Check the HTTP security headers and SSL certificate details of a website from the command line in one command.
Scan a site for mixed content issues, web application firewalls, and SSL protocol strength.
Enumerate subdomains of a target domain during a security audit.
Test whether a server supports HTTP/2 and which SSL ciphers it accepts.
| trimstray/htrace.sh | medicean/vulapps | jonmosco/kube-ps1 | |
|---|---|---|---|
| Stars | 3,854 | 3,785 | 3,783 |
| Language | Shell | Shell | Shell |
| Setup difficulty | easy | moderate | easy |
| Complexity | 2/5 | 2/5 | 1/5 |
| Audience | ops devops | researcher | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Docker image available for cleanest setup, native install requires external tool dependencies on Debian/Ubuntu/macOS.
htrace.sh is a command-line tool for diagnosing and inspecting websites, specifically how they respond over HTTP and HTTPS. You give it a URL and it tells you what the server is doing: what headers it sends back, whether it redirects you, what SSL certificate details it has, and what the response body looks like. It is aimed at developers and system administrators who want a fast, all-in-one way to check a website without opening a browser or writing custom scripts. Beyond basic inspection, the tool ties into several well-known external security scanners. You can run SSL protocol and cipher tests, check Mozilla's security header grader, scan for mixed content issues, probe with network scanning scripts, detect web application firewalls, enumerate subdomains, and test HTTP/2 support. Each of these is available as a separate flag, or you can run all scans at once with a single option. Installation is done by cloning the repository and running a setup script. The tool also comes with a Docker image if you prefer not to install dependencies on your local machine. It runs on Debian, Ubuntu, and macOS, though the README recommends using the Docker image for the cleanest experience since the external tools have their own dependencies. The license is GPLv3, meaning it is free to use and modify. The project has a wiki for more detailed documentation, and the tool itself includes a built-in examples flag that shows common usage patterns right in the terminal.
A command-line shell tool for inspecting websites, checking HTTP headers, SSL certificates, redirects, and security scores, with optional integration into external scanners like SSL Labs and nmap.
Mainly Shell. The stack also includes Bash, Shell, Docker.
Free to use and modify, but any software you distribute that includes this code must also be released under GPL v3.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.