Merge pull request #102 from stanislav-web/release/v5.15.2

Release v5.15.2

Author: stanislav-web

CHANGELOG.md

@@ -1,6 +1,17 @@
 CHANGELOG
 =======
 
+v5.15.2 (04.05.2026)
+---------------------------
+- (enhancement) added compact pre-scan fingerprint summary with detected web stack and security posture
+- (enhancement) added offline HSTS and preload-readiness detection to the existing `--fingerprint` pass without adding a new CLI flag
+- (enhancement) stores security-header posture as `fingerprint.security_headers.hsts` with grade, max-age, includeSubDomains, preload, redirect and warning metadata
+- (enhancement) preserves HSTS metadata in standard, text, CSV, HTML, SQLite, JSON and SARIF reports
+- (docs) documented compact pre-scan fingerprint summary and HSTS / preload readiness output
+- (tests) added regression coverage for compact fingerprint summary rendering
+- (tests) added regression coverage for preload-ready, weak and HTTP-only HSTS handling plus report propagation
+- (tests) coverage gate remains configured at `99%`
+
 v5.15.1 (03.05.2026)
 ---------------------------
 - (fix) removed literal `opendoor` markers from active fingerprint 404-baseline, HTTP calibration and DNS wildcard calibration probe paths

README.md

@@ -61,7 +61,7 @@ It helps security researchers, penetration testers, bug bounty hunters, DevSecOp
 - custom request headers, cookies, and raw HTTP request templates;
 - response filters by status, size, text, regex, and body length;
 - smart auto-calibration for soft-404, wildcard, catch-all, semantic response-diff, and DNS wildcard cases;
-- technology fingerprint detection for CMS, ecommerce platforms, frameworks, and runtime stacks;
+- technology fingerprint detection for CMS, ecommerce platforms, frameworks, runtime stacks, infrastructure, and HSTS posture;
 - passive WAF detection and WAF-safe scan mode;
 - controlled header and path bypass probes for blocked `401` and `403` resources;
 - resumable scan sessions with checkpoint autosave;
@@ -95,7 +95,7 @@ OpenDoor focuses on **context-aware discovery** instead of blind enumeration.
 
 ## 🧬 Recognized technologies
 
-OpenDoor includes a heuristic fingerprint engine for detecting probable application stacks, CMS platforms, frameworks, site builders, static-site tooling, infrastructure providers, and WAF / anti-bot systems.
+OpenDoor includes a heuristic fingerprint engine for detecting probable application stacks, CMS platforms, frameworks, site builders, static-site tooling, infrastructure providers, HSTS / preload readiness, and WAF / anti-bot systems.
 
 | Category | Examples |
 |---|---|
@@ -107,6 +107,7 @@ OpenDoor includes a heuristic fingerprint engine for detecting probable applicat
 | Static / docs generators | MkDocs, Docusaurus, Hugo, Jekyll, VitePress |
 | Infrastructure / hosting | Cloudflare, AWS, Vercel, Netlify, GitHub Pages, GitLab Pages, Heroku, Azure, Google Cloud, Fastly, Akamai, Hostinger, DDoS-Guard, Tencent Cloud |
 | WAF / anti-bot | Cloudflare, AWS WAF, Azure Front Door, Akamai, Imperva, Sucuri, ModSecurity, DataDome, Kasada, F5 BIG-IP ASM |
+| Security headers | HSTS presence, max-age, includeSubDomains, preload directive, local preload readiness |
 
 Full list of supported technologies:
 [Fingerprinting technologies](https://opendoor.readthedocs.io/detection/fingerprinting)
@@ -117,6 +118,14 @@ Run fingerprint detection:
 opendoor --host https://example.com --fingerprint
 ```
 
+After the fingerprint pass finishes, OpenDoor prints a compact pre-scan summary before dictionary enumeration starts:
+
+```text
+Fingerprint result: cms/WordPress (95%)
+Web stack: WordPress | PHP | Cloudflare
+Security posture: HSTS preload-ready
+```
+
 Read more:
 
 - [Fingerprinting guide](https://opendoor.readthedocs.io/detection/fingerprinting/)

VERSION

@@ -1 +1 @@
-5.15.1
+5.15.2

data/directories.dat

@@ -27038,6 +27038,7 @@ cache_icons.php
 cache_index.php
 cache_ipbanned.php
 cache_magics.php
+cache_manager
 cache_medals.php
 cache_null.php
 cache_page
@@ -31453,6 +31454,7 @@ cnf
 cngemail.html
 cngenick.html
 cni-conf.json
+cnjadmin
 cnn
 cnn.php
 cno
@@ -100675,6 +100677,7 @@ test/tmp
 test/version_tmp
 test_
 test_.php
+test_ability
 test_adodb_lite.php
 test_area
 test_banner
@@ -114513,6 +114516,7 @@ zzb
 zzz
 zzz.html
 zzz.php
+zzz_test_ability
 zzzzz.php
 zzzzzz
 ~

docs/Usage.md

@@ -450,10 +450,37 @@ Fingerprinting is useful for:
 - identifying static hosting or CDN providers;
 - adjusting filters and scan strategy.
 
+After fingerprinting finishes, OpenDoor prints a short pre-scan summary and then continues with the requested scan:
+
+```text
+Fingerprint result: cms/WordPress (95%)
+Web stack: WordPress | PHP | Cloudflare
+Security posture: HSTS preload-ready
+```
+
+Detailed fingerprint metadata remains available in reports and in the final standard summary.
+
 
 OpenDoor 5.14.5 expands the passive fingerprint catalog with selected regional CMS, site-builder and strong HTTP-visible infrastructure signatures, including InstantCMS, Duda, Hostinger Website Builder, CMS.S3 / Megagroup, Webasyst / Shop-Script, Discuz!, NetCat, Hostinger, DDoS-Guard and Tencent Cloud.
 
 
+OpenDoor 5.15.2 also adds offline HSTS / preload-readiness detection to the same `--fingerprint` pass. It checks only the target host response and does not call external preload-status services. Report metadata is stored as `fingerprint.security_headers.hsts`.
+
+Example output in machine-readable reports:
+
+```json
+{
+  "grade": "preload-ready",
+  "max_age": 31536000,
+  "include_subdomains": true,
+  "preload": true,
+  "preload_ready": true,
+  "http_to_https_redirect": true,
+  "warnings": []
+}
+```
+
+
 ---
 
 ## 🛡️ WAF detection and safe mode

docs/detection/fingerprinting.md

@@ -45,6 +45,22 @@ opendoor \
 
 ---
 
+## Compact pre-scan summary
+
+When fingerprinting is enabled, OpenDoor prints a compact summary immediately after the fingerprint pass and before dictionary enumeration starts. This gives operators an early target profile without waiting for report generation.
+
+Example:
+
+```text
+Fingerprint result: cms/WordPress (95%)
+Web stack: WordPress | PHP | Cloudflare
+Security posture: HSTS preload-ready
+```
+
+The compact summary intentionally stays short. Full evidence, candidates, HSTS fields and report-specific metadata remain in JSON, HTML, CSV, SQLite, TXT, STD and SARIF outputs.
+
+---
+
 ## Fingerprinting with reports
 
 ```shell
@@ -277,6 +293,51 @@ The heuristic fingerprint engine currently recognizes the following platform fam
 
 ---
 
+## Security headers posture
+
+When `--fingerprint` is enabled, OpenDoor also performs an offline HSTS posture check against the observed target root response. It does not query external preload services. The check uses only headers returned by the target host.
+
+The HSTS result is stored under `fingerprint.security_headers.hsts` in machine-readable reports.
+
+Example JSON fragment:
+
+```json
+{
+  "fingerprint": {
+    "security_headers": {
+      "hsts": {
+        "present": true,
+        "header": "max-age=31536000; includeSubDomains; preload",
+        "max_age": 31536000,
+        "include_subdomains": true,
+        "preload": true,
+        "preload_ready": true,
+        "http_to_https_redirect": true,
+        "grade": "preload-ready",
+        "warnings": []
+      }
+    }
+  }
+}
+```
+
+OpenDoor grades HSTS as:
+
+| Grade | Meaning |
+|---|---|
+| `missing` | No effective HSTS was observed on the final HTTPS response, or the final response was plain HTTP. |
+| `invalid` | HSTS exists, but `max-age` is missing or invalid. |
+| `disabled` | HSTS is explicitly disabled with `max-age=0`. |
+| `weak` | HSTS exists, but `max-age` is below 180 days. |
+| `moderate` | HSTS is usable, but below the common preload minimum of one year. |
+| `good` | HSTS has at least one year `max-age`, but lacks `includeSubDomains`. |
+| `strong` | HSTS has at least one year `max-age` and `includeSubDomains`. |
+| `preload-ready` | Local preload-readiness checks passed: HTTPS final response, `max-age >= 31536000`, `includeSubDomains`, and `preload`. |
+
+Warnings are intentionally explicit, for example `missing_hsts`, `max_age_too_low`, `missing_include_subdomains`, `preload_not_ready`, or `not_https`.
+
+---
+
 ## Recommended workflow
 
 ```shell

docs/img/logo.png

@@ -8,7 +8,7 @@ OpenDoor supports single-target and batch scanning, custom wordlists, response f
 
 > Use OpenDoor only on systems you own or have explicit permission to test.
 
-![OpenDoor](img/open-door.png)
+![OpenDoor](img/logo.png)
 
 ---
 

docs/img/open-door.png

@@ -260,6 +260,100 @@ def __fingerprint_progress(self, current, total, label):
         if int(current or 0) >= int(total or 1):
             output.writeln('')
 
+    @staticmethod
+    def __normalize_fingerprint_summary_value(value, default='unknown'):
+        """
+        Normalize optional fingerprint metadata for compact console output.
+
+        :param mixed value: raw fingerprint value
+        :param str default: fallback value
+        :return: str
+        """
+
+        normalized = str(value or '').strip()
+        if not normalized:
+            return default
+        return normalized
+
+    @classmethod
+    def __build_fingerprint_stack_summary(cls, fingerprint):
+        """
+        Build a short application/runtime/infrastructure summary.
+
+        :param dict fingerprint: fingerprint result
+        :return: str
+        """
+
+        if not isinstance(fingerprint, dict):
+            return 'unknown'
+
+        app_name = cls.__normalize_fingerprint_summary_value(fingerprint.get('name'))
+        runtime = cls.__normalize_fingerprint_summary_value(
+            fingerprint.get('runtime', {}).get('name') if isinstance(fingerprint.get('runtime'), dict) else None
+        )
+        infrastructure = cls.__normalize_fingerprint_summary_value(
+            fingerprint.get('infrastructure', {}).get('provider')
+            if isinstance(fingerprint.get('infrastructure'), dict) else None
+        )
+
+        values = []
+        for value in (app_name, runtime, infrastructure):
+            if value not in values:
+                values.append(value)
+
+        return ' | '.join(values) if values else 'unknown'
+
+    @classmethod
+    def __build_fingerprint_security_summary(cls, fingerprint):
+        """
+        Build a short security posture summary from fingerprint metadata.
+
+        :param dict fingerprint: fingerprint result
+        :return: str
+        """
+
+        if not isinstance(fingerprint, dict):
+            return 'unknown'
+
+        security_headers = fingerprint.get('security_headers')
+        if not isinstance(security_headers, dict):
+            return 'unknown'
+
+        hsts = security_headers.get('hsts')
+        if not isinstance(hsts, dict):
+            return 'unknown'
+
+        grade = cls.__normalize_fingerprint_summary_value(hsts.get('grade'))
+        if grade == 'preload-ready':
+            return 'HSTS preload-ready'
+        return 'HSTS {0}'.format(grade)
+
+    @classmethod
+    def __render_fingerprint_summary_lines(cls, fingerprint):
+        """
+        Build compact post-fingerprint lines for early scan visibility.
+
+        :param dict fingerprint: fingerprint result
+        :return: list[str]
+        """
+
+        return [
+            'Web stack: {0}'.format(cls.__build_fingerprint_stack_summary(fingerprint)),
+            'Security posture: {0}'.format(cls.__build_fingerprint_security_summary(fingerprint)),
+        ]
+
+    @classmethod
+    def __print_fingerprint_summary(cls, fingerprint):
+        """
+        Print compact fingerprint summary lines before dictionary enumeration starts.
+
+        :param dict fingerprint: fingerprint result
+        :return: None
+        """
+
+        for line in cls.__render_fingerprint_summary_lines(fingerprint):
+            tpl.info(msg=line)
+
     def fingerprint(self):
         """
         Run heuristic technology fingerprinting before the main scan.
@@ -296,6 +390,8 @@ def fingerprint(self):
                 )
             )
 
+            self.__print_fingerprint_summary(result)
+
             if result.get('signals'):
                 evidence = ', '.join([signal.get('value', '') for signal in result.get('signals', [])[:4]])
                 tpl.info(msg='Fingerprint evidence: {0}'.format(evidence))