added readme and correct cli naming

aymaneallaoui · aymaneallaoui · commit 150bc88ef31f · 2024-05-16T13:20:00.000+01:00
diff --git a/LICENCE b/LICENCE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 aymane aallaoui
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
@@ -1,38 +1,53 @@
-GoHTTPSecScanner
+# GoHTTPScanner
+
 An advanced HTTP security vulnerability scanner that detects a wide range of web application vulnerabilities.
-Features
 
-Comprehensive Vulnerability Detection: Identifies HTTP smuggling, XSS, SQL injection, and many other vulnerabilities
-Modular Architecture: Easy to extend with new vulnerability checks
-Concurrent Scanning: Fast multi-threaded testing
-Multiple Output Formats: Results in text, JSON, or YAML
-Detailed Remediation: Provides actionable fixes for discovered vulnerabilities
-Production-Ready: Robust error handling and retry mechanisms
-Installation
-From Source
+## Features
+
+- **Comprehensive Vulnerability Detection:** Identifies HTTP smuggling, XSS, SQL injection, and many other vulnerabilities.
+- **Modular Architecture:** Easy to extend with new vulnerability checks.
+- **Concurrent Scanning:** Fast multi-threaded testing.
+- **Multiple Output Formats:** Results in text, JSON, or YAML.
+- **Detailed Remediation:** Provides actionable fixes for discovered vulnerabilities.
+- **Production-Ready:** Robust error handling and retry mechanisms.
+
+## Installation
 
-# Clone the repository
+### From Source
 
+```sh
 git clone https://github.com/aymaneallaoui/go-http-scanner.git
 cd go-http-scanner
 
-# Build the project
-
 go build -o httpscan
 
-# Make it available system-wide (optional)
-
 sudo mv httpscan /usr/local/bin/
-Using Go Install
-Quick Start
+```
 
-go install github.com/aymaneallaoui/go-http-scanner@latest
+## Supported modules
 
-Available Modules
-ModuleDescriptionHeaderSecurityChecks for missing or insecure HTTP security headersHttpSmugglingDetects HTTP request smuggling vulnerabilitiesSSLTLSSecurityChecks for SSL/TLS security issues like outdated protocols and weak ciphersContentSecurityChecks for content security issues like MIME type confusionHTTPMethodsChecks for support of dangerous HTTP methodsServerInfoLeakageChecks for server information leakageXSSVulnerabilityChecks for Cross-Site Scripting vulnerabilitiesSQLInjectionChecks for SQL injection vulnerabilitiesDirectoryTraversalChecks for directory traversal vulnerabilitiesHostHeaderAttackChecks for host header attack vulnerabilitiesCORSMisconfigurationChecks for CORS misconfigurationsCacheAttackChecks for web cache poisoning vulnerabilitiesWebCacheDeceptionChecks for web cache deception vulnerabilitiesOpenRedirectChecks for open redirect vulnerabilitiesClickjackingChecks for clickjacking vulnerabilitiesCookieSecurityChecks for cookie security issues
+| Module                   | Description                                                                  | Severity |
+| ------------------------ | ---------------------------------------------------------------------------- | -------- |
+| **HeaderSecurity**       | Checks for missing or insecure HTTP security headers.                        | Medium   |
+| **HttpSmuggling**        | Detects HTTP request smuggling vulnerabilities.                              | High     |
+| **SSLTLSSecurity**       | Checks for SSL/TLS security issues like outdated protocols and weak ciphers. | High     |
+| **ContentSecurity**      | Checks for content security issues like MIME type confusion.                 | Medium   |
+| **HTTPMethods**          | Checks for support of dangerous HTTP methods.                                | Medium   |
+| **ServerInfoLeakage**    | Checks for server information leakage.                                       | Low      |
+| **XSSVulnerability**     | Checks for Cross-Site Scripting vulnerabilities.                             | High     |
+| **SQLInjection**         | Checks for SQL injection vulnerabilities.                                    | High     |
+| **DirectoryTraversal**   | Checks for directory traversal vulnerabilities.                              | High     |
+| **HostHeaderAttack**     | Checks for host header attack vulnerabilities.                               | Medium   |
+| **CORSMisconfiguration** | Checks for CORS misconfigurations.                                           | Medium   |
+| **CacheAttack**          | Checks for web cache poisoning vulnerabilities.                              | Medium   |
+| **WebCacheDeception**    | Checks for web cache deception vulnerabilities.                              | Medium   |
+| **OpenRedirect**         | Checks for open redirect vulnerabilities.                                    | Medium   |
+| **Clickjacking**         | Checks for clickjacking vulnerabilities.                                     | Medium   |
+| **CookieSecurity**       | Checks for cookie security issues.                                           | Medium   |
 
