-
Notifications
You must be signed in to change notification settings - Fork 29
/
Test-HttpSecurity.ps1
110 lines (99 loc) · 4.64 KB
/
Test-HttpSecurity.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<#
.SYNOPSIS
Scan sites using Mozilla's Observatory.
.INPUTS
System.String containing a URL host to check.
.OUTPUTS
System.Management.Automation.PSObject containing scan results.
.LINK
Invoke-RestMethod
.LINK
https://observatory.mozilla.org/
.EXAMPLE
Test-HttpSecurity.ps1 www.example.net -Public
end_time : Thu, 22 Dec 2016 00:09:31 GMT
grade : F
hidden : False
likelihood_indicator : MEDIUM
response_headers : @{Accept-Ranges=bytes; Cache-Control=max-age=604800; Content-Encoding=gzip;
Content-Length=606; Content-Type=text/html; Date=Thu, 22 Dec 2016 00:09:31 GMT;
Etag="359670651+gzip"; Expires=Thu, 29 Dec 2016 00:09:31 GMT; Last-Modified=Fri, 09 Aug
2013 23:54:35 GMT; Server=ECS (sjc/4E3B); Vary=Accept-Encoding; X-Cache=HIT;
x-ec-custom-error=1}
scan_id : 2899791
score : 0
start_time : Thu, 22 Dec 2016 00:09:29 GMT
state : FINISHED
tests_failed : 6
tests_passed : 6
tests_quantity : 12
results : https://http-observatory.security.mozilla.org/api/v1/getScanResults?scan=2899791
host : www.example.net
.EXAMPLE
Test-HttpSecurity.ps1 www.example.com -IncludeResults
end_time : Thu, 22 Dec 2016 16:17:17 GMT
grade : F
hidden : True
likelihood_indicator : MEDIUM
response_headers : @{Accept-Ranges=bytes; Cache-Control=max-age=604800; Content-Encoding=gzip;
Content-Length=606; Content-Type=text/html; Date=Thu, 22 Dec 2016 16:17:17 GMT;
Etag="359670651+gzip"; Expires=Thu, 29 Dec 2016 16:17:17 GMT; Last-Modified=Fri, 09 Aug
2013 23:54:35 GMT; Server=ECS (sjc/4E5C); Vary=Accept-Encoding; X-Cache=HIT;
x-ec-custom-error=1}
scan_id : 2903851
score : 0
start_time : Thu, 22 Dec 2016 16:17:16 GMT
state : FINISHED
tests_failed : 6
tests_passed : 6
tests_quantity : 12
results : @{content-security-policy=; contribute=; cookies=; cross-origin-resource-sharing=;
public-key-pinning=; redirection=; referrer-policy=; strict-transport-security=;
subresource-integrity=; x-content-type-options=; x-frame-options=; x-xss-protection=}
host : www.example.com
#>
#Requires -Version 3
[CmdletBinding()][OutputType([psobject])] Param(
# Hostnames to scan, e.g. www.example.org
[Parameter(Position=0,Mandatory=$true,ValueFromPipeline=$true)][string[]]$Hosts,
# Indicates a new scan should be performed, rather than returning a cached one.
[Alias('Rescan')][switch]$Force,
<#
Indicates the scan results may be posted publically.
By default, scans are unlisted.
#>
[switch]$Public,
# Indicates the detailed scan results should be fetched rather than simply providing a URL for them.
[Alias('Details','Results','FetchResults')][switch]$IncludeResults,
# The number of milliseconds to wait between polling the hostnames for scan completion.
[int]$PollingInterval = 1753,
# The address of the Observatory web service.
[Uri]$Endpoint = 'https://http-observatory.security.mozilla.org/api/v1'
)
Process
{
$scan = @{}
Write-Progress 'Mozilla Observatory Scan' 'Initiating scans'
$i,$max = 0,($Hosts.Count/99.99)
$Hosts |ForEach-Object {
Write-Progress 'Mozilla Observatory Scan' 'Initiating scans' -CurrentOperation $_ -PercentComplete ($i++/$max)
$scan.Add($_,(Invoke-RestMethod "$Endpoint/analyze?host=$_" -Body @{hidden=!$Public;rescan=$Force} -Method Post))
}
while([string[]]$pending = $scan.Keys |Where-Object {$scan.$_.state -like '*ING' -or
!(Get-Member state -InputObject $scan.$_ -MemberType Properties)})
{
Write-Progress 'Mozilla Observatory Scan' "Waiting $PollingInterval ms" -PercentComplete ($pending.Count/$max)
Start-Sleep -Milliseconds $PollingInterval
$pending |ForEach-Object {
Write-Progress 'Mozilla Observatory Scan' "Checking $_" -PercentComplete ($pending.Count/$max)
$scan.$_ = Invoke-RestMethod "$Endpoint/analyze?host=$_"
}
}
Write-Progress 'Mozilla Observatory Scan' -Completed
$scan.Keys |ForEach-Object {
$results = "$Endpoint/getScanResults?scan=$($scan.$_.scan_id)"
if($IncludeResults) {$results = Invoke-RestMethod $results}
Add-Member results $results -InputObject $scan.$_
Add-Member host $_ -InputObject $scan.$_ -PassThru
}
}