Stats
Actions
Tags
From penetration-tester
Prompts for a target URL and scans its HTTP security headers (CSP, HSTS, etc.), outputting a table with status, values, issues, score, and fix recommendations.
How this command is triggered — by the user, by Claude, or both
Slash command
/penetration-tester:scan-headersThe summary Claude sees in its command listing — used to decide when to auto-load this command
# Quick Security Header Scan Fast single-URL check for HTTP security headers. This is a shortcut for running just the header analysis from the full pentest workflow. ## Usage Ask the user for the target URL, then run: ## What Gets Checked - Content-Security-Policy (CSP) - Strict-Transport-Security (HSTS) - X-Frame-Options - X-Content-Type-Options - Referrer-Policy - Permissions-Policy - Server version disclosure - X-XSS-Protection (deprecated, informational) ## Output Present the results as a table showing each header, whether it's present, its value, and any issues found. Include ...
Fast single-URL check for HTTP security headers. This is a shortcut for running just the header analysis from the full pentest workflow.
Ask the user for the target URL, then run:
python3 ${CLAUDE_PLUGIN_ROOT}/skills/performing-penetration-testing/scripts/security_scanner.py TARGET_URL --checks headers
Present the results as a table showing each header, whether it's present, its value, and any issues found. Include the overall header security score.
For any missing or misconfigured headers, provide the recommended value and
a brief explanation of what it protects against. Reference
references/SECURITY_HEADERS.md for implementation details.
Even though this only sends a single GET request, confirm the user has authorization to test the target URL before scanning.
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin penetration-tester/rank-securityScans HTML files in a directory for security headers, HTTPS compliance, and 15 SEO-impacting rules including CSP, mixed content, SRI, and more.
/healthHealth checks a production URL for HTTP status, response time, SSL certificate validity and expiry, redirects, and security headers. Reports issues and suggests fixes.
/cspScans project for frontend assets and external domains to generate strict Content Security Policy (CSP) headers in HTTP and meta tag formats, including enforcing and report-only versions.
/securityConducts security reviews of apps, APIs, scripts, and configs using OWASP Top 10 best practices and threat modeling; detects vulnerabilities and suggests fixes.
/review-api-securityAudit API design, authentication, rate limiting, and input validation for security gaps.