InsecRes – A Tool to Find Insecure Resources on HTTPS Sites

After switching your site to HTTPS, you probably want to test if resources such as images, slides, embedded videos and others, are correctly pointed to HTTPS protocol or displaying warnings about the insecure content on the pages. After some research I found a useful tool for this purpose, called insecuRes.

InsecuRes is a small, free and open source command line based tool for finding insecure resources on HTTPS sites, written in Go programming language. It utilizes the power of “multi-threading” (goroutines) to crawl and parse site pages.

Read Also: How to Redirect HTTP to HTTPS on Apache

It crawls all your website pages in parallel, scans and catches: IMG, IFRAME, OBJECT, AUDIO, VIDEO, SOURCE and TRACK resources with full HTTP (insecure) urls. To prevent blacklisting by web server, it employs a random delay between requests. Additionally, you can redirect its output to a CSV file for later analysis.


  1. Install Go Programming Language in Linux

Install InsecuRes in Linux Systems

Once Go Programming Language installed on the system, run the command below on the terminal to get insecres.

$ go get

Once you have downloaded and installed insecres, run the command below to scan your site for insecure resources. If it shows no output, that probably means there are no insecure resources on your site.

$ $GOPATH/bin/insecres

To save the output in a CSV file for later examination, use the -f flag.

$ $GOPATH/bin/insecres -f="/path/to/scan_report.csv"

Display usage guide.

$ $GOPATH/bin/insecres -h

Some of the features to be added include displayiny result counters and comparing performance of simple regex parsing and tokenized parsing.

InsecRes Github repository:

In this article, we showed you how to find insecure resources on HTTPS sites, using a simple command line tool called insecres. You can ask questions or share your thoughts via the comment section below. If you know of any similar tools out there, do share information about them as well.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

4 Responses

  1. Thanks Aaron for the article. I’m glad you found insecRes useful.

  2. TheOuterLinux says:

    One slight concern: If this utilizes Go, then does that mean it depends on Google to decide whether or not a site is secure? The Go language has its own flaws, including being caught preventing firewall alerts.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.