kisom/example.txt

## example.txt
<monalisa: ~> $ has_hsts.py duckduckgo.com google.com search.google.com conformal.com yahoo.com lobste.rs news.ycombinator.com reddit.com
[+] checking whether duckduckgo.com supports HSTS... no
[+] checking whether google.com supports HSTS... no
[+] checking whether search.google.com supports HSTS... no
[+] checking whether conformal.com supports HSTS... yes
[+] checking whether yahoo.com supports HSTS... no
[+] checking whether lobste.rs supports HSTS... yes
[+] checking whether news.ycombinator.com supports HSTS... no
[+] checking whether reddit.com supports HSTS... doesn't have SSL working properly (hostname 'reddit.com' doesn't match either of 'a248.e.akamai.net', '*.akamaihd.net', '*.akamaihd-staging.net')

## has_hsts.py
#!/usr/bin/env python
"""
Determine whether a website supports HSTS.
"""

import requests
import sys


def has_hsts(site):
    """
    Connect to target site and check its headers."
    """
    try:
        req = requests.get('https://' + site)
    except requests.exceptions.SSLError as error:
        print "doesn't have SSL working properly (%s)" % (error, )
        return False
    if 'strict-transport-security' in req.headers:
        print "yes"
        return True
    else:
        print "no"
        return False


def main(site):
    """
    Main functionality.
    """
    print '[+] checking whether %s supports HSTS...' % (site, ),
    return has_hsts(site)


if __name__ == '__main__':
    if len(sys.argv) < 2:
        print 'usage: %s [domains to check]' % (sys.argv[1], )
        exit(1)

    for domain in sys.argv[1:]:
        main(domain)

    exit(0)
	<monalisa: ~> $ has_hsts.py duckduckgo.com google.com search.google.com conformal.com yahoo.com lobste.rs news.ycombinator.com reddit.com
	[+] checking whether duckduckgo.com supports HSTS... no
	[+] checking whether google.com supports HSTS... no
	[+] checking whether search.google.com supports HSTS... no
	[+] checking whether conformal.com supports HSTS... yes
	[+] checking whether yahoo.com supports HSTS... no
	[+] checking whether lobste.rs supports HSTS... yes
	[+] checking whether news.ycombinator.com supports HSTS... no
	[+] checking whether reddit.com supports HSTS... doesn't have SSL working properly (hostname 'reddit.com' doesn't match either of 'a248.e.akamai.net', '.akamaihd.net', '.akamaihd-staging.net')
	#!/usr/bin/env python
	"""
	Determine whether a website supports HSTS.
	"""

	import requests
	import sys


	def has_hsts(site):
	"""
	Connect to target site and check its headers."
	"""
	try:
	req = requests.get('https://' + site)
	except requests.exceptions.SSLError as error:
	print "doesn't have SSL working properly (%s)" % (error, )
	return False
	if 'strict-transport-security' in req.headers:
	print "yes"
	return True
	else:
	print "no"
	return False


	def main(site):
	"""
	Main functionality.
	"""
	print '[+] checking whether %s supports HSTS...' % (site, ),
	return has_hsts(site)


	if __name__ == '__main__':
	if len(sys.argv) < 2:
	print 'usage: %s [domains to check]' % (sys.argv[1], )
	exit(1)

	for domain in sys.argv[1:]:
	main(domain)

	exit(0)