106 checks of fingerprinting through HTTP response headers.
  • 25 checks of deprecated HTTP response headers or with values considered insecure.
  • Two types of analysis: brief and complete, along with HTTP response headers.
  • Export of analysis to html, pdf and txt.
  • PEP8 compliant code.
  • Tested, one by one, on hundreds of URLs.
  • Fully working on Windows (10 20H2 - 19042.985) and Linux (Kali 2021.1).
  • Permissive license (MIT).
  • Regularly updated.

Thanks!.
bluesman

bluesman

2022-11-10 18:33

reporter   ~0017064

Updates of the features of this humble program:

  • 14 checks of missing HTTP response headers.
  • 358 checks of fingerprinting through HTTP response headers.
  • 42 checks of deprecated HTTP response headers/protocols or with values considered insecure.
  • Browser compatibility check for enabled security headers.
  • Two types of analysis: brief and detailed, along with HTTP response headers.
  • Export of analysis to HTML5, PDF 1.4 and TXT.
  • The analysis includes dozens of references, official documentation and technical articles.
  • i18n: analysis results in English or Spanish.
  • PEP8 compliant code.
  • Tested, one by one, on thousands of URLs.
  • Fully working on Windows (10 20H2 - 19042.985) and Linux (Kali 2021.1).
  • Permissive license (MIT).
  • Regularly updated.
  • Technical resource in the OWASP Secure Headers Project.

Thanks!.
Kenneths28

Kenneths28

2023-02-20 08:59

reporter   ~0017538

Estoy ansioso por trabajar con cada uno de los programas me gusta la tecologia
bluesman

bluesman

2023-04-07 17:07

reporter   ~0017788

Updates in the last five months! ^^:

  • 13 checks of missing HTTP response headers.
  • 734 checks of fingerprinting through HTTP response headers.
  • 58 checks of deprecated HTTP response headers/protocols or with values considered insecure.
  • Browser compatibility check for enabled security headers.
  • Two types of analysis: brief and detailed, along with HTTP response headers.
  • Export of analysis to HTML5, PDF 1.4 and TXT.
  • The analysis includes dozens of references, official documentation and technical articles.
  • i18n: analysis results in English or Spanish.
  • Saves each analysis, showing (at the end) the improvements or deficiencies in relation to the last one.
  • Code reviewed via pycodestyle, SonarLint and Sourcery.
  • Tested, one by one, on thousands of URLs.
  • Fully tested and working on Windows (10 20H2 - 19042.985) and Linux (Kali 2021.1).
  • All code under one of the most permissive licenses: MIT.
  • Regularly updated.
  • Technical resource accepted in the OWASP Secure Headers Project.

Thanks!
kali-bugreport

kali-bugreport

2023-04-12 05:48

reporter   ~0017797

Note that this issue got cloned "privately" and wrongly to #8257 and that issue should be closed as a duplicate.
sbrun

sbrun

2023-04-27 14:19

manager   ~0017836

@author I have uploaded humble version 1.22 in kali-dev. It will be available in kali-rolling in few days.
I created a script in /usr/bin/humble to allow simple usage like "humble -h"

I only have one issue: the latest versions are 1.* but the releases on github are tagged with the release dates not with the versions.
It does not work with our tool to monitor the new releases. Do you think you can tag the next releases with the versions?
bluesman

bluesman

2023-04-28 11:35

reporter   ~0017850

Hi,

First of all thanks for accepting my tool!.

Yes, from now on I will tags the releases with a version instead of a date.

Thanks and have a nice weekend!
bluesman

bluesman

2023-04-30 21:05

reporter   ~0017863

@sbrun, I have updated my tool (new version), with changes both in minimum versions of the required dependencies and at code level. Including new functionality against files in certain file system paths. After reviewing the adaptations you have made to integrate it into Kali (thanks!!), I thought I should inform you.

It would be interesting if the first version of this humble tool was released in Kali with the above changes.

Thanks for your time!
sbrun

sbrun

2023-05-02 16:42

manager   ~0017874

I have uploaded the latest version 1.23 in kali. It will be available soon in kali-rolling.
I will close this issue. Feel free to open a new issue if you find any problem.

Issue History

Date Modified Username Field Change
2021-06-05 23:32 bluesman New Issue
2021-06-05 23:50 bluesman Note Added: 0014681
2021-06-26 07:22 g0tmi1k Note Added: 0014860
2021-06-26 07:22 g0tmi1k Status new => acknowledged
2021-06-26 07:22 g0tmi1k Category New Tool Requests => Queued Tool Addition
2021-06-26 07:22 g0tmi1k Summary humble: A humble, and fast, security-oriented HTTP headers analyzer => humble - A humble, and fast, security-oriented HTTP headers analyzer
2021-06-26 07:24 g0tmi1k Note Added: 0014861
2021-06-26 22:18 bluesman Note Added: 0014868
2021-12-08 19:27 bluesman Note Added: 0015493
2022-05-27 23:13 bluesman Note Added: 0016220
2022-11-10 18:33 bluesman Note Added: 0017064
2023-02-20 08:59 Kenneths28 Note Added: 0017538
2023-04-07 17:07 bluesman Note Added: 0017788
2023-04-10 21:34 Beautychuks Issue cloned: 0008257
2023-04-12 05:48 kali-bugreport Note Added: 0017797
2023-04-26 08:11 sbrun Assigned To => sbrun
2023-04-26 08:11 sbrun Status acknowledged => assigned
2023-04-27 14:19 sbrun Note Added: 0017836
2023-04-28 11:35 bluesman Note Added: 0017850
2023-04-30 21:05 bluesman Note Added: 0017863
2023-05-02 16:42 sbrun Note Added: 0017874
2023-05-02 16:43 sbrun Status assigned => resolved
2023-05-02 16:43 sbrun Resolution open => fixed
2023-05-02 16:43 sbrun Fixed in Version => 2023.2