DAST Security Helpers
Project description
Sec-helpers
Collection of dynamic security related helpers (DAST).
Sec-helpers is a bundle of useful tests and validators to ensure the security of a given domain.
Usage
- Install package
pip install sec-helpers: https://pypi.org/project/sec-helpers - Copy and change the following to run all the tests:
import sec_helpers domain: str = 'vwt-digital.github.io' # {domain}.{tld} sec_helpers.CorsPolicy(domain=domain) sec_helpers.HighTls(domain=domain, slide=False) # Slide is False by default sec_helpers.Hsts(domain=domain, age=10368000) # Age is 10368000 by default sec_helpers.NoHttp(domain=domain) sec_helpers.NoSsl(domain=domain)
Do you want all the sec-helpers ready in a container? Configure cloudbuilders-dast.
Exception
'NoSsl' requires and OpenSSL version with SSLv3 enabled. Check this Dockerfile and can be run using the following:
sec_helpers.NoSsl(domain={domain}.{tld}), but will result in exit code 0 when the wrong openssl version is present.
Helpers
NoHttp
Ensures domain redirects on http (and checks if https is active to not pass on incorrect domain)
Hsts
Ensures that the Strict-Transport-Security header on the domain is higher than 10368000
HighTls
Ensures that TLS versions on domain are inline with Mozilla's recommended configurations
NoSsl
Ensures that no SSL version is used.
CorsPolicy
Ensures that Allowed Origins are specified.
Examples
sec_helpers.HighTls({domain}.com)
-------
Protocol: TLSv1.3
Should be active: True
Wrong configuration
-------
Protocol: TLSv1.2
Should be active: True
Connected with: TLSv1.2
Using cipher: ('{cipher_info}', 'TLSv1.2', 128)
-------
Protocol: TLSv1
Should be active: False
-------
Protocol: TLSv1.1
Should be active: False
Connected with: TLSv1.1
Using cipher: ('{cipher_info}', 'TLSv1.0', 128)
Wrong configuration
Test on {domain}.com failed
TLSv1.3 is not active on domain: HighTls will fail. TLSv1.1 is active on domain: HighTls will fail.
sec_helpers.NoHttp({domain}.com)
Starting GET request to http://{domain}.com
GET request to http://{domain}.com returned status 302
Starting GET request to https://{domain}.com
GET request to https://{domain}.com returned status 200
Successful http status check: http is disabled or redirects to https
Http request returned 302 Found redirect. Https returned 200. NoHttp passed.
sec_helpers.Hsts({domain}.com)
Starting GET request to http://{domain}.com
Strict-Transport-Security header on https://{domain}.com returned max-age=31536000
Successful HSTS status check
Strict Transport Security header found, with max age 31536000. Hsts passed.
sec_helpers.CorsPolicy({domain}.com)
Failing policy test: No Allowed Origins Specified
No allowed origins specified. CorsPolicy failed.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for sec_helpers-0.3.3-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9c4798c4aae7501aeb2593d1493745e3a3ffed4b2ebf8f3ba60f25f975821991 |
|
| MD5 | 2b465f1457379bf1bab5c48c2fdec5c4 |
|
| BLAKE2-256 | a89e5c3033b39e45d5078818e250af61508f8ed6e9aa4a74e7a4a8a2a3d1ce98 |