Shcheck – A Tool to Check Security Headers

[lordth0nc]

Hey Folks, today we are going to discuss another bug bounty tool named “Shcheck“. The tool is built to test whether major security is implemented in the web application or not. It simply sends a request to the server via the GET method and in response it receives all the sensitive information traveling in the header.

Let’s take a look !!

Install Requirements

To operate this tool we have to configure the Python utility as we know it is built in Python language. Let’s configure it by using the following command.

apt install python3 python3-pip1apt install python3 python3-pip

COOL !! Now this tool can be easily downloaded and configured on any system by just executing the following command.

pip3 install shcheck1pip3 install shcheck

Easy !! All done so now we can operate this tool from anywhere in kali linux terminal.

shcheck.py -h1shcheck.py-h

Check Security Headers

We just need to enter the name of the domain we want to check and it will grab all the header information and present it on the terminal in front of us. As you can see it told us that this website has only 5 security headers and others are missing. Useful !!

Usage !! shcheck.py < target / domain >

Change Method

Sometimes web application has restricted specific methods so we can choose any method according to us which is not restricted and can get information easily.

Usage !! shcheck.py < target / domain > < method >

Display Header Infomration

You can also get information about headers using the “-i” parameter.

Usage !! shcheck.py < target / domain > < -i >

Done !! As you must have seen how useful this tool is while hunting on web applications.

About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.