Kafka HTTP Scanner

An advanced HTTP security vulnerability scanner that detects a wide range of web application vulnerabilities.

Features

Comprehensive Vulnerability Detection: Identifies HTTP smuggling, XSS, SQL injection, and many other vulnerabilities.
Modular Architecture: Easy to extend with new vulnerability checks.
Concurrent Scanning: Fast multi-threaded testing.
Multiple Output Formats: Results in text, JSON, or YAML.
Detailed Remediation: Provides actionable fixes for discovered vulnerabilities.
Production-Ready: Robust error handling and retry mechanisms.

Installation

From Source

git clone https://github.com/aymaneallaoui/go-http-scanner.git
cd go-http-scanner

go build -o httpscan

sudo mv httpscan /usr/local/bin/

Supported modules

Module	Description	Severity
HeaderSecurity	Checks for missing or insecure HTTP security headers.	Medium
HttpSmuggling	Detects HTTP request smuggling vulnerabilities.	High
SSLTLSSecurity	Checks for SSL/TLS security issues like outdated protocols and weak ciphers.	High
ContentSecurity	Checks for content security issues like MIME type confusion.	Medium
HTTPMethods	Checks for support of dangerous HTTP methods.	Medium
ServerInfoLeakage	Checks for server information leakage.	Low
XSSVulnerability	Checks for Cross-Site Scripting vulnerabilities.	High
SQLInjection	Checks for SQL injection vulnerabilities.	High
DirectoryTraversal	Checks for directory traversal vulnerabilities.	High
HostHeaderAttack	Checks for host header attack vulnerabilities.	Medium
CORSMisconfiguration	Checks for CORS misconfigurations.	Medium
CacheAttack	Checks for web cache poisoning vulnerabilities.	Medium
WebCacheDeception	Checks for web cache deception vulnerabilities.	Medium
OpenRedirect	Checks for open redirect vulnerabilities.	Medium
Clickjacking	Checks for clickjacking vulnerabilities.	Medium
CookieSecurity	Checks for cookie security issues.	Medium

Example Configuration File (configs/default.yaml)

timeout: 10
max_retries: 3
concurrency: 5
follow_redirects: true
skip_ssl_verify: false
output_format: text
log_level: info
enabled_modules:
  - HeaderSecurity
  - HttpSmuggling
  - SSLTLSSecurity
disabled_modules:
  - ServerInfoLeakage

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
.github/workflows		.github/workflows
.vscode		.vscode
cmd		cmd
configs		configs
docs/image		docs/image
internal		internal
pkg/utils		pkg/utils
tests		tests
.goreleaser.yml		.goreleaser.yml
Dockerfile		Dockerfile
LICENCE		LICENCE
Makefile		Makefile
README.md		README.md
go.mod		go.mod
go.sum		go.sum
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Kafka HTTP Scanner

Features

Installation

From Source

Supported modules

Example Configuration File (configs/default.yaml)

About

Uh oh!

Releases 2

Packages

Uh oh!

Languages

License

aymaneallaoui/kafka-http-scanner

Folders and files

Latest commit

History

Repository files navigation

Kafka HTTP Scanner

Features

Installation

From Source

Supported modules

Example Configuration File (configs/default.yaml)

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 2

Packages 0

Uh oh!

Languages

Packages