Website Security Test

  • GDPR & PCI DSS Test
  • Website CMS Security Test
  • CSP & HTTP Headers Check
  • WordPress & Drupal Scanning
Free online tool to test website security
148,550,897websites tested for security

Website Security Test for CI/CD

Website Security Test can be seamlessly integrated into your CI/CD pipeline to automatically test new or updated web applications prior to their deployment to production. You can use a Docker image or a Python script as described below.

Installing Python Script

Create virtual environment and install dependencies. Python >= 3.7 required.

git clone "https://github.com/immuniweb/iwtools.git" && cd iwtools/iwtools

python3 -m venv env

source ./env/bin/activate

pip install -r requirements.txt

Using Python Script or Docker Container

Check your website for GDPR and PCI DSS compliance, test CMS and CSP security, verify web server hardening and privacy:

Start a new test or get the results from cache:
./iwtools.py websec https://example.com
Force to use a specific IP address of the test's target:
./iwtools.py websec --ip 8.8.8.8 https://example.com
Get raw API response in JSON format:
./iwtools.py websec --format raw_json https://example.com

You can specify option -p, --pipeline to compare a test result you get with pre-determined values in the configuration file in the iwtools/config directory. The result of the comparison can be viewed in the Exit Code of the script.

Force to refresh a test using the Docker container with an API key
docker run immuniweb/iwtools websec --api-key ABCDE-12345-FGHIJ-67890 --recheck -p https://example.com
Force to refresh a test using the Python script with an API key
./iwtools.py websec --api-key ABCDE-12345-FGHIJ-67890 --recheck -p https://example.com

By default, iwtools uses the configuration file iwtools/config/websec.yaml. You can change the values in the default file, or use your own one. The path to the custom configuration file is specified with -cfg option.

How to specify the custom configuration file's path
./iwtools.py websec --api-key ABCDE-12345-FGHIJ-67890 -r -p -cfg config/websec-new.yaml https://example.com

If you're using Docker, in order to use a custom configuration file, you need to mount volume, which will contain the new file. If the name of the configuration file is different from the default config/websec.yaml one, then you need to specify the new name via the -cfg config/{new-file-name} parameter.

How to specify the custom configuration file's path for Docker
docker run --volume /{path-to-config}/:/app/config/ immuniweb/iwtools websec --api-key ABCDE-12345-FGHIJ-67890 -r -p -cfg config/websec-new.yaml https://example.com

In the console log, you will be able to see which of your desired checks have passed or failed.

Currently only yaml and json formats are supported. List of parameters that can be configured.

One of these Exit Codes can be returned:

  • 0 - all checks have passed successfully.
  • 1 - an error occured.
  • 2 - an error occured in the input data.
  • 3 - at least one of the checks has failed.

Check other command line options here.