Security headers and SSL/TLS cyphers monitors

[fabriziosalmi]

⚠️ Please verify that this feature request has NOT been suggested before.

• I checked and didn't find similar feature request

🏷️ Feature Request Type

New Monitor

🔖 Feature description

Hi, thank you all for this amazing piece of software.

It is possible to integrate in some way the following monitors?

• http security headers check (ex: https://github.com/juerkkil/securityheaders)
• ssl security check (ex: https://github.com/drwetter/testssl.sh)

✔️ Solution

Add 2 monitors type:

• http security headers check
• ssl security check

❓ Alternatives

push trigger to external scripts

📝 Additional Context

No response

[Computroniks]

Currently, it is possible to validate if specific headers are present with a set value using the Headers field when creating a new HTTP monitor, so you could possibly use this for the header validation provided that the value of the header doesn't change. As for the ssl checking, it does seem like a good idea but testssl.sh is a bash script so that sort of feature would probably need porting over to node. I think that this could be quite usefull, perticularly knowing what TLS versions and cypher sets a specified host currently offers.

[fabriziosalmi]

Thank you for your prompt response!

I'll give a try by coding something and if planets schema will assist me I'll share that of course :)

For the SSL monitor I understand what You mean, maybe a simple "score" admins can set if weak cyphers are found will be enough to trigger a lot of app users to be aware about popular weaknesses.

This way can be of course infinite by integrating 3rd party tools like wpscan et similia ☕️

[CommanderStorm]

I am going to split this issue:

• header-query is going to be tracked in http(s) - header-query #3568
• ssl score is going to be tracked in Monitor SSL score #3570

=> closing as a duplicate