cookie-flags
cookie-flags cookie-flags is the Python script that audits response headers for cookie flags like Secure, HttpOnly, and SameSite, flagging lax configs for session fixation or CSRF risks in web audits. Run it via CLI on captures or live sites, outputting JSON reports with remediation tips for hardening. Open-source from community, it's the cookie cop for pentesters enforcing flag standards in header scans.
Explore →http-cookie-checker
http-cookie-checker http-cookie-checker is the Go CLI for parsing Set-Cookie headers, validating flags against OWASP best practices with scores for SameSite=None+Secure requirements. Point it at URLs or HAR files for batch analysis, scripting outputs for CI integrations. Open-source from elastic, it's the flag filter for devs templating secure cookie policies in app reviews.
Explore →cookie-audit
cookie-audit cookie-audit is the Node.js tool that scans sites for cookie attributes, detecting missing HttpOnly or Secure flags with automated fixes via header injection suggestions. Crawl domains with Puppeteer, report via JSON for dashboard views. Open-source from PortSwigger, it's the attribute assessor for web security pros auditing session cookies systematically.
Explore →samesite-checker
samesite-checker samesite-checker is the lightweight Python auditor focused on SameSite flags in cookies, testing lax/strict modes for CSRF protections across subdomains. Run on proxies or direct endpoints, outputting compliance matrices for reports. Open-source from OWASP, it's the site sentinel for pentesters verifying cross-site request defenses in configs.
Explore →secure-cookie-validator
secure-cookie-validator secure-cookie-validator is the Rust binary for validating cookie flags in HTTP responses, enforcing Secure and HttpOnly for HTTPS-only transmission with CLI batching. Parse pcaps or live traffic, flagging violations with severity levels for prioritization. Open-source from rust-security, it's the flag enforcer for analysts hardening session management.
Explore →cookie-security-scanner
cookie-security-scanner cookie-security-scanner is the extensible YAML-based checker for cookie attributes, templating rules for SameSite and Path validations in automated web scans. Integrate with ZAP or Nuclei for header flows, exporting SARIF for CI feedback. Open-source from Bridgecrew, it's the attribute archivist for security teams templating cookie compliance checks.
Explore →httponly-check
httponly-check httponly-check is the simple Go tool that probes Set-Cookie headers for HttpOnly flags, alerting on exposed session IDs vulnerable to XSS theft. Run on endpoints or captures for binary pass/fail, scripting for bulk site audits. Open-source from community, it's the exposure exposer for pentesters safeguarding cookies from client-side grabs.
Explore →cookie-flags-analyzer
cookie-flags-analyzer cookie-flags-analyzer is the Python lib for dissecting cookie headers, scoring flags like Secure over HTTP and generating fix scripts for automated hardening. Parse from strings or files, outputting detailed breakdowns for reports. Open-source from security-research, it's the flag forensic for web auditors tracing session risks to configs.
Explore →samesite-enforcer
samesite-enforcer samesite-enforcer is the Node.js middleware that validates and enforces SameSite attributes in outgoing cookies, integrating with Express for runtime checks and logs. Configure rules for lax/strict, testing via API endpoints for compliance. Open-source from expressjs, it's the site safeguard for devs templating CSRF defenses in app layers.
Explore →cookie-validator