SkillAgentSearch skills...

Humble

A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.

GenerateConvertImprove

Install / Use

/learn @rfc-st/Humble
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

<h1><p align="center">humble</p></h1> <h4><p align="center">A humble, and fast, security-oriented HTTP headers analyzer</p></h4> <br /> <p align=center> <a target="_blank" href="https://devguide.python.org/versions/" title="Minimum Python version required to run this tool"><img src="https://img.shields.io/badge/Python-%3E%3D3.11-blue?labelColor=343b41"></a> <a target="_blank" href="LICENSE" title="License of this tool"><img src="https://img.shields.io/badge/License-MIT-blue.svg?labelColor=343b41"></a> <a target="_blank" href="https://github.com/rfc-st/humble/releases" title="Latest release of this tool"><img src="https://img.shields.io/github/v/release/rfc-st/humble?display_name=release&label=Latest%20Release&labelColor=343b41"></a> <a target="_blank" href="https://github.com/rfc-st/humble/commits/master" title="Latest commit of this tool"><img src="https://img.shields.io/badge/Latest_Commit-2026--04--02-blue.svg?labelColor=343b41"></a> <a target="_blank" href="https://pkg.kali.org/pkg/humble" title="Official tool in Kali Linux"><img src="https://img.shields.io/badge/Kali%20Linux-Tool-blue?labelColor=343b41"></a> <br /> <a target="_blank" href="#" title="Featured on:"><img src="https://img.shields.io/badge/Featured%20on:-343b41"></a> <a target="_blank" href="https://artemis-scanner.readthedocs.io/en/latest/search.html?q=humble&check_keywords=yes&area=default" title="Artemis vulnerability scanner"><img src="https://img.shields.io/badge/Artemis-blue"></a> <a target="_blank" href="https://blog.csdn.net/gitblog_01072/article/details/141745712" title="Chinese Software Developer Network"><img src="https://img.shields.io/badge/CSDN-blue"></a> <a target="_blank" href="https://docs.defectdojo.com/supported_tools/parsers/file/humble/" title="Importing and parsing 'humble' results in DefectDojo"><img src="https://img.shields.io/badge/DefectDojo-blue"></a> <a target="_blank" href="https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-web/special-http-headers.html" title="HackTricks"><img src="https://img.shields.io/badge/HackTricks-blue"></a> <a target="_blank" href="https://headerscan.com/humble/" title="Security Header Scanner"><img src="https://img.shields.io/badge/HeaderScan-blue"></a> <a target="_blank" href="https://www.linux-magazin.de/ausgaben/2022/11/tooltipps/" title="Linux Magazin"><img src="https://img.shields.io/badge/Linux%20Magazin-blue"></a> <a target="_blank" href="https://merginit.com/blog/18082025-http-security-header-checker-tools" title="MerginIT"><img src="https://img.shields.io/badge/MerginIT-blue"></a> <a target="_blank" href="https://owasp.org/www-project-secure-headers/#div-technical" title="OWASP Secure Headers Project"><img src="https://img.shields.io/badge/OWASP-blue"></a> <a target="_blank" href="https://qiita.com/prograti/items/8eea5d60056f6df0d160#humble" title="Security Tools in Kali Linux"><img src="https://img.shields.io/badge/Qiita-blue"></a> <br /> <a target="_blank" href="https://github.com/rfc-st/humble/actions/workflows/bandit-security-scan.yml" title="Vulnerability analysis with Bandit"><img src="https://github.com/rfc-st/humble/actions/workflows/bandit-security-scan.yml/badge.svg"></a> <a target="_blank" href="https://github.com/rfc-st/humble/actions/workflows/codeql-analysis.yml?query=workflow%3ACodeQL" title="Vulnerability analysis with CodeQL"><img src="https://github.com/rfc-st/humble/workflows/CodeQL/badge.svg"></a> <a target="_blank" href="https://humble.readthedocs.io/en/latest/" title="Status of documentation in 'Read The Docs'"><img src="https://img.shields.io/badge/documentation-passing-32bd50?labelColor=343b41"></a> <a target="_blank" href="https://github.com/rfc-st/humble/?tab=readme-ov-file#unit-tests" title="Code coverage with pytest-cov"><img src="https://img.shields.io/badge/code%20coverage-97%25-32bd50?labelColor=343b41"></a> <a target="_blank" href="https://github.com/rfc-st/humble/actions/workflows/vulture.yml" title="Dead Code analysis with vulture"><img src="https://img.shields.io/badge/vulture-passing-32bd50?labelColor=343b41"></a> <a target="_blank" href="https://www.bestpractices.dev/projects/9543" title="Analysis of OpenSSF best practices"><img src="https://www.bestpractices.dev/projects/9543/badge"></a> <br /> <br /> <br /> <img src="https://github.com/rfc-st/humble/blob/master/screenshots/humble_fast.PNG" alt="A quick analysis with 'humble'!"> <br /> <br /> <i>"千里之行,始於足下 - 老子"</i> <br /> <i>("A journey of a thousand miles begins with a single step. - Lao Tzu")</i> <br /> <br /> <i>"And if you don't keep your feet, there's no knowing where you might be swept off to. - Bilbo Baggins"</i> <br /> <br />

Table of contents

Features<br /> Screenshots<br /> Installation & Update (Source code)<br /> Installation & Maintenance (Docker)<br /> Installation & Update (Kali Linux)<br /> Usage<br /> Advanced Usage (Linux)<br /> Unit tests<br /> Quality, style and security tools<br /> Checks: Missing Headers<br /> Checks: Fingerprint Headers<br /> Checks: Deprecated Headers and Insecure Values<br /> Checks: Empty Values<br /> Guidelines included<br /> To-Do<br /> Further Reading<br /> Contribute<br /> Acknowledgements<br /> License<br /> <br />

Features

:heavy_check_mark: Covers 62 enabled security-related HTTP response headers.<br /> :heavy_check_mark: 15 checks for missing security-related HTTP response headers (the ones I consider essential).<br /> :heavy_check_mark: 1280 checks for fingerprinting through HTTP response headers.<br /> :heavy_check_mark: 158 checks for deprecated HTTP response headers/protocols or with insecure/wrong values.<br /> :heavy_check_mark: 28 checks related to Content Security Policy Level 3.<br /> :heavy_check_mark: Can check for compliance with the OWASP <a href="https://owasp.org/www-project-secure-headers/#div-bestpractices" target="_blank">Secure Headers Project</a> Best Practices.<br /> :heavy_check_mark: Can exclude specific HTTP response headers from the analysis.<br /> :heavy_check_mark: Can analyze raw response files: text files with HTTP response headers and values. Ex: curl option '<a href="https://curl.se/docs/manpage.html#-D" target="_blank">--dump-header</a>'.<br /> :heavy_check_mark: Can export each analysis to CSV, CSS3 & HTML5, JSON, PDF, TXT, XLSX (Excel 2007 onwards) and XML; and in a filename and path of your choice.<br /> :heavy_check_mark: Can check for outdated SSL/TLS protocols and vulnerabilities: requires the amazing <a href="https://testssl.sh/" target="_blank">testssl.sh</a>.<br /> :heavy_check_mark: Can provide brief and detailed analysis along with HTTP response headers.<br /> :heavy_check_mark: Can use proxies for the analysis.<br /> :heavy_check_mark: Allows specifying custom HTTP request headers.<br /> :heavy_check_mark: Can output only analysis summary, totals and grade as JSON; suitable for <a href="https://www.redhat.com/en/topics/devops/what-is-ci-cd" target="_blank">CI/CD</a>.<br /> :heavy_check_mark: Print browser support for enabled HTTP security headers, with data from <a href="https://caniuse.com/" target="_blank">Can I use</a>.<br /> :heavy_check_mark: Highlights <a href="https://developer.mozilla.org/en-US/docs/MDN/Writing_guidelines/Experimental_deprecated_obsolete" target="_blank">experimental</a> headers in each analysis.<br /> :heavy_check_mark: Provides hundreds of relevant links to security resources, standards and technical blogs based on each analysis.<br /> :heavy_check_mark: Supports displaying analysis, messages, and most errors in English or Spanish.<br /> :heavy_check_mark: Saves each analysis, highlighting improvements or deficiencies compared to the previous one.<br /> :heavy_check_mark: Can display analysis statistics for a specific URL or across all of them.<br /> :heavy_check_mark: Can display fingerprint statistics for a specific term or the Top 20.<br /> :heavy_check_mark: Can display guidelines for enabling security HTTP response headers on popular frameworks, servers, and services.<br /> :heavy_check_mark: Provides dozens of unit tests to verify compatibility with your environment; requires <a href="https://pypi.org/project/pytest/" target="_blank">pytest</a> and <a href="https://pypi.org/project/pytest-cov/">pytest-cov</a>.<br /> :heavy_check_mark: Classes and functions documented at <a href="https://humble.readthedocs.io/en/latest/" target="_blank">Read the Docs</a>.<br /> :heavy_check_mark: Code regularly audited with several quality, style and security tools.<br /> :heavy_check_mark: Tested, one by one, on thousands of URLs.<br /> :heavy_check_mark: Tested on Docker 26.1, Kali Linux 2021.1, macOS 14.2.1 and Windows 10 20H2.<br /> :heavy_check_mark: <a href="https://github.com/rfc-st/humble/blob/master/additional/fingerprint.txt" target="_blank">Almost</a> all the <a href="https://github.com/rfc-st/humble/blob/master/additional/owasp_best_practices.txt" target="_blank">code</a> available under one of the most permissive licenses: <a href="https://github.com/rfc-st/humble/blob/master/LICENSE" target="_blank">MIT</a>.<br /> :heavy_check_mark: Regularly <a href="https://github.com/rfc-st/humble/commits/master" target="_blank">updated</a>.<br /> :heav

rfc-st

View profile

View on GitHub
GitHub Stars358
CategoryDevelopment
Updated14h ago
Forks28
rfc-st/humble

Languages

Python

Security Score

100/100

Audited on Apr 2, 2026

No findings