TOOL · PYTHON · BUG BOUNTY
Header Hound
PYTHONRECONBUG BOUNTYOPEN SOURCE

Python web header & misconfiguration scanner — checks security headers, cookie flags, CORS misconfiguration, redirect chains, and server disclosure. Built for bug bounty recon workflows.

VIEW DETAILS ↓
AREAS COVERED
Headers
Security Header Analysis
Checks for missing or misconfigured CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.
Cookies
Cookie Flag Validation
Inspects all Set-Cookie headers for missing Secure, HttpOnly, and SameSite flags — common bug bounty P3–P4 findings.
CORS
CORS Misconfiguration Detection
Tests for wildcard origins, credential-bearing CORS policies, and origin reflection bugs that could enable cross-origin data theft.
Disclosure
Server & Redirect Chain Analysis
Flags server banner disclosure, X-Powered-By leakage, and follows redirect chains to detect open redirects or mixed-content issues.
SOURCE CODE
HeaderHound — GitHub Repository
Full source code, usage instructions, and sample targets. Clone and run against your own targets for bug bounty recon.
VIEW SOURCE ↗