This Python script is designed to generate a Content Security Policy (CSP) for a given URL. It scans the URL, identifies all the JavaScript and CSS assets, computes their SHA-256 hashes, and creates a CSP policy. The policy helps in enhancing the security of web applications by specifying which resources are allowed to be loaded and executed.
- Added multithreading in v 1.1 so it runs much faster
- Fixed the malformed nonce creation for nonce policies
- Fetches and scans the provided URL for JavaScript and CSS assets.
- Computes SHA-256 hashes of the identified assets.
- Generates a CSP policy with or without a nonce.
- Displays tables of local and third-party assets along with their hashes.
- Provides warnings and examples on how to use nonces with inline scripts.
- Python 3.x
requestslibrarybeautifulsoup4librarytabulatelibrary
Clone the repo and install requirements:
git clone https://github.com/booyasatoshi/csp_generator csp_generator
python -m venv csp_generator
cd csp_generator
pip install -r requirements.txtRun the script with:
python3 main.py