docs: fix broken -all example and document -sh

- the readme headline used -all, which isn't a real flag (goflags fatals
  on unknown flags), so the three -all examples now use actual flags
- document the new -sh security-header scan in the readme table, usage.md
  and scans.md, and fix the -headers section (it dumps headers; -sh grades
  them)
- bump the documented go version 1.23 -> 1.25 to match go.mod

README.md

@@ -24,7 +24,7 @@
 sif is a modular pentesting toolkit written in go. it's designed to be fast, concurrent, and extensible. run multiple scan types against targets with a single command.
 
 ```bash
-./sif -u https://example.com -all
+./sif -u https://example.com -headers -sh -cms -framework -git
 ```
 
 ## install
@@ -56,7 +56,7 @@ environment.systemPackages = [ pkgs.sif ];
 nix profile install nixpkgs#sif
 
 # or just run it without installing
-nix run nixpkgs#sif -- -u https://example.com -all
+nix run nixpkgs#sif -- -u https://example.com -headers -sh -framework
 ```
 
 the repo also ships a flake if you want to build from source:
@@ -125,8 +125,8 @@ makepkg -si
 # framework detection (with cve lookup)
 ./sif -u https://example.com -framework
 
-# everything
-./sif -u https://example.com -all
+# a broad sweep
+./sif -u https://example.com -dirlist small -dnslist small -ports common -headers -sh -cms -framework -git -whois
 ```
 
 run `./sif -h` for all options.
@@ -147,6 +147,7 @@ sif has a modular architecture. modules are defined in yaml and can be extended
 | `-js` | javascript analysis |
 | `-c3` | cloud storage misconfiguration |
 | `-headers` | http header analysis |
+| `-sh` | security header analysis (missing/weak headers) |
 | `-st` | subdomain takeover detection |
 | `-cms` | cms detection |
 | `-whois` | whois lookups |

docs/development.md

@@ -4,7 +4,7 @@ setting up a development environment for sif.
 
 ## prerequisites
 
-- go 1.23 or later
+- go 1.25 or later
 - git
 - make
 
@@ -28,8 +28,7 @@ sif/
 │   ├── logger/       # logging utilities
 │   ├── modules/      # module system
 │   ├── scan/         # built-in scans
-│   ├── styles/       # terminal styling
-│   └── worker/       # worker pool
+│   └── styles/       # terminal styling
 ├── modules/          # built-in yaml modules
 │   ├── http/         # http-based modules
 │   ├── info/         # information gathering

docs/installation.md

@@ -36,7 +36,7 @@ download `sif-windows-amd64.exe` from releases and add to your PATH.
 
 ## from source
 
-requires go 1.23+
+requires go 1.25+
 
 ```bash
 git clone https://github.com/dropalldatabases/sif.git

docs/scans.md

@@ -98,16 +98,27 @@ analyzes javascript files for security issues.
 
 ## http headers (-headers)
 
-analyzes security headers.
+dumps the target's response headers.
+
+## security headers (-sh)
+
+flags missing or weak security headers and headers that leak server internals.
 
 ### checks
 
+- strict-transport-security (https only)
 - content-security-policy
 - x-frame-options
-- x-content-type-options
-- strict-transport-security
-- x-xss-protection
+- x-content-type-options (expects nosniff)
+- referrer-policy
 - permissions-policy
+- cross-origin-opener-policy
+
+### flagged as disclosure
+
+- server
+- x-powered-by
+- x-aspnet-version / x-aspnetmvc-version
 
 ## cms detection (-cms)
 

docs/usage.md

@@ -95,12 +95,20 @@ scopes: `common` (top ports), `full` (all ports)
 
 ### http headers
 
-`-headers` - analyze security headers
+`-headers` - dump the target's response headers
 
 ```bash
 ./sif -u https://example.com -headers
 ```
 
+### security headers
+
+`-sh` - flag missing/weak security headers (hsts, csp, x-frame-options, ...) and headers that leak server internals
+
+```bash
+./sif -u https://example.com -sh
+```
+
 ### cloud storage
 
 `-c3` - check for cloud storage misconfigurations