OpenHealth is an open-source Laravel API designed to scan websites for security vulnerabilities and provide a detailed report on their security health. By submitting a URL, users can receive a comprehensive analysis of potential risks, including checks for HTTPS, TLS versions, security headers, DNS configurations, and more. This tool helps developers, security professionals, and teams ensure their websites are safe, secure, and compliant with modern security standards.
Demo: Play around
- Website Security Scanning: Submit a URL to scan for vulnerabilities and receive a detailed security health report.
- Comprehensive Checks: Evaluates multiple aspects of website security, including:
- HTTPS and TLS version validation
- Security headers (HSTS, CSP, X-Frame-Options, etc.)
- DNS configurations (SPF, DKIM, DMARC, DNSSEC, etc.)
- Cookie security (Secure, HttpOnly, SameSite attributes)
- Server and resource configurations
- API-Driven: Easily integrate with other applications via a RESTful API.
- Detailed Reports: Returns a security score (0-100) and specific recommendations for improving website security.
- Built with Laravel: Leverages Laravel's robust framework for scalability and ease of maintenance.
- Open-Source: Fully open-source, allowing contributions and custom extensions.
To get started with OpenHealth, follow these steps:
-
Clone the Repository:
git clone [email protected]:myissue-studio/open-health.git cd open-health
-
Install Dependencies:
composer install
-
Configure Environment:
- Copy the
.env.examplefile to.envand update it with your database and other configuration details.
cp .env.example .env
- Copy the
-
Generate Application Key:
php artisan key:generate
-
Run Migrations:
php artisan migrate
-
Start the Server:
php artisan serve
The API will be available at http://localhost:8000 (or the port specified by Laravel).
OpenHealth provides a RESTful API for interacting with the security scanning functionality. Below are the available endpoints:
http://localhost:8000/api/v1
| Method | Endpoint | Description |
|---|---|---|
GET |
/security-test-basics |
List all security test records |
GET |
/security-test-basics/{id} |
Retrieve a single security test record |
POST |
/security-test-basics |
Create a new security test record |
PUT |
/security-test-basics/{id} |
Update a security test record |
PATCH |
/security-test-basics/{id} |
Partially update a security test record |
DELETE |
/security-test-basics/{id} |
Delete a security test record |
- Content-Type: Set to
application/jsonfor all requests. - Request Body: For
POST,PUT, andPATCHrequests, include a JSON body with the required fields (e.g., URL to scan). - Authentication: Currently, no middleware is applied. Authentication can be added as needed.
To scan a website, send a POST request to /api/v1/security-test-basics:
curl -X POST http://localhost:8000/api/v1/security-test-basics \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com"}'Thank you for considering contributing to OpenHealth! To contribute:
- Fork the repository.
- Create a feature branch (
git checkout -b feature/YourFeature). - Commit your changes (
git commit -m 'Add YourFeature'). - Push to the branch (
git push origin feature/YourFeature). - Open a Pull Request.
Please ensure your code follows the project's coding standards and includes appropriate tests.
If you discover a security vulnerability within OpenHealth, please send an email to the maintainers. We appreciate your help in keeping OpenHealth secure.
OpenHealth is open-sourced software licensed under the MIT License.