Skip to content

h4rithd/SecHead

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github/workflows
.github/workflows
 
 
SecHead.egg-info
SecHead.egg-info
 
 
dist
dist
 
 
sechead
sechead
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
setup.py
setup.py
 
 

Repository files navigation

🛡️ SecHead

PyPI version License: MIT Python 3.6+

SecHead is a lightweight, powerful cybersecurity tool designed to audit website security headers. It helps penetration testers, developers, and security researchers identify missing or misconfigured HTTP headers that leave applications vulnerable to attacks like XSS, Clickjacking, and MIME sniffing.

Unlike simple scanners, SecHead provides context-aware analysis, explaining why a configuration is dangerous and offering best-practice remediation.

✨ Key Features

  • 🛡️ Deep Header Analysis: Audits critical headers including CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.
  • 🖱️ Clickjacking PoC: Automatically detects if a site is vulnerable to Clickjacking and generates a live Proof-of-Concept iframe in the HTML report.
  • 📊 Smart Reporting: Generates a beautiful, dark-mode compatible HTML Report containing raw traffic, compliance scores, and remediation guides.
  • 🧬 Technology Fingerprinting: Passive detection of server technologies (e.g., IIS, Nginx, PHP, ASP.NET) based on response signatures.
  • ⚡ Zero-Config: Works out of the box with a simple CLI command.

🚀 Installation

You can install SecHead directly from PyPI:

pip install SecHead

Alternatively, you can clone the repository and install it manually:

git clone https://github.com/h4rithd/SecHead.git
cd SecHead
pip install .

🛠️ Usage

  1. Quick Scan (Terminal Output) Run a scan against a target URL. The results will be displayed directly in your terminal with color-coded alerts.
SecHead -u https://example.com
  1. Generate HTML Report Save the detailed analysis to an HTML file. This report is perfect for attaching to penetration testing deliverables.
SecHead -u https://example.com -o report.html

📊 Sample Output

Terminal View

🔎  Analysis for: https://example.com
📡  Status Code: 200

🛡️   SECURITY HEADERS ANALYSIS
------------------------------------------------------------
❌  Strict-Transport-Security : MISSING
    ℹ️  Forces the browser to communicate only via HTTPS.
    💡 Best Practice: max-age=63072000; includeSubDomains; preload
    ⚠️  Issue: Header is missing entirely.

✅  X-Content-Type-Options    : OK
    ℹ️  Prevents the browser from 'sniffing' the response type.
    💡 Best Practice: nosniff
    ....

HTML Report Preview

  • The generated HTML report includes:
  • Executive Summary: Pass/Fail status for all headers.
  • Vulnerability Proof: A working iframe demonstrating Clickjacking risks (if applicable).
  • Raw Data: Full HTTP request and response logs.
  • Remediation: Copy-pasteable best practices for developers.

⚠️ Disclaimer

This tool is designed for educational and ethical security testing purposes only. Do not use this tool on websites or systems you do not own or do not have explicit permission to test. The author is not responsible for any misuse or damage caused by this program.

📄 License

This project is licensed under the MIT License.

About

Python CLI tool for auditing website security headers, CSP, HSTS, clickjacking protections, and HTTP hardening issues.

Topics

python csp hsts security-audit xss python3 cybersecurity penetration-testing web-security clickjacking security-scanner http-headers security-headers

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Initial Release of SecHead Latest
Feb 3, 2026

Packages

 
 
 

Contributors

Languages