1+ #!/usr/bin/env python3
2+ import requests
3+ import json
4+ import os
5+ import argparse
6+ from typing import Dict , List , Tuple
7+ from openai import OpenAI
8+ 9+ class SecurityHeadersAnalyzer :
10+ def __init__ (self , api_key : str = None , base_url : str = None , model : str = None ):
11+ self .api_key = api_key or os .getenv ('OPENROUTER_API_KEY' ) or os .getenv ('OPENAI_API_KEY' )
12+ self .base_url = base_url or os .getenv ('OPENROUTER_BASE_URL' , 'https://openrouter.ai/api/v1' )
13+ self .model = model or os .getenv ('LLM_MODEL' , 'deepseek/deepseek-chat-v3.1:free' )
14+ 15+ if not self .api_key :
16+ raise ValueError ("API key is required. Set OPENROUTER_API_KEY or provide --api-key" )
17+ 18+ self .client = OpenAI (base_url = self .base_url , api_key = self .api_key )
19+ 20+ def fetch_headers (self , url : str , timeout : int = 10 ) -> Tuple [Dict [str , str ], int ]:
21+ """Fetch HTTP headers from URL"""
22+ if not url .startswith (('http://' , 'https://' )):
23+ url = 'https://' + url
24+ 25+ try :
26+ response = requests .get (url , timeout = timeout , allow_redirects = True )
27+ return dict (response .headers ), response .status_code
28+ except requests .exceptions .RequestException as e :
29+ print (f"Error fetching { url } { e } )
30+ return {}, 0
31+ 32+ def analyze_headers (self , url : str , headers : Dict [str , str ], status_code : int ) -> str :
33+ """Analyze headers using LLM"""
34+ prompt = f"""Analyze the HTTP security headers for { url } { status_code }
35+
36+ Headers:
37+ { json .dumps (headers , indent = 2 )}
38+
39+ Provide a comprehensive security analysis including:
40+ 1. Security score (0-100) and overall assessment
41+ 2. Critical security issues that need immediate attention
42+ 3. Missing important security headers
43+ 4. Analysis of existing security headers and their effectiveness
44+ 5. Specific recommendations for improvement
45+ 6. Potential security risks based on current configuration
46+
47+ Focus on practical, actionable advice following current web security best practices. Please do not include ** and #
48+ in the response except for specific references where necessary. use numbers, romans, alphabets instead Format the response well please. """
49+ 50+ try :
51+ completion = self .client .chat .completions .create (
52+ model = self .model ,
53+ messages = [{"role" : "user" , "content" : prompt }],
54+ temperature = 0.2
55+ )
56+ return completion .choices [0 ].message .content
57+ except Exception as e :
58+ return f"Analysis failed: { e }
59+ 60+ def analyze_url (self , url : str , timeout : int = 10 ) -> Dict :
61+ """Analyze a single URL"""
62+ print (f"\n Analyzing: { url } )
63+ print ("-" * 50 )
64+ 65+ headers , status_code = self .fetch_headers (url , timeout )
66+ if not headers :
67+ return {"url" : url , "error" : "Failed to fetch headers" }
68+ 69+ print (f"Status Code: { status_code } )
70+ print (f"\n HTTP Headers ({ len (headers )} )
71+ print ("-" * 30 )
72+ for key , value in headers .items ():
73+ print (f"{ key } { value } )
74+ 75+ print (f"\n Analyzing with AI..." )
76+ analysis = self .analyze_headers (url , headers , status_code )
77+ 78+ print ("\n SECURITY ANALYSIS" )
79+ print ("=" * 50 )
80+ print (analysis )
81+ 82+ return {
83+ "url" : url ,
84+ "status_code" : status_code ,
85+ "headers_count" : len (headers ),
86+ "analysis" : analysis ,
87+ "raw_headers" : headers
88+ }
89+ 90+ def analyze_multiple_urls (self , urls : List [str ], timeout : int = 10 ) -> List [Dict ]:
91+ """Analyze multiple URLs"""
92+ results = []
93+ for i , url in enumerate (urls , 1 ):
94+ print (f"\n [{ i } { len (urls )} )
95+ result = self .analyze_url (url , timeout )
96+ results .append (result )
97+ return results
98+ 99+ def export_results (self , results : List [Dict ], filename : str ):
100+ """Export results to JSON"""
101+ with open (filename , 'w' ) as f :
102+ json .dump (results , f , indent = 2 , ensure_ascii = False )
103+ print (f"\n Results exported to: { filename } )
104+ 105+ def main ():
106+ parser = argparse .ArgumentParser (
107+ description = 'Analyze HTTP security headers using AI' ,
108+ formatter_class = argparse .RawDescriptionHelpFormatter ,
109+ epilog = '''Examples:
110+ python security_headers.py https://example.com
111+ python security_headers.py example.com google.com
112+ python security_headers.py example.com --export results.json
113+
114+ Environment Variables:
115+ OPENROUTER_API_KEY - API key for OpenRouter
116+ OPENAI_API_KEY - API key for OpenAI
117+ LLM_MODEL - Model to use (default: deepseek/deepseek-chat-v3.1:free)'''
118+ )
119+ 120+ parser .add_argument ('urls' , nargs = '+' , help = 'URLs to analyze' )
121+ parser .add_argument ('--api-key' , help = 'API key for LLM service' )
122+ parser .add_argument ('--base-url' , help = 'Base URL for LLM API' )
123+ parser .add_argument ('--model' , help = 'LLM model to use' )
124+ parser .add_argument ('--timeout' , type = int , default = 10 , help = 'Request timeout (default: 10s)' )
125+ parser .add_argument ('--export' , help = 'Export results to JSON file' )
126+ 127+ args = parser .parse_args ()
128+ 129+ try :
130+ analyzer = SecurityHeadersAnalyzer (
131+ api_key = args .api_key ,
132+ base_url = args .base_url ,
133+ model = args .model
134+ )
135+ 136+ results = analyzer .analyze_multiple_urls (args .urls , args .timeout )
137+ 138+ if args .export :
139+ analyzer .export_results (results , args .export )
140+ 141+ except ValueError as e :
142+ print (f"Error: { e } )
143+ return 1
144+ except KeyboardInterrupt :
145+ print ("\n Analysis interrupted by user" )
146+ return 1
147+ 148+ if __name__ == '__main__' :
149+ main ()
0 commit comments