-# Example configuration file (configs/default.yaml)
+## Example Configuration File (configs/default.yaml)
 
+```yaml
 timeout: 10
 max_retries: 3
 concurrency: 5
@@ -41,9 +56,9 @@ skip_ssl_verify: false
 output_format: text
 log_level: info
 enabled_modules:
-
-- HeaderSecurity
-- HttpSmuggling
-- SSLTLSSecurity
-  disabled_modules:
-- ServerInfoLeakage
+  - HeaderSecurity
+  - HttpSmuggling
+  - SSLTLSSecurity
+disabled_modules:
+  - ServerInfoLeakage
+```
diff --git a/cmd/root.go b/cmd/root.go
@@ -17,7 +17,7 @@ var (
 var RootCmd = &cobra.Command{
 	Use:   "gohttpscanner",
 	Short: "An advanced HTTP security vulnerability scanner",
-	Long: `GoHTTPSecScanner is an advanced HTTP security vulnerability scanner that 
+	Long: `GoHTTPScanner is an advanced HTTP security vulnerability scanner that 
 detects a wide range of web application vulnerabilities including HTTP smuggling,
 XSS, SQL injection, and many other vulnerabilities.`,
 	PersistentPreRun: func(cmd *cobra.Command, args []string) {
diff --git a/cmd/scan.go b/cmd/scan.go
@@ -129,16 +129,22 @@ func parseCommaSeparatedList(input string) []string {
 }
 
 func printBanner() {
+	red := "\033[31m"
+	reset := "\033[0m"
+
 	banner := `
-  _____ ___ _   _ _____ _____ ___   ____            ____                                  
- / ____/   | | | |_   _|_   _|__ \ / __ \          / __ \                                 
-| |   / /| | |_| | | |   | |    ) | |  | |  ______| |  | |___  ___ __ _ _ __  _ __   ___ _ __ 
-| |  / /_| |  _  | | |   | |   / /| |  | | |______| |  | / __|/ __/ _' | '_ \| '_ \ / _ \ '__|
-| |__\___  | | | |_| |_ _| |_ / /_| |__| |        | |__| \__ \ (_| (_| | | | | | | |  __/ |   
- \____/   |_|_| |_|_____|_____|____|\____/         \____/|___/\___\__,_|_| |_|_| |_|\___|_|   
+
+	/$$$$$$            /$$   /$$ /$$$$$$$$ /$$$$$$$$ /$$$$$$$   /$$$$$$                                                             
+	/$$__  $$          | $$  | $$|__  $$__/|__  $$__/| $$__  $$ /$$__  $$                                                            
+   | $$  \__/  /$$$$$$ | $$  | $$   | $$      | $$   | $$  \ $$| $$  \__/  /$$$$$$$  /$$$$$$  /$$$$$$$  /$$$$$$$   /$$$$$$   /$$$$$$ 
+   | $$ /$$$$ /$$__  $$| $$$$$$$$   | $$      | $$   | $$$$$$$/|  $$$$$$  /$$_____/ |____  $$| $$__  $$| $$__  $$ /$$__  $$ /$$__  $$
+   | $$|_  $$| $$  \ $$| $$__  $$   | $$      | $$   | $$____/  \____  $$| $$        /$$$$$$$| $$  \ $$| $$  \ $$| $$$$$$$$| $$  \__/
+   | $$  \ $$| $$  | $$| $$  | $$   | $$      | $$   | $$       /$$  \ $$| $$       /$$__  $$| $$  | $$| $$  | $$| $$_____/| $$      
+   |  $$$$$$/|  $$$$$$/| $$  | $$   | $$      | $$   | $$      |  $$$$$$/|  $$$$$$$|  $$$$$$$| $$  | $$| $$  | $$|  $$$$$$$| $$      
+	\______/  \______/ |__/  |__/   |__/      |__/   |__/       \______/  \_______/ \_______/|__/  |__/|__/  |__/ \_______/|__/         
                                                                                           
 `
-	fmt.Println(banner)
-	fmt.Printf("GoHTTPSecScanner v%s - Advanced HTTP Security Vulnerability Scanner\n", version)
-	fmt.Println("==========================================================")
+	fmt.Println(red + banner + reset)
+	fmt.Printf("%sGoHTTPScanner v%s - Advanced HTTP Security Vulnerability Scanner%s\n", red, version, reset)
+	fmt.Println(red + "==========================================================" + reset)
 }
