#standard #txt #security #determine #coverage #domains #security-txt

yanked sectxtcov

A tool for determining the coverage of the security.txt standard

0.0.4 Jul 5, 2020
0.0.3 Jul 3, 2020
0.0.2 Jun 29, 2020
0.0.1 Jun 28, 2020

#20 in #domains

ISC license

13KB
98 lines

Build status License Version Downloads

New versions of this crate will be published as sectxt to indicate more general functionality. If you want to take ownership of the name sectxtcov, please reach out to me.

About

This tool can be used to determine the coverage of the security.txt standard among several domains. You feed it a list of domains and it will tell you how many of them implement the standard already.

sectxtcov < domains.txt

The idea was shamelessly stolen from inspired by haksecuritytxt. So why did I recreate a tool that already exists? Admittedly, the main motivation was to play around with Rust's new async/await syntax and learn something new. Besides, I wanted to enforce stricter checks for the standard, i.e., the server must answer with the correct Content-Type header, which leads to more accurate results.

Usage

Mozilla maintains a list of popular websites. Running ./checktop500 downloads that list, and runs sectxtcov against it. As a result, you will see how many of these websites deploy a security.txt file.

For the script to run you need to install xsv, which is another convenient utility by BurntSushi.

Dependencies

~7–18MB
~231K SLoC