You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think there should be options to have PSHTT scan either a single target port, a port pool (allow people to say scan 4200, 8000, 8080, 8443, 9000, and 9443 in addition to 80 & 443), a port range (10:10,000), or all ports. This can be read through flags or potentially a file as well.
Motivation and context
Federal powers are now mandating that HSTS be enforced on all HTTP-serving ports (see here). The scope of PSHTT, in my opinion, should be expanded to cover these use cases.
Implementation notes
Since just the option to scan all ports would be very cumbersome and increase the runtime of PSHTT significantly, there should be multiple options added to be able to configure the PSHTT run for various use cases. For example, I might want to run a daily scan for HSTS on 80 & 443, but I might want to run a weekly scan for some standard ports (8080, 8443, etc...), and maybe a monthly scan for all ports up to port 10,000.
Acceptance criteria
Features are accepted that add one or more of the following features that are deemed in scope for the PSHTT project:
Target Port Scanning
Port Pool Scanning
Port Range Scanning
All Port Scanning (Might be able to be dropped from the acceptance criteria as people can just use a port range of 1:65,536)
The text was updated successfully, but these errors were encountered:
💡 Summary
I think there should be options to have PSHTT scan either a single target port, a port pool (allow people to say scan 4200, 8000, 8080, 8443, 9000, and 9443 in addition to 80 & 443), a port range (10:10,000), or all ports. This can be read through flags or potentially a file as well.
Motivation and context
Federal powers are now mandating that HSTS be enforced on all HTTP-serving ports (see here). The scope of PSHTT, in my opinion, should be expanded to cover these use cases.
Implementation notes
Since just the option to scan all ports would be very cumbersome and increase the runtime of PSHTT significantly, there should be multiple options added to be able to configure the PSHTT run for various use cases. For example, I might want to run a daily scan for HSTS on 80 & 443, but I might want to run a weekly scan for some standard ports (8080, 8443, etc...), and maybe a monthly scan for all ports up to port 10,000.
Acceptance criteria
Features are accepted that add one or more of the following features that are deemed in scope for the PSHTT project:
The text was updated successfully, but these errors were encountered: