We've previously seen how the HTTP responses can be a great source of information for enumerating the underlying web framework in place. We are now going to take this to the next level by using the HTTP header information to test for insecure web server configurations and flagging up anything that can lead to a vulnerability.
For this recipe, you will need a list of URLs that you want to test for insecure headers. Save these into a text file called urls.txt, with each URL on a new line, alongside your recipe.
The following code will highlight any vulnerable headers received in the HTTP response from each of the target URLs:
import requests
urls = open("urls.txt", "r")
for url in urls:
url = url.strip()
req = requests.get(url)
print url, 'report:'
try:
xssprotect = req.headers['X-XSS-Protection']
if xssprotect != '1; mode=block':
print 'X-XSS-Protection not set properly, XSS may be possible:', xssprotect
except...