diff --git a/README.md b/README.md
index 10690408..7d173897 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@
-
+
@@ -172,7 +172,7 @@ https://github.com/rfc-st/humble/releases
(Windows) $ py humble.py
(Linux) $ python3 humble.py
-usage: humble.py [-h] [-a] [-b] [-e [PATH]] [-f [TERM]] [-g] [-l {es}] [-o {html,json,pdf,txt}] [-r] [-u URL] [-v]
+usage: humble.py [-h] [-a] [-b] [-df] [-e [PATH]] [-f [TERM]] [-g] [-l {es}] [-o {html,json,pdf,txt}] [-r] [-u URL] [-v]
humble (HTTP Headers Analyzer) - https://github.com/rfc-st/humble
@@ -180,6 +180,7 @@ options:
-h, --help show this help message and exit
-a show statistics of the performed analysis (will be global if '-u URL' is omitted)
-b show a brief analysis (if omitted, a detailed one will be shown)
+ -df do not follow redirects (if omitted, the last redirection will be the one analyzed)
-e [PATH] show TLS/SSL checks; requires the PATH of testssl.sh (https://testssl.sh/) and Unix (for now!)
-f [TERM] show fingerprint statistics (will be the Top 20 if "TERM", e.g. "Google", is omitted)
-g show guidelines for securing popular web servers/services
diff --git a/humble.py b/humble.py
index 2a9a4e62..021ad5b9 100644
--- a/humble.py
+++ b/humble.py
@@ -85,7 +85,7 @@
export_date = datetime.now().strftime("%Y%m%d")
now = datetime.now().strftime("%Y/%m/%d - %H:%M:%S")
-version = datetime.strptime('2023-11-18', '%Y-%m-%d').date()
+version = datetime.strptime('2023-11-24', '%Y-%m-%d').date()
class PDF(FPDF):
@@ -716,6 +716,8 @@ def print_summary(reliable):
print(REF_SRV_E + str(status_code))
if reliable:
print(get_detail('[analysis_wait_note]', replace=True))
+ if args.redirects:
+ print(get_detail('[analysis_redirects]', replace=True))
def print_headers():
@@ -904,7 +906,11 @@ def make_http_request():
try:
start_time = time()
uri_safe = quote(URL)
- r = requests.get(uri_safe, verify=False, headers=c_headers, timeout=15)
+ # So dirty, I know!: if args.redirects ('-df' param) is not provided
+ # the last redirection will be the one analyzed (arg.redirects=True).
+ # If this is not the case, the exact URL indicated will be analyzed.
+ r = requests.get(uri_safe, allow_redirects=not args.redirects,
+ verify=False, headers=c_headers, timeout=15)
elapsed_time = time() - start_time
return r, elapsed_time, None
except requests.exceptions.RequestException as e:
@@ -973,6 +979,8 @@ def custom_help_formatter(prog):
statistics of the performed analysis (will be global if '-u URL' is omitted)")
parser.add_argument("-b", dest='brief', action="store_true", help="show a \
brief analysis (if omitted, a detailed one will be shown)")
+parser.add_argument("-df", dest='redirects', action="store_true", help="do not\
+ follow redirects (if omitted, the last redirection will be the one analyzed)")
parser.add_argument("-e", nargs='?', type=str, dest='path', help="show TLS/SSL\
checks; requires the PATH of testssl.sh (https://testssl.sh/) and Unix (for \
now!)")
@@ -988,7 +996,7 @@ def custom_help_formatter(prog):
to 'URL_headers_yyyymmdd.ext' file (.json files will contain a brief analysis)\
")
parser.add_argument("-r", dest='ret', action="store_true", help="show full \
-HTTP response headers and a detailed analysis")
+ HTTP response headers and a detailed analysis")
parser.add_argument('-u', type=str, dest='URL', help="schema and URL to \
analyze. E.g. https://google.com")
parser.add_argument("-v", "--version", action="store_true",
@@ -1015,7 +1023,7 @@ def custom_help_formatter(prog):
if args.lang and not (args.URL or args.URL_A) and not args.guides:
parser.error(get_detail('[args_lang]'))
-if any([args.brief, args.output, args.ret]) \
+if any([args.brief, args.output, args.ret, args.redirects]) \
and (args.URL is None or args.guides is None or args.URL_A is None):
parser.error(get_detail('[args_several]'))
@@ -1074,10 +1082,11 @@ def custom_help_formatter(prog):
if args.output:
orig_stdout = sys.stdout
name_s = tldextract.extract(URL)
+ name_sch = URL.split(":", 1)[0]
name_sub = name_s.subdomain + '.' if name_s.subdomain else ''
name_dom = name_s.domain
name_tld = name_s.suffix
- name_e = f"{name_sub}{name_dom}.{name_tld}_headers_{export_date}{ext}"
+ name_e = f"{name_sch}_{name_sub}{name_dom}.{name_tld}_{export_date}{ext}"
f = open(name_e, 'w', encoding='utf8')
sys.stdout = f
diff --git a/i10n/details.txt b/i10n/details.txt
index cae210d6..2aad5479 100644
--- a/i10n/details.txt
+++ b/i10n/details.txt
@@ -642,6 +642,9 @@ HTTP Response Headers
[analysis_wait_note]
Note : The analysis may not be reliable because of the time it took for the URL to respond.
+[analysis_redirects]
+ Note : It has been expressly indicated to analyze the exact URL, without following redirects.
+
[analysis_output]
Analyzing URL and saving the report, please wait ...
@@ -1154,7 +1157,7 @@ Windows is excluded in this analysis (it should work with Cygwin//MSYS2/WSL but
'-l' requires also '-u' or '-a'.
[args_several]
-'-b', -'o' and '-r' requires also '-u'.
+'-b', '-df', '-'o' and '-r' requires also '-u'.
[args_json]
'-o json' currently requires '-b'.
diff --git a/i10n/details_es.txt b/i10n/details_es.txt
index 78e9e1e5..e8f1e011 100644
--- a/i10n/details_es.txt
+++ b/i10n/details_es.txt
@@ -642,6 +642,9 @@ Cabeceras de respuesta HTTP
[analysis_wait_note]
Nota : El análisis puede no ser fiable por el tiempo que tardó en responder la URL.
+[analysis_redirects]
+ Nota : Se ha indicado expresamente analizar la URL exacta, sin seguir redirecciones.
+
[analysis_output]
Analizando URL y guardando el informe, espera por favor ...
@@ -1154,7 +1157,7 @@ Windows está excluido en este análisis (debería funcionar con Cygwin//MSYS2/W
'-l' requiere '-u' o '-a'.
[args_several]
-'-b', -'o' y '-r' requieren '-u'.
+-b', '-df', -'o' y '-r' requieren '-u'.
[args_json]
'-o json' requiere, por ahora, '-b'.