headerscan

Retired — functionality merged into urlrecon.

retired 2026-05-30

This tool has moved

headerscan was a Python CLI for HTTP header security analysis, WAF fingerprinting, TLS assessment, and redirect chain analysis. Its distinctive features now live as urlrecon modules:

headers — OWASP/MDN security header analysis with HSTS / CSP / XCTO / XFO / Referrer-Policy strength scoring, banner grab, 0–10 risk score.
waf — 10-WAF passive fingerprint catalogue (Cloudflare, AWS WAF, F5 BIG-IP, ModSecurity, Akamai, Sucuri, Imperva, Barracuda, Fastly, Azure Front Door).
tls — direct tokio-rustls handshake, cipher + protocol assessment, certificate parsing (subject/issuer/validity/SAN) with strength tiers.
redirects — manual hop-by-hop chain walk; flags HTTPS→HTTP downgrades as Critical, cross-domain hops as Low, loops as High.

Use urlrecon going forward. It is a single Rust binary and runs all relevant modules concurrently against a target.

Migration

# Old (headerscan)
curl -fsSL https://cli.johlem.net/install.sh | bash -s -- headerscan
headerscan https://example.com

# New (urlrecon)
curl -fsSL https://cli.johlem.net/install.sh | bash -s -- urlrecon
urlrecon --target example.com --modules headers,waf,tls,redirects

# JSON output for CI / scripting
urlrecon --target example.com --modules headers,waf,tls,redirects --output json

Why retired?

headerscan and urlrecon overlapped heavily on URL reconnaissance. The 2026-05-29 suite audit recommended absorbing headerscan's capabilities into urlrecon so operators have one async multi-module recon tool rather than two with diverging detection lists. urlrecon ships as a single Rust binary deployable on hardened/airgapped environments where Python cannot be installed.

Not yet re-ported from the Python original: file batch mode (-f <FILE>), header-comparison between two URLs, and header-change tracking over time. The first two are on the urlrecon backlog; the third overlaps with hostwatch.

→ Go to urlrecon