Content Security Policy vulnerability scanner and analyzer for Caido. Automatically detects CSP headers in HTTP responses, analyzes them against 20+ security checks, and reports findings with remediation guidance.
- Real-time CSP header detection via response interception
- 20+ vulnerability checks across 7 categories (Critical, Modern Threats, Missing Features, Policy Weaknesses, Style Issues, Legacy Issues, Advanced)
- Built-in CSP bypass database with 205 payloads from security research
- Configurable check presets (Aggressive, Recommended, Light)
- Export findings as JSON or CSV
- Scope-aware analysis (respects Caido project scope)
- Auto-creation of Caido findings for detected vulnerabilities
- Open Caido
- Navigate to Plugins
- Search for "CSP Auditor"
- Click Install
-
Install dependencies:
pnpm install
-
Build the plugin:
pnpm build
-
Install in Caido:
- Upload the
plugin_package.zipfile by clicking "Install Package" in Caido's plugins tab.
- Upload the
- Browse to web applications that serve CSP headers
- The plugin automatically intercepts responses and analyzes CSP policies
- View results in the Dashboard tab with sortable columns
- Expand rows to see individual findings with severity badges and remediation
- Use the Database tab to search 205 bypass payloads
- Configure which checks are active in the Configuration tab
Contributions are welcome! Please feel free to submit issues and enhancement requests.
Originally created by GangGreenTemperTatum.