gitea-mirror/sif
1
0
Fork 0
mirror of https://github.com/lunchcat/sif.git synced 2026-06-12 19:11:25 -07:00
Code Issues Packages Projects Releases Wiki Activity

docs: fix broken -all example and document -sh

Browse Source 
- the readme headline used -all, which isn't a real flag (goflags fatals
  on unknown flags), so the three -all examples now use actual flags
- document the new -sh security-header scan in the readme table, usage.md
  and scans.md, and fix the -headers section (it dumps headers; -sh grades
  them)
- bump the documented go version 1.23 -> 1.25 to match go.mod
This commit is contained in:
vmfunc
2026-06-08 18:43:17 -07:00
parent 9326465a46
commit 94b99ade5a
5 changed files with 32 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/development.md
+2 -3
View File
@@ -4,7 +4,7 @@ setting up a development environment for sif.
## prerequisites
- go 1.23 or later
- go 1.25 or later
- git
- make
@@ -28,8 +28,7 @@ sif/
│ ├── logger/ # logging utilities
│ ├── modules/ # module system
│ ├── scan/ # built-in scans
── styles/ # terminal styling
│ └── worker/ # worker pool
── styles/ # terminal styling
├── modules/ # built-in yaml modules
│ ├── http/ # http-based modules
│ ├── info/ # information gathering
docs/installation.md
+1 -1
View File
@@ -36,7 +36,7 @@ download `sif-windows-amd64.exe` from releases and add to your PATH.
## from source
requires go 1.23+
requires go 1.25+
```bash
git clone https://github.com/dropalldatabases/sif.git
docs/scans.md
+15 -4
View File
@@ -98,16 +98,27 @@ analyzes javascript files for security issues.
## http headers (-headers)
analyzes security headers.
dumps the target's response headers.
## security headers (-sh)
flags missing or weak security headers and headers that leak server internals.
### checks
- strict-transport-security (https only)
- content-security-policy
- x-frame-options
- x-content-type-options
- strict-transport-security
- x-xss-protection
- x-content-type-options (expects nosniff)
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
### flagged as disclosure
- server
- x-powered-by
- x-aspnet-version / x-aspnetmvc-version
## cms detection (-cms)
docs/usage.md
+9 -1
View File
@@ -95,12 +95,20 @@ scopes: `common` (top ports), `full` (all ports)
### http headers
`-headers` - analyze security headers
`-headers` - dump the target's response headers
```bash
./sif -u https://example.com -headers
```
### security headers
`-sh` - flag missing/weak security headers (hsts, csp, x-frame-options, ...) and headers that leak server internals
```bash
./sif -u https://example.com -sh
```
### cloud storage
`-c3` - check for cloud storage misconfigurations