DJ Checkup is a security scanner for Django sites.
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
DJ Checkup
Overview
DJ Checkup is a security scanner for Django sites. This package provides a command-line interface to run the security checks against your Django site. These are the same checks that are used by the DJ Checkup website at https://djcheckup.com.
Installation
This works best when installed with uv tool or pipx.
# With uv:
uv tool install djcheckup
# Or with pipx:
pipx install djcheckup
You can also run the tool without installing it:
# With uvx:
uvx djcheckup https://yourdjangosite.com
Usage
Run the djcheckup command-line utility with the URL of your Django site.
You'll see a nicely formatted report in your terminal:
╭──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ DJ Checkup Results for https://djcheckup.com │
│ ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ │
│ ┃ Check ┃ Result ┃ Message ┃ │
│ ┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩ │
│ │ Can I connect to your site? │ 🟢 Success │ Connected to your site successfully. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is your Django admin site exposed at the default │ 🟢 Success │ Your Django admin site is not exposed at the │ │
│ │ URL? │ │ default URL. This reduces the risk of automated │ │
│ │ │ │ attacks. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is a CSRF cookie set? │ 🟢 Success │ CSRF cookie detected. Your site is protected │ │
│ │ │ │ against cross-site request forgery attacks. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the CSRF cookie HttpOnly? │ 🟢 Success │ Your CSRF cookie is marked as HttpOnly, which │ │
│ │ │ │ helps prevent some XSS attacks. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the CSRF cookie SameSite=Lax? │ 🟢 Success │ CSRF cookie is marked as SameSite=Lax, which │ │
│ │ │ │ helps prevent CSRF attacks via cross-site │ │
│ │ │ │ requests. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the CSRF cookie Secure? │ 🟢 Success │ CSRF cookie is marked as Secure. It will only be │ │
│ │ │ │ sent over HTTPS. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Does your site return a 404 for non-existent │ 🟢 Success │ Your site correctly returns a 404 error for │ │
│ │ pages? │ │ non-existent pages. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is Django DEBUG mode disabled? │ 🟢 Success │ Django DEBUG mode is disabled. This is essential │ │
│ │ │ │ for production security. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the Strict-Transport-Security (HSTS) header │ 🟢 Success │ Strict-Transport-Security header is set. Your │ │
│ │ set? │ │ site enforces HTTPS for all visitors. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Does your site redirect all HTTP traffic to │ 🟢 Success │ All HTTP traffic is redirected to HTTPS. This is │ │
│ │ HTTPS? │ │ essential for security. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is your site accessible via HTTPS? │ 🟢 Success │ Your site is accessible via HTTPS. All sensitive │ │
│ │ │ │ data is encrypted in transit. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is your login page exposed at a default or │ 🟢 Success │ Login page is not exposed at the default URL. │ │
│ │ guessable URL? │ │ This reduces the risk of automated attacks. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the sessionid cookie set? │ 🔴 Failure │ No sessionid cookie was found. This is normal if │ │
│ │ │ │ your site does not use sessions on this page. If │ │
│ │ │ │ your application relies on sessions for │ │
│ │ │ │ authentication or user data, ensure Django's │ │
│ │ │ │ session middleware is enabled and configured │ │
│ │ │ │ correctly. │ │
│ │ │ │ │ │
│ │ │ │ Reference: │ │
│ │ │ │ │ │
│ │ │ │ • Django Sessions │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the sessionid cookie HttpOnly? │ 🟡 Skipped │ Check skipped due to failed or missing │ │
│ │ │ │ dependency: sessionid_cookie_check │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the sessionid cookie Secure? │ 🟡 Skipped │ Check skipped due to failed or missing │ │
│ │ │ │ dependency: sessionid_cookie_check │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the sessionid cookie SameSite=Lax? │ 🟡 Skipped │ Check skipped due to failed or missing │ │
│ │ │ │ dependency: sessionid_cookie_check │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the X-Frame-Options header set? │ 🟢 Success │ X-Frame-Options header is set. Your site is │ │
│ │ │ │ protected against clickjacking attacks. │ │
│ └──────────────────────────────────────────────────┴────────────┴──────────────────────────────────────────────────┘ │
╰──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
djcheckup-0.5.0.tar.gz
(11.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
djcheckup-0.5.0-py3-none-any.whl
(13.4 kB
view details)
File details
Details for the file djcheckup-0.5.0.tar.gz.
File metadata
- Download URL: djcheckup-0.5.0.tar.gz
- Upload date:
- Size: 11.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.9.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fab6aa7a8c52628e942e309cabef2a0799a9677bbc60e19d8e3361a650cb85d4
|
|
| MD5 |
ac74b388a8cf4a0dc1d40a2772142dd5
|
|
| BLAKE2b-256 |
6bba330795b69889775242458c8453345005d89e74d83be02f446c9d2fe6ab87
|
File details
Details for the file djcheckup-0.5.0-py3-none-any.whl.
File metadata
- Download URL: djcheckup-0.5.0-py3-none-any.whl
- Upload date:
- Size: 13.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.9.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6b30aaa5edd4df11f140b8d055fb0f7fc53d135f9c008b79d195a5eb90531956
|
|
| MD5 |
6d0cf175cabfa5e705a46298a9dbc09b
|
|
| BLAKE2b-256 |
a6a2955adf56bf365b66b68c96ac81561c1da5a9b3eccb67f76922092330eb2a
|
