See #8 as well, but this sort of verbosity around content checks is unnecessary. Save it for the JSON/CSV output. For the CLI, only print stuff that would be useful to a tester.
Specifically:
remove location header
remove security header info if they don't print something that can be actioned
remove anything that's 'false'
remove email addresses output if there are none.
Checking URL: http://127.0.0.1/
Checking... http://127.0.0.1/
Fingerprint:
- Apache HTTP Server 2.4.41 - Apache web server - server header - with versions (CPE: cpe:2.3:a:apache:http_server:2.4.41:) (Tags: ["Web Server"])
Content Checks:
- Access-Control-Allow-Origin Header: false
- P3P Header: false
- X-Frame-Options Header: false
- X-XSS-Protection Header: false
- Google Analytics Account Detected: false
- Location Header:
- Directory Listing Detected: false
- Form Detected: false
- File Upload Form Detected: false
- Email Addresses Detected: []
- Authentication - HTTP: false
- Authentication - Session Identifier: false````
via @bcoles
jcran
commented
4 years ago
See #8 as well, but this sort of verbosity around content checks is unnecessary. Save it for the JSON/CSV output. For the CLI, only print stuff that would be useful to a tester.
Specifically: