Bash script for checking HTTP headers for security

For checking http header for security perspective you can visit Security Headers . It will check for following header.

Access Control Allow Origin
Content Security Policy
Cross Domain Meta Policy
Server Information
Strict Transport Security
UTF-8 Character Encoding

I wrote bash script which check HTTP header of website against & give output.

git clone

chmod +x




Bash script for checking an account that has been compromised in a data breach.

Troyhunt start great website  for checking your email address has been compromised in data breach or not.Right now Adobe,Stratfor,Gawker,Pixel Federation,Yahoo!,Sony,Vodafone `s breach email address is listed. You can check it manually on their site.

I wrote simple bash script for checking against their site that email address has been compromised or not.You can also write in python using simple requests module.




have-i-been-pwned bash script

have-i-been-pwned bash script

git clone

cd haveibeenpwned

chmod +x


Please enter email address to check against

You have been pwned in [“Adobe”] breach

Python script for auditing robots.txt

Before one year i wrote different  methods to exploit robots.txt file; you can find it here. Sometimes, due to weak directory permission you can get into dis-allowed directory from robots.txt.This python script  check the HTTP status code of each Disallow entry in order to check automatically if these directories are available or not.For Original article click here.

It require python3 and urlib3 module.

git clone
cd Parsero
python3 -h
python3 -u localhost/mutillidae

Exploit Robots.txt

Auditing Robots.txt

Now you can see that which dis-allowed directory is allowed , it means for which we got HTTP-status code 200.

Truecaller Name Retriever python script

Truecaller is a global phone directory application for smartphones and feature phones, and accessible via a Web site. If you have any unknown mobile number you can search in truecaller website or using truecaller application.This python script is written by A’mmer Almadani. Script is still in developing phase.More functions will be added soon.

git clone

cd callerpy

Now open file & enter your twitter credential in line 39,40. it will use for authentication.

python -h

usage: [-h] -n number [-c country] [-cc country code] -l login

TrueCaller Name Retriever

optional arguments:
-h, –help            show this help message and exit
-n number, –number number
Phone Number Without Country Code (default: None)
-c country, –country country
Country | String (default: None)
-cc country code, –countrycode country code
Country | Int (default: None)
-l login, –login login
Login Method | twitter, g+, fb (default: twitter)

python -n 9016986989 -c india-other -l twitter

Truecaller Name Retriever

Truecaller Name Retriever Python Script

Python script to search email addresses against the Gravatar database.

Gravatar is a service for providing globally unique avatars.When the user posts a comment on such a blog that requires an e-mail address, the blogging software checks whether that e-mail address has an associated avatar at Gravatar. If so, the Gravatar is shown along with the comment.Script is made by averagesecurityguy . Our script take email address & check against gravatar database , if email address is exist , then extract username , location, account detail.First we will understand how it`s work , for developer resources click here.

To view details of email address ; we need  to create email hash of address. For example , if you want to check email address We have to create md5 hash of email address.

root@bt:~#echo -n| md5sum

To extract details about email address we have to make following request

And there we can get details about my gravatar profile.

It`s just simple details how it`s work. Now we will go to script, takes a file with a list of email address, one on each line, and searches Gravatar for information about the email address. If address is  registered with Gravatar, then selected data points are extracted from the  Gravatar profile.


Now you need email address list file .

python email

gravatar email address

gravatar email address search

Cloudflare Resolver Bash script

CloudFlare is a content delivery network and distributed domain name server service marketed as improving website performance and speed and providing security. Before one year i posted different methods to find out real I.P. behind cloudflare.

All those methods are only working , if there is admin misconfiguration.

(1)DNS bruteforce


(3)Netcraft toolbar

I made simple bash script which do all things for you, you just have to provide name of website which is behind cloudflare.

git clone

cd cloudflare-ip

chmod +x


In script you have to change I.P. in line 45 . i used dns variable , because for unknown DNS my isp redirect to  its address ,so we can know that response is valid or not.Change that I.P. according to your setting.