Hey Folks, today we are going to discuss another bug bounty tool named “Shcheck“. The tool is built to test whether major security is implemented in the web application or not. It simply sends a request to the server via the GET method and in response it receives all the sensitive information traveling in the header.

Let’s take a look 🙂 !!

Install Requirements

To operate this tool we have to configure the Python utility as we know it is built in Python language. Let’s configure it by using the following command.

COOL 🙂 !! Now this tool can be easily downloaded and configured on any system by just executing the following command.

Easy 🙂 !! All done so now we can operate this tool from anywhere in kali linux terminal.

Check Security Headers

We just need to enter the name of the domain we want to check and it will grab all the header information and present it on the terminal in front of us. As you can see it told us that this website has only 5 security headers and others are missing. Useful 😛 !!

Usage 🙂 !! shcheck.py < target / domain >

Change Method

Sometimes web application has restricted specific methods so we can choose any method according to us which is not restricted and can get information easily.

Usage 🙂 !! shcheck.py < target / domain > < method >

Display Header Infomration

You can also get information about headers using the “-i” parameter.

Usage 🙂 !! shcheck.py < target / domain > < -i >

Done 🙂 !! As you must have seen how useful this tool is while hunting on web applications.

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.

Leave a Reply

Your email address will not be published.