Csp-toolkit – Python library to parse, analyze, and find bypasses in CSP headers
4 days ago
- #Python Library
- #Content Security Policy
- #Security Analysis
- No existing Python library for parsing Content Security Policy headers, prompting the development of csp-toolkit for analysis in recon scripts and automation.
- Csp-toolkit parses CSP headers, performs 21 weakness checks, scores policies A+ to F, and includes a bypass finder against a database of 79 exploitable domains.
- The bypass finder identifies vulnerabilities like JSONP endpoints and CDN script gadgets, providing ready-to-test payloads for domains such as Google and Facebook.
- Analysis of top websites shows mixed CSP effectiveness, with GitHub scoring highest and Facebook having the most bypass vectors.
- Supports recon workflows including batch scanning, subdomain variance checks, policy diffs, monitoring, violation report analysis, and nonce reuse detection.