View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007213 | Kali Linux | [All Projects] Queued Tool Addition | public | 2021-06-05 23:32 | 2023-05-02 16:43 |
| Reporter | bluesman | Assigned To | sbrun | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Product Version | |||||
| Target Version | Fixed in Version | 2023.2 | |||
| Summary | 0007213: humble - A humble, and fast, security-oriented HTTP headers analyzer | ||||
| Description | Tool author here! :). @kali-team, I have no prior experience in project packaging, but if you think that this little tool can be useful for the community, it would be an honor if it was packaged and added to the Kali repositories. Thanks! Name: humble Homepage/repo: https://github.com/rfc-st/humble Description: A humble, and fast, security-oriented HTTP headers analyzer Dependencies: colorama, fpdf, requests and tldextract | ||||
|
|
License: MIT. |
|
|
@kali-team, please could this be packaged up. |
|
|
@author, nice tool. Will see about it =) Suggestion, able to explain/on into more depth with `content-security-policy` |
|
|
Indeed!, i'll try my best to improve it. Thanks for your suggestion! :). |
|
|
Hi!, I would like to mention the main features of this tool, and the improvements since I suggested to include it in Kali, in June of this year: * Releases available!, with detailed changelogs: https://github.com/rfc-st/humble/releases. * A total of 13 checks for missing HTTP response headers. * A total of 73 checks for HTTP response headers related to fingerprint. * A total of 22 checks for HTTP response headers with values considered insecure. *Export of analysis to html, pdf and txt. * PEP8 compliant. * Tested on Linux and Windows. Thanks!. |
|
|
Update of the features of this humble program: * 14 checks of missing HTTP response headers. * 106 checks of fingerprinting through HTTP response headers. * 25 checks of deprecated HTTP response headers or with values considered insecure. * Two types of analysis: brief and complete, along with HTTP response headers. * Export of analysis to html, pdf and txt. * PEP8 compliant code. * Tested, one by one, on hundreds of URLs. * Fully working on Windows (10 20H2 - 19042.985) and Linux (Kali 2021.1). * Permissive license (MIT). * Regularly updated. Thanks!. |
|
|
Updates of the features of this humble program: * 14 checks of missing HTTP response headers. * 358 checks of fingerprinting through HTTP response headers. * 42 checks of deprecated HTTP response headers/protocols or with values considered insecure. * Browser compatibility check for enabled security headers. * Two types of analysis: brief and detailed, along with HTTP response headers. * Export of analysis to HTML5, PDF 1.4 and TXT. * The analysis includes dozens of references, official documentation and technical articles. * i18n: analysis results in English or Spanish. * PEP8 compliant code. * Tested, one by one, on thousands of URLs. * Fully working on Windows (10 20H2 - 19042.985) and Linux (Kali 2021.1). * Permissive license (MIT). * Regularly updated. * Technical resource in the OWASP Secure Headers Project. Thanks!. |
|
|
Estoy ansioso por trabajar con cada uno de los programas me gusta la tecologia |
|
|
Updates in the last five months! ^^: * 13 checks of missing HTTP response headers. * 734 checks of fingerprinting through HTTP response headers. * 58 checks of deprecated HTTP response headers/protocols or with values considered insecure. * Browser compatibility check for enabled security headers. * Two types of analysis: brief and detailed, along with HTTP response headers. * Export of analysis to HTML5, PDF 1.4 and TXT. * The analysis includes dozens of references, official documentation and technical articles. * i18n: analysis results in English or Spanish. * Saves each analysis, showing (at the end) the improvements or deficiencies in relation to the last one. * Code reviewed via pycodestyle, SonarLint and Sourcery. * Tested, one by one, on thousands of URLs. * Fully tested and working on Windows (10 20H2 - 19042.985) and Linux (Kali 2021.1). * All code under one of the most permissive licenses: MIT. * Regularly updated. * Technical resource accepted in the OWASP Secure Headers Project. Thanks! |
|
|
Note that this issue got cloned "privately" and wrongly to #8257 and that issue should be closed as a duplicate. |
|
|
@author I have uploaded humble version 1.22 in kali-dev. It will be available in kali-rolling in few days. I created a script in /usr/bin/humble to allow simple usage like "humble -h" I only have one issue: the latest versions are 1.* but the releases on github are tagged with the release dates not with the versions. It does not work with our tool to monitor the new releases. Do you think you can tag the next releases with the versions? |
|
|
Hi, First of all thanks for accepting my tool!. Yes, from now on I will tags the releases with a version instead of a date. Thanks and have a nice weekend! |
|
|
@sbrun, I have updated my tool (new version), with changes both in minimum versions of the required dependencies and at code level. Including new functionality against files in certain file system paths. After reviewing the adaptations you have made to integrate it into Kali (thanks!!), I thought I should inform you. It would be interesting if the first version of this humble tool was released in Kali with the above changes. Thanks for your time! |
|
|
I have uploaded the latest version 1.23 in kali. It will be available soon in kali-rolling. I will close this issue. Feel free to open a new issue if you find any problem. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-06-05 23:32 | bluesman | New Issue | |
| 2021-06-05 23:50 | bluesman | Note Added: 0014681 | |
| 2021-06-26 07:22 | g0tmi1k | Note Added: 0014860 | |
| 2021-06-26 07:22 | g0tmi1k | Status | new => acknowledged |
| 2021-06-26 07:22 | g0tmi1k | Category | New Tool Requests => Queued Tool Addition |
| 2021-06-26 07:22 | g0tmi1k | Summary | humble: A humble, and fast, security-oriented HTTP headers analyzer => humble - A humble, and fast, security-oriented HTTP headers analyzer |
| 2021-06-26 07:24 | g0tmi1k | Note Added: 0014861 | |
| 2021-06-26 22:18 | bluesman | Note Added: 0014868 | |
| 2021-12-08 19:27 | bluesman | Note Added: 0015493 | |
| 2022-05-27 23:13 | bluesman | Note Added: 0016220 | |
| 2022-11-10 18:33 | bluesman | Note Added: 0017064 | |
| 2023-02-20 08:59 | Kenneths28 | Note Added: 0017538 | |
| 2023-04-07 17:07 | bluesman | Note Added: 0017788 | |
| 2023-04-10 21:34 | Beautychuks | Issue cloned: 0008257 | |
| 2023-04-12 05:48 | kali-bugreport | Note Added: 0017797 | |
| 2023-04-26 08:11 | sbrun | Assigned To | => sbrun |
| 2023-04-26 08:11 | sbrun | Status | acknowledged => assigned |
| 2023-04-27 14:19 | sbrun | Note Added: 0017836 | |
| 2023-04-28 11:35 | bluesman | Note Added: 0017850 | |
| 2023-04-30 21:05 | bluesman | Note Added: 0017863 | |
| 2023-05-02 16:42 | sbrun | Note Added: 0017874 | |
| 2023-05-02 16:43 | sbrun | Status | assigned => resolved |
| 2023-05-02 16:43 | sbrun | Resolution | open => fixed |
| 2023-05-02 16:43 | sbrun | Fixed in Version | => 2023.2 |