Created
August 6, 2012 19:17
-
-
Save kisom/3277707 to your computer and use it in GitHub Desktop.
Go commandline utility to determine whether a site supports HSTS.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DOES_HSTS | |
| ========= | |
| This is a very simple Go command line utility that, given a list of sites | |
| to check, will determine whether those sites support HSTS [1]. | |
| Example usage: | |
| <monalisa: ~> $ does_hsts conformal.com google.com reddit.com | |
| [+] checking whether conformal.com supports HSTS: ok | |
| [+] checking whether google.com supports HSTS: not supported | |
| [+] checking whether reddit.com supports HSTS: SSL failure! | |
| Installing: | |
| does_hsts requires the go compiler to be installed. See the Go language | |
| website's instructions [2] for installation. To build, run 'make'; | |
| installation defaults to /usr/local/bin and can be installed with | |
| 'make install'. The PREFIX environment variable can be used to change | |
| the installation directory: 'PREFIX=${HOME} make install' would install | |
| to ${HOME}/bin. | |
| [1] https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security | |
| [2] http://golang.org/doc/install |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "net/http" | |
| "os" | |
| ) | |
| const ( | |
| SSLerror = iota | |
| HSTSyes | |
| HSTSno | |
| ) | |
| // check_site expects a host and prepends 'https://' onto it to create | |
| // an HTTPS url. A GET request is performed on this URL, and the | |
| // returned headers are checked for the HSTS header. | |
| func Check (site string) int { | |
| res := HSTSno | |
| url := "https://" + site | |
| resp, err := http.Get(url) | |
| if err != nil { | |
| return SSLerror | |
| } else { | |
| defer resp.Body.Close() | |
| } | |
| _, ok := resp.Header["Strict-Transport-Security"] | |
| if ok { | |
| res = HSTSyes | |
| } | |
| return res | |
| } | |
| func main () { | |
| for _, site := range os.Args[1:] { | |
| fmt.Printf("[+] checking whether %v supports HSTS: ", site) | |
| switch res := Check(site) ; res { | |
| case SSLerror: fmt.Println("SSL failure!") | |
| case HSTSno: fmt.Println("not supported") | |
| case HSTSyes: fmt.Println("ok") | |
| default: fmt.Println("oh god there was so much blood") | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TARGET := does_hsts | |
| PREFIX ?= /usr/local | |
| all: $(TARGET) | |
| $(TARGET): $(TARGET).go | |
| go build -o $(TARGET) | |
| clean: | |
| rm $(TARGET) | |
| install: $(TARGET) | |
| install -m 0755 -d $(PREFIX)/bin | |
| install -m 0755 $(TARGET) $(PREFIX)/bin/$(TARGET) | |
| uninstall: | |
| -rm -f $(PREFIX)/bin/$(TARGET) | |
| .PHONY: clean all | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment