A powerful Python-based security tool that analyzes HTTP security headers for websites and automatically generates clickjacking payloads when vulnerabilities are detected.
Project description
Iris
A powerful Python-based security tool that analyzes HTTP security headers for websites and automatically generates clickjacking payloads when vulnerabilities are detected.
โจ Features
- Real-time Progress Tracking - Beautiful progress bars with percentage completion
- Comprehensive Header Analysis - Checks 11 critical security headers
- Automatic Payload Generation - Creates clickjacking test payloads when X-Frame-Options is missing
- Rich Terminal Interface - Colorful, modern CLI with animated spinners and styled tables
- SSL Bypass Support - Works with sites having SSL certificate issues
- Fast Performance - Single HTTP request for all header checks
๐ Supported Security Headers
| Header | Description |
|---|---|
| Content-Security-Policy | Prevents XSS and injection attacks |
| X-Content-Type-Options | Prevents MIME type sniffing |
| X-Frame-Options | Protects against clickjacking |
| X-XSS-Protection | Enables XSS filtering |
| Strict-Transport-Security | Enforces HTTPS connections |
| Referrer-Policy | Controls referrer information |
| Feature-Policy | Controls browser features |
| Permissions-Policy | Modern replacement for Feature-Policy |
| Expect-CT | Certificate transparency |
| Cache-Control | Controls caching behavior |
| Pragma | HTTP/1.0 cache control |
๐ Installation
Prerequisites
- Python 3.7 or higher
- pip package manager
Quick Install
- Clone the repository:
git clone https://github.com/joelindra/iris.git
cd iris
- Install dependencies:
pip install -r requirements.txt
- Make the script executable (Linux/macOS):
chmod +x iris.py
๐ป Usage
Basic Usage
python3 iris.py <target_url>
Examples
# Check a website with HTTPS
python3 iris.py https://example.com
# Check a website without protocol (defaults to HTTP)
python3 iris.py example.com
๐ Sample Output
โญโโโโโโโโโโโ Iris โโโโโโโโโโโโโฎ
โ ๐ Security Headers Checker โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโ
โ Header โ Status โ Value / Notes โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ Content-Security-Policy โ Missing โ โ
โ X-Content-Type-Options โ Missing โ โ
โ X-Frame-Options โ Missing โ โ
โ X-XSS-Protection โ Missing โ โ
โ Strict-Transport-Security โ Missing โ โ
โ Referrer-Policy โ Missing โ โ
โ Feature-Policy โ Missing โ โ
โ Permissions-Policy โ Missing โ โ
โ Expect-CT โ Missing โ โ
โ Cache-Control โ Present โ public, max-age=0 โ
โ Pragma โ Missing โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโ
โญโโโโโโโโโโโโโโโโโโโโโโโโ Payload Generated โโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Clickjacking payload automatically created โ
โ because <target> vulnerable: clickjack_testing.html โ
โ โ
โ Open it in a browser to test. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Security headers check completed. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
๐ง Configuration
SSL Certificate Issues
The tool automatically bypasses SSL certificate verification to work with sites having certificate problems. This is intended for security testing purposes only.
๐ Generated Files
When X-Frame-Options header is missing, the tool automatically creates:
clickjacking_payload.html- HTML file for testing clickjacking vulnerabilities
โ ๏ธ Security Notice
This tool is designed for:
- Authorized security testing on your own websites
- Educational purposes and learning about web security
- Compliance auditing of web applications
Important: Only use this tool on websites you own or have explicit permission to test.
๐ ๏ธ Requirements
See requirements.txt for the complete list of dependencies:
- requests >= 2.28.0
- rich >= 13.0.0
- urllib3 >= 1.26.0
- colorama >= 0.4.4
๐ค Contributing
Contributions are welcome! Please feel free to submit a Pull Request. For major changes, please open an issue first to discuss what you would like to change.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
๐ License
This project is licensed under the MIT License - see the LICENSE file for details.
๏ฟฝ๏ฟฝ Related Projects
โญ If you found this tool helpful, please give it a star!
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file iris_tod-1.0.tar.gz.
File metadata
- Download URL: iris_tod-1.0.tar.gz
- Upload date:
- Size: 4.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b4730fd0372dbbe4fabaeb4b2f894a19dd10fcbc792c5e3ad001d70fd0e0335a
|
|
| MD5 |
d88e5db4d640700b157e7a7c66d8504f
|
|
| BLAKE2b-256 |
4043e801ce36504c31c653f9f1674283c315ab3a92c29a428fd167aef0946fa7
|
File details
Details for the file iris_tod-1.0-py3-none-any.whl.
File metadata
- Download URL: iris_tod-1.0-py3-none-any.whl
- Upload date:
- Size: 3.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d7c3628f02d836b2d445fee86050034cbd18d7527a05e81319c2c6eca928dd65
|
|
| MD5 |
fffa1b97a7775fbe271f8978ab83adbf
|
|
| BLAKE2b-256 |
93cee6d60b14c79faf825ea432475b67ad84ca37dc05f2857273338c05257f25
|
