htrace.sh is a command-line tool for diagnosing and inspecting websites, specifically how they respond over HTTP and HTTPS. You give it a URL and it tells you what the server is doing: what headers it sends back, whether it redirects you, what SSL certificate details it has, and what the response body looks like. It is aimed at developers and system administrators who want a fast, all-in-one way to check a website without opening a browser or writing custom scripts. Beyond basic inspection, the tool ties into several well-known external security scanners. You can run SSL protocol and cipher tests, check Mozilla's security header grader, scan for mixed content issues, probe with network scanning scripts, detect web application firewalls, enumerate subdomains, and test HTTP/2 support. Each of these is available as a separate flag, or you can run all scans at once with a single option. Installation is done by cloning the repository and running a setup script. The tool also comes with a Docker image if you prefer not to install dependencies on your local machine. It runs on Debian, Ubuntu, and macOS, though the README recommends using the Docker image for the cleanest experience since the external tools have their own dependencies. The license is GPLv3, meaning it is free to use and modify. The project has a wiki for more detailed documentation, and the tool itself includes a built-in examples flag that shows common usage patterns right in the terminal.
← trimstray on gitmyhub — every repo by this author, as a profile.
Verify against the repo before relying on details.