0-Policy is a terminal-based tool for analyzing Content-Security-Policy (CSP) headers.
It helps identify weak or misconfigured CSP directives, dangerous sources, and known bypass patterns.
- 🚀 Scan single or multiple URLs
- 🧩 Parse and highlight insecure CSP directives
- 🔓 Detect bypass patterns using custom JSON database
- 📄 Export results as JSON or TXT reports
- 🌐 Multilingual support (English 🇬🇧 & Turkish 🇹🇷)
- ⚙️ Custom timeout, user-agent and output directory settings
git clone https://github.com/tambirmutee/0-policy.git
cd 0-policy
pip install .Or if you want to install requirements manually:
pip install -r requirements.txtpython run.py0-policyThen follow the interactive menu to:
- Scan a single URL
- Scan a file of URLs
- Generate reports
- Change configuration
0-policy/
├── data/ # CSP bypass patterns and config file
│ ├── bypass_patterns.json
│ └── config.json
├── zeropolicy/ # Main Python package
│ ├── main.py
│ ├── fetcher.py
│ ├── analyzer.py
│ ├── bypass_checker.py
│ ├── parser.py
│ ├── config.py
│ └── langs/
│ ├── tr.py
│ └── en.py
├── run.py
├── setup.py
├── requirements.txt
└── LICENSE
This project is licensed under the MIT License.
PRs welcome! Open an issue or fork the project and improve it.