Repository files navigation

mcdetect is a tool that detectsmixed content issueswith certainty.

Tools used to catch mixed content issues often relyon parsing the DOM to determine if insecure contentwill be loaded in a specificpage. Consequently they may report false negatives since not all such issuescan be detected statically.

mcdetect can determine with absolute certainty if any mixed contenterrors or warnings actually occur on a page. It does this by visitingthe pages and evaluating their Javascript like a regular browser would do.In other words, itdoes not report false negatives.

It does this by leveragingHeadless Chromethat shipped with Chrome 59 and theDevTools Protocol.

• Node 7.6.0 or later

$ npm install -g mcdetect

Checking a single target page:

$ mcdetect https://example.com https://google.com

Checking multiple targets (if no protocol is specified, it is assumed to be"https://"):

$ mcdetect example.com google.com

Multiple targets can also be given via a config file:

$ cat my_urls.json{"targets": ["googlesamples.github.io/web-fundamentals/fundamentals/security/prevent-mixed-content/xmlhttprequest-example.html","googlesamples.github.io/web-fundamentals/fundamentals/security/prevent-mixed-content/passive-mixed-content.html"  ]}$ mcdetect --config my_urls.json

For more usage examples and options seemcdetect --help.

• Add scraping mode (with max depth)
• More output formats (eg. json, csv, pdf)
• error handling (modes: exit on error, ignore errors, report errors)
• interactive mode
• follow redirects
• read targets from stdin

mcdetect is licensed under MIT. SeeLICENSE.