Hey Folks, today we are going to discuss another bug bounty tool named “Shcheck“. The tool is built to test whether major security is implemented in the web application or not. It simply sends a request to the server via the GET method and in response it receives all the sensitive information traveling in the header.
Let’s take a look 🙂 !!
Install Requirements
To operate this tool we have to configure the Python utility as we know it is built in Python language. Let’s configure it by using the following command.
1 | apt install python3 python3-pip |
COOL 🙂 !! Now this tool can be easily downloaded and configured on any system by just executing the following command.
1 | pip3 install shcheck |
Easy 🙂 !! All done so now we can operate this tool from anywhere in kali linux terminal.
1 | shcheck.py -h |
Check Security Headers
We just need to enter the name of the domain we want to check and it will grab all the header information and present it on the terminal in front of us. As you can see it told us that this website has only 5 security headers and others are missing. Useful 😛 !!
Usage 🙂 !! shcheck.py < target / domain >
Change Method
Sometimes web application has restricted specific methods so we can choose any method according to us which is not restricted and can get information easily.
Usage 🙂 !! shcheck.py < target / domain > < method >
Display Header Infomration
You can also get information about headers using the “-i” parameter.
Usage 🙂 !! shcheck.py < target / domain > < -i >
Done 🙂 !! As you must have seen how useful this tool is while hunting on web applications.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.