DJ Checkup is a security scanner for Django sites.
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
DJ Checkup
Overview
DJ Checkup is a security scanner for Django sites. This package provides a command-line interface to run the security checks against your Django site. These are the same checks that are used by the DJ Checkup website at https://djcheckup.com.
Installation
This works best when installed with uv tool or pipx.
# With uv:
uv tool install djcheckup
# Or with pipx:
pipx install djcheckup
You can also run the tool without installing it:
# With uvx:
uvx djcheckup https://yourdjangosite.com
Usage
Run the djcheckup command-line utility with the URL of your Django site.
You'll see a nicely formatted report in your terminal:
╭──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ DJ Checkup Results for https://djcheckup.com │
│ ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ │
│ ┃ Check ┃ Result ┃ Message ┃ │
│ ┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩ │
│ │ Can I connect to your site? │ 🟢 Success │ Connected to your site successfully. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is your Django admin site exposed at the default │ 🟢 Success │ Your Django admin site is not exposed at the │ │
│ │ URL? │ │ default URL. This reduces the risk of automated │ │
│ │ │ │ attacks. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is a CSRF cookie set? │ 🟢 Success │ CSRF cookie detected. Your site is protected │ │
│ │ │ │ against cross-site request forgery attacks. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the CSRF cookie HttpOnly? │ 🟢 Success │ Your CSRF cookie is marked as HttpOnly, which │ │
│ │ │ │ helps prevent some XSS attacks. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the CSRF cookie SameSite=Lax? │ 🟢 Success │ CSRF cookie is marked as SameSite=Lax, which │ │
│ │ │ │ helps prevent CSRF attacks via cross-site │ │
│ │ │ │ requests. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the CSRF cookie Secure? │ 🟢 Success │ CSRF cookie is marked as Secure. It will only be │ │
│ │ │ │ sent over HTTPS. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Does your site return a 404 for non-existent │ 🟢 Success │ Your site correctly returns a 404 error for │ │
│ │ pages? │ │ non-existent pages. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is Django DEBUG mode disabled? │ 🟢 Success │ Django DEBUG mode is disabled. This is essential │ │
│ │ │ │ for production security. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the Strict-Transport-Security (HSTS) header │ 🟢 Success │ Strict-Transport-Security header is set. Your │ │
│ │ set? │ │ site enforces HTTPS for all visitors. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Does your site redirect all HTTP traffic to │ 🟢 Success │ All HTTP traffic is redirected to HTTPS. This is │ │
│ │ HTTPS? │ │ essential for security. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is your site accessible via HTTPS? │ 🟢 Success │ Your site is accessible via HTTPS. All sensitive │ │
│ │ │ │ data is encrypted in transit. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is your login page exposed at a default or │ 🟢 Success │ Login page is not exposed at the default URL. │ │
│ │ guessable URL? │ │ This reduces the risk of automated attacks. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the sessionid cookie set? │ 🔴 Failure │ No sessionid cookie was found. This is normal if │ │
│ │ │ │ your site does not use sessions on this page. If │ │
│ │ │ │ your application relies on sessions for │ │
│ │ │ │ authentication or user data, ensure Django's │ │
│ │ │ │ session middleware is enabled and configured │ │
│ │ │ │ correctly. │ │
│ │ │ │ │ │
│ │ │ │ Reference: │ │
│ │ │ │ │ │
│ │ │ │ • Django Sessions │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the sessionid cookie HttpOnly? │ 🟡 Skipped │ Check skipped due to failed or missing │ │
│ │ │ │ dependency: sessionid_cookie_check │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the sessionid cookie Secure? │ 🟡 Skipped │ Check skipped due to failed or missing │ │
│ │ │ │ dependency: sessionid_cookie_check │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the sessionid cookie SameSite=Lax? │ 🟡 Skipped │ Check skipped due to failed or missing │ │
│ │ │ │ dependency: sessionid_cookie_check │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the X-Frame-Options header set? │ 🟢 Success │ X-Frame-Options header is set. Your site is │ │
│ │ │ │ protected against clickjacking attacks. │ │
│ └──────────────────────────────────────────────────┴────────────┴──────────────────────────────────────────────────┘ │
╰──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
djcheckup-0.4.4.tar.gz
(11.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
djcheckup-0.4.4-py3-none-any.whl
(13.4 kB
view details)
File details
Details for the file djcheckup-0.4.4.tar.gz.
File metadata
- Download URL: djcheckup-0.4.4.tar.gz
- Upload date:
- Size: 11.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.9.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b714cf0040c0196d0ce15ce00025cbb03caa78dd22fd89ee3e9bfbb83ed5106c
|
|
| MD5 |
026c7d5683422036f9b4160c263bebf2
|
|
| BLAKE2b-256 |
778524a202c64e042a74e85c0a1fa99043323cc2224903ea44b1e42b40274852
|
File details
Details for the file djcheckup-0.4.4-py3-none-any.whl.
File metadata
- Download URL: djcheckup-0.4.4-py3-none-any.whl
- Upload date:
- Size: 13.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.9.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c0d761be626f1397e74a0c6399ea2fee1204fe44c024d56eb7ec865c4fc339a3
|
|
| MD5 |
936f1f5799db103b498b53e7b083e6a3
|
|
| BLAKE2b-256 |
bb67f613e7183939ab724959533a8f3e9675bfa18d70a105d34c16fb00d6f256
|
