Web Application Analysishttpheaderssecurityanalyzerowasp

humble

Humble is a fast, security-oriented HTTP headers analyzer that checks for compliance with OWASP Secure Headers. It provides statistics, findings, and supports multiple output formats.

Description

Humble is designed to analyze HTTP response headers from target URLs for security best practices. It performs checks against OWASP Secure Headers guidelines, identifying misconfigurations or missing protections in web applications. The tool is particularly useful for security auditors, penetration testers, and developers ensuring their sites implement proper header policies.

Use cases include quick header audits during vulnerability assessments, CI/CD pipeline integration for automated security checks, and generating reports in various formats for documentation. It supports proxy usage for testing through intercepting tools and customizable skips for specific headers.

The analyzer prints detailed or overall findings, with options for localization like Spanish output. Its lightweight nature (435 KB installed size) makes it suitable for both interactive use and scripted environments.

How It Works

Humble sends HTTP requests to the specified URL (or file input), retrieves response headers, and evaluates them against security standards including OWASP Secure Headers compliance. It uses Python libraries like requests for HTTP handling, tldextract for domain processing, and publicsuffix for suffix matching. Analysis includes statistic computation, finding generation (overall or detailed), and optional external tools like testssl for deeper checks. Results are formatted into outputs like CSV, PDF, HTML using libraries such as fpdf, xlsxwriter, and colorama for console display.

Installation

bash

sudo apt install humble

Flags

-h, --helpshow this help message and exit

-aPrint statistics of the performed analysis; if the '-u' parameter is omitted they will be global

-bPrint overall findings; if omitted detailed ones will be printed

-cChecks URL response HTTP headers for compliance with OWASP 'Secure Headers'

-cicdAppears in usage for CI/CD integration

-dfAppears in usage

-e [TESTSSL_PATH]Appears in usage, likely for testssl integration

-f [FINGERPRINT_TERM]Appears in usage for fingerprinting

-gAppears in usage

-grdAppears in usage

-H REQUEST_HEADERAppears in usage for custom request headers

-if INPUT_FILEAppears in usage for input file

-l {es}Language option, e.g., Spanish for detailed findings

-licAppears in usage

-o {csv,html,json,pdf,txt,xlsx,xml}Output format

-of OUTPUT_FILEOutput filename

-op OUTPUT_PATHOutput path

-p PROXYProxy for requests

-rAppears in usage

-s [SKIP_HEADERS ...]Skip specific headers

-u URLTarget URL

-ua USER_AGENTCustom user agent

-vAppears in usage, likely verbose

Examples

Print statistics of the analysis performed against the URL

humble -u URL -a

Analyzes the URL and prints overall findings

humble -u URL -b

Analyzes the URL and exports overall findings to CSV format

humble -u URL -b -o csv

Analyzes the URL and prints (in Spanish) detailed findings

humble -u URL -l es

Analyzes the URL and exports detailed findings to PDF format

humble -u URL -o pdf

Analyzes the URL and exports detailed findings to HTML format and 'test' filename

humble -u URL -o html -of test

Analyzes the URL and exports detailed findings to PDF format and 'D:/Tests' path

humble -u URL -o pdf -op D:/Tests

Analyzes the URL using 'http://127.0.0.1:8080' as the proxy

humble -u URL -p http://127.0.0.1:8080

Updated 2026-04-16kali.org ↗