page-snitch v1.0.2

Page Snitch

Tool to check a secure webpage or optionally crawl a secure site looking for any content not being served using HTTPS. It will also check forms are being submitted using HTTPS and Iframes loaded using HTTPS (it will not check the iframe source for mixed content).

Requirements

• NodeJS 8+
• NPM 5.5+

Installation

npm install

Usage

Single Page Test

npm run snitch -- --url=https://www.example.com/page/to/test

Entire site

By default the snitch will only check the page at the URL given. To spider a site and check all pages use the following command:

npm run snitch -- --url=https://www.example.com --crawl

Log all Requests

By default, only insecure resource requests are logged to the console. To log all requests, use the following command.

npm run snitch -- --url=https://www.example.com --logAllRequests

Parameters

• --url=https://www.example.com the url of the page to check
• --crawl (optional, defaults to false) tells the checker to crawl the site from the url given
• --logAllRequests (optional, defaults to false) outputs all requests to the console. By default only mixed content requests are logged
• --ignoreForms (optional, defaults to false) prevents checking of form action attributes
• --ignoreIframes (optional, defaults to false) prevent checking of iframe source attributes

Limitations

Can only test pages accessible via a URL. Pages accessed through POST requests won't be tested.