➹ Check if HTTP Services are redirecting to HTTPS correctly

[rfelber]

Is your feature request related to a problem? Please describe. As a security tester i'm using the secureCodeBox to check the external attack surface of different environments, e.g. K8S Clusters with services exposed to the internet. The AMASS Scanner is a great to identify all public service exposed to the internet. As a common policy in organisations it should be checked somehow if all found HTTP (e.g. Port 80, 8080) Services are redirecting the user to an HTTPS Service correctly.

Describe the solution you'd like Maybe this can be done by additional NMAP Auth Scripts or ZAP or a new Scanner 🤔?

The result should be a finding with indicates if there are HTTP Service with a missing HTTPS redirect.

tbd.

Describe alternatives you've considered

Additional context

[SebieF]

I did a little research on this:

• Best I could come up with was: Pshtt . The main branch seems broken atm (installing via pip, requirements or setup has conflicts), but there exists a fix which has not yet been merged to the original repository unfortunately. I attached an example of the result file for a scan of example.com: results.csv
• Another possibilty could be this nmap script https-redirect, but the output it produces is very unclear to me.

[Weltraumschaf]

Maybe this is possible with Nuclei scanner.