How do I install Gixy for Nginx configuration static analyzer on GNU/Linux operating system to to prevent security misconfiguration and automate flaw detection?

From the project page:

Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection. Currently supported Python versions are 2.7 and 3.5+. Right now Gixy can find:

  1. [ssrf] Server Side Request Forgery
  2. [http_splitting] HTTP Splitting
  3. [origins] Problems with referrer/origin validation
  4. [add_header_redefinition] Redefining of response headers by “add_header” directive
  5. [host_spoofing] Request’s Host header forgery
  6. [valid_referers] none in valid_referers
  7. [add_header_multiline] Multiline response headers


Type the following command:
$ pip install gixy
Sample outputs:

Fig.01: pip install gixy

Fig.01: pip install gixy

How do I use Gixy?

The syntax is:
$ gixy /etc/nginx/nginx.conf
$ gixy [options] /etc/nginx/nginx.conf

Here is the output from my own site:

Fig.02: gixy in action

Fig.02: gixy in action


To see gixy option type:
$ gixy -h
Sample outputs:

positional arguments:
  nginx.conf            Path to nginx.conf, e.g. /etc/nginx/nginx.conf

optional arguments:
  -h, --help            show this help message and exit
                        config file path
  --write-config CONFIG_OUTPUT_PATH
                        takes the current command line args and writes them
                        out to a config file at the given path, then exits
  -v, --version         show program's version number and exit
  -l, --level           Report issues of a given severity level or higher (-l
                        for LOW, -ll for MEDIUM, -lll for HIGH)
  -f {text,json,console}, --format {text,json,console}
                        Specify output format
                        Write report to file
  -d, --debug           Turn on debug mode
  --tests TESTS         Comma-separated list of tests to run
  --skips SKIPS         Comma-separated list of tests to skip
  --disable-includes    Disable "include" directive processing

plugins options:
  --origins-domains domains
                        Default: *
  --origins-https-only https_only
                        Default: False
  --add-header-redefinition-headers headers
                        Default: x-frame-options,x-xss-protection,content-

available plugins:

For more info see

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one

CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum