htrace.sh v1.0.9 Releases: Debugging "http/https Traffic Tracing and Response Headers"

htrace.sh

Simple shell script to debugging http/https traffic tracing and response headers. Support external security tools: Mozilla Observatory and SSL Labs API.

It is useful for:

• checking properly domain configuration (web servers/reverse proxies)
• displaying basic HTTP information including URLs, GeoIP, status codes and protocol info
• checking HTTP request latency (time_connect and time_total)
• redirects analysis (and follows it), e.g. to eliminate redirect loops
• viewing and analyzing response headers for each request
• checking basic ssl configuration
  • validation of the certificates (e.g. date, cn, san) and verification ssl connection
• scanning domain for Mixed Content
• scanning domain using Nmap NSE Library (34 scripts)
• scanning domain with external security tools: Mozilla Observatory and SSL Labs API

Install

Requirements

• GNU/Linux (testing on Debian and CentOS)
• Bash (testing on 4.4.19)
• Curl with specific variables support (≥ 7.52.0)
• OpenSSL
• Mozilla Observatory
• Ssllabs

Download

• symlink to bin/htrace.sh is placed in /usr/local/bin
• man page is placed in /usr/local/man/man8

External tools

htrace.sh support external tools for security scans:

• Mozilla Observatory – CLI version of observatory.mozilla.org

• Ssllabs – command-line reference-implementation client for SSL Labs APIs

Use

Usage: htrace.sh <option|long-option> Examples: htrace.sh --domain https://example.com Options: --help show this message -d|--domain <domain_name> set domain name -h|--headers show response headers -s|--scan <all|observatory|ssllabs> scan domain with external security tools

Tutorial

Copyright (C) 2018 trimstray

Source: https://github.com/trimstray/

Also Read: Now is the Time for Companies to Take a Fresh Approach to Protect Their data