Shcheck – Tool to Check Security Headers in Kali Linux

We know that modern browsers such as chrome and others support many HTTP headers that can improve web application security to protect against clickjacking, cross-site scripting, and other common attacks.  Shcheck is a free and open-source tool available on GitHub.  Shcheck is used to check whether a security feature in a web application is implemented or not. It is based upon the technique of sending the request to the server via the GET method and in response, it receives all the sensitive information traveling in the header. HTTP security headers are a subset of HTTP headers and are exchanged between a web client (usually a browser) and a server to specify the security-related details of HTTP communication. Some HTTP headers that are indirectly related to privacy and security can also be considered HTTP security headers. By enabling suitable headers in web applications and web server settings, you can improve the resilience of your web application against many common attacks, including cross-site scripting (XSS) and clickjacking.

Installation 

Step 1: Open your Kali Linux operating system and install dependencies using the following command. Install the tool using the second command.

apt install python3 python3-pip
pip3 install shcheck

Step 2: The tool has been downloaded. Use the following command to run the tool.

shcheck.py -h

The tool is running successfully. Now, let’s see an example of using the tool.

Example 1: Use the shcheck tool to scan the header of a domain.

shcheck.py <domain-name>

Similarly, you can test your own domain using this command.

Example 2: Use the shcheck tool to scan the header of a domain with get method.

shcheck.py <domain-name>-g

Example 3: Use the shcheck tool to get information about headers using the “-i” parameter.

shcheck.py <domain-name> -i