Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection. Currently supported Python versions are 2.7, 3.5, 3.6 and 3.7. Gixy is well tested only on GNU/Linux, other OSs may have some issues. You can find things that Gixy is learning to detect at Issues labeled with "new plugin". By default Gixy will try to analyze Nginx configuration placed in /etc/nginx/nginx.conf. Or something else, you can find all other gixy arguments with the help command: gixy --help. Gixy is available as a Docker image from the Docker hub. To use it, mount the configuration that you want to analyse as a volume and provide the path to the configuration file when running the Gixy image. If you have an image that already contains your nginx configuration, you can share the configuration with the Gixy container as a volume.

Features

  • Find Server Side Request Forgery
  • Find problems with referrer/origin validation
  • Redefining of response headers by "add_header" directive
  • Find request's Host header forgery
  • Find multiline response headers
  • Find path traversal via misconfigured alias

Project Samples

GIXY Screenshot 1 GIXY Screenshot 2

Project Activity

See All Activity >

Categories

Source Code Analysis

License

Mozilla Public License 2.0 (MPL 2.0)

Follow GIXY

GIXY Web Site

You Might Also Like
Data, Signature and Document Collection Software Icon
Data, Signature and Document Collection Software

Gather all the documents, signatures, and data you require up to 80% faster

With FileInvite's legally-binding eSignature technology, you can easily request single or multiple-party signatures on contracts, agreements, and applications.
Learn More
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of GIXY!

Additional Project Details

Operating Systems

Linux

Programming Language

Python

Related Categories

Python Source Code Analysis Tool

Registered

2021-08-13
Report inappropriate content