Skip to content

h4sh5/securitytxt-scan

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

93 Commits
.github/workflows
.github/workflows
 
 
raw
raw
 
 
README.md
README.md
 
 
index.html
index.html
 
 
sectxtscanner.go
sectxtscanner.go
 
 
top-au-domains.txt
top-au-domains.txt
 
 

Repository files navigation

security.txt scanning

Scan websites for security.txt files.

A front-end interface for getting the results for a domain is available here.

Usage

go build sectxtscanner.go

./sectxtscanner.go <input domains file>

Why

This project aims to implement a simple way to scan a list of domains for security.txt files (as per RFC 9116: A File Format to Aid in Security Vulnerability Disclosure, and act as a central repository to check for security.txt files for Australian domains (but can be used with any domains).

It's important to have a security.txt file so that responsible disclosure of vulnerabilities belonging to your organization can go to the right place, like when you are vulnerable to CVEs being exploited by ransomware that need urgent patching.

A very small percentage organizations actually implement this, although it's very easy to do. See securitytxt.org for how to do it.

About

scan websites for security.txt files based on RFC 9116

h4sh5.github.io/securitytxt-scan/

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages