GIXY

Overview

Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.

Currently supported Python versions are 2.7 and 3.5+.

Disclaimer: Gixy is well tested only on GNU/Linux, other OSs may have some issues.

What it can do

Right now Gixy can find:

• [ssrf] Server Side Request Forgery
• [http_splitting] HTTP Splitting
• [origins] Problems with referrer/origin validation
• [add_header_redefinition] Redefining of response headers by "add_header" directive
• [host_spoofing] Request’s Host header forgery
• [valid_referers] none in valid_referers
• [add_header_multiline] Multiline response headers

You can find things that Gixy is learning to detect at Issues labeled with "new plugin"

Installation

Gixy is distributed on PyPI . The best way to install it is with pip:

pip install gixy

Run Gixy and check results:

gixy

Usage

By default Gixy will try to analyze Nginx configuration placed in /etc/nginx/nginx.conf .

But you can always specify needed path:

$ gixy /etc/nginx/nginx.conf  ==================== Results ===================  Problem: [http_splitting] Possible HTTP-Splitting vulnerability. Description: Using variables that can contain "/n" may lead to http injection. Additional info: https://github.com/yandex/gixy/blob/master/docs/ru/plugins/httpsplitting.md Reason: At least variable "$action" can contain "/n" Pseudo config: include /etc/nginx/sites/default.conf;   server {    location ~ /v1/((?<action>[^.]*)/.json)?$ {    add_header X-Action $action;   }  }   ==================== Summary =================== Total issues:     Unspecified: 0     Low: 0     Medium: 0     High: 1

Or skip some tests:

$ gixy --skips http_splitting /etc/nginx/nginx.conf  ==================== Results =================== No issues found.  ==================== Summary =================== Total issues:     Unspecified: 0     Low: 0     Medium: 0     High: 0

Or something else, you can find all other gixy arguments with the help command: gixy --help

Contributing

Contributions to Gixy are always welcome! You can help us in different ways:

• Open an issue with suggestions for improvements and errors you’re facing;
• Fork this repository and submit a pull request;
• Improve the documentation.

Code guidelines:

• Python code style should follow pep8 standards whenever possible;
• Pull requests with new plugins must have unit tests for it.