DJ Checkup is a security scanner for Django sites.
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
DJ Checkup
Overview
DJ Checkup is a security scanner for Django sites. This package provides a command-line interface to run the security checks against your Django site. These are the same checks that are used by the DJ Checkup website at https://djcheckup.com.
Installation
This works best when installed with uv tool or pipx.
# With uv:
uv tool install djcheckup
# Or with pipx:
pipx install djcheckup
You can also run the tool without installing it:
# With uvx:
uvx djcheckup https://yourdjangosite.com
Usage
Run the djcheckup command-line utility with the URL of your Django site.
This will make several outbound requests from your computer to the website you are checking.
After a few seconds, you'll see a nicely formatted report in your terminal:
╭──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ DJ Checkup Results for https://djcheckup.com │
│ ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ │
│ ┃ Check ┃ Result ┃ Message ┃ │
│ ┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩ │
│ │ Can I connect to your site? │ 🟢 Success │ Connected to your site successfully. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is your Django admin site exposed at the default │ 🟢 Success │ Your Django admin site is not exposed at the │ │
│ │ URL? │ │ default URL. This reduces the risk of automated │ │
│ │ │ │ attacks. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is a CSRF cookie set? │ 🟢 Success │ CSRF cookie detected. Your site is protected │ │
│ │ │ │ against cross-site request forgery attacks. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the CSRF cookie HttpOnly? │ 🟢 Success │ Your CSRF cookie is marked as HttpOnly, which │ │
│ │ │ │ helps prevent some XSS attacks. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the CSRF cookie SameSite=Lax? │ 🟢 Success │ CSRF cookie is marked as SameSite=Lax, which │ │
│ │ │ │ helps prevent CSRF attacks via cross-site │ │
│ │ │ │ requests. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the CSRF cookie Secure? │ 🟢 Success │ CSRF cookie is marked as Secure. It will only be │ │
│ │ │ │ sent over HTTPS. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Does your site return a 404 for non-existent │ 🟢 Success │ Your site correctly returns a 404 error for │ │
│ │ pages? │ │ non-existent pages. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is Django DEBUG mode disabled? │ 🟢 Success │ Django DEBUG mode is disabled. This is essential │ │
│ │ │ │ for production security. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the Strict-Transport-Security (HSTS) header │ 🟢 Success │ Strict-Transport-Security header is set. Your │ │
│ │ set? │ │ site enforces HTTPS for all visitors. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Does your site redirect all HTTP traffic to │ 🟢 Success │ All HTTP traffic is redirected to HTTPS. This is │ │
│ │ HTTPS? │ │ essential for security. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is your site accessible via HTTPS? │ 🟢 Success │ Your site is accessible via HTTPS. All sensitive │ │
│ │ │ │ data is encrypted in transit. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is your login page exposed at a default or │ 🟢 Success │ Login page is not exposed at the default URL. │ │
│ │ guessable URL? │ │ This reduces the risk of automated attacks. │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the sessionid cookie set? │ 🔴 Failure │ No sessionid cookie was found. This is normal if │ │
│ │ │ │ your site does not use sessions on this page. If │ │
│ │ │ │ your application relies on sessions for │ │
│ │ │ │ authentication or user data, ensure Django's │ │
│ │ │ │ session middleware is enabled and configured │ │
│ │ │ │ correctly. │ │
│ │ │ │ │ │
│ │ │ │ Reference: │ │
│ │ │ │ │ │
│ │ │ │ • Django Sessions │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the sessionid cookie HttpOnly? │ 🟡 Skipped │ Check skipped due to failed or missing │ │
│ │ │ │ dependency: sessionid_cookie_check │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the sessionid cookie Secure? │ 🟡 Skipped │ Check skipped due to failed or missing │ │
│ │ │ │ dependency: sessionid_cookie_check │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the sessionid cookie SameSite=Lax? │ 🟡 Skipped │ Check skipped due to failed or missing │ │
│ │ │ │ dependency: sessionid_cookie_check │ │
│ ├──────────────────────────────────────────────────┼────────────┼──────────────────────────────────────────────────┤ │
│ │ Is the X-Frame-Options header set? │ 🟢 Success │ X-Frame-Options header is set. Your site is │ │
│ │ │ │ protected against clickjacking attacks. │ │
│ └──────────────────────────────────────────────────┴────────────┴──────────────────────────────────────────────────┘ │
╰──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
djcheckup-0.5.1.tar.gz
(11.6 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
djcheckup-0.5.1-py3-none-any.whl
(13.5 kB
view details)
File details
Details for the file djcheckup-0.5.1.tar.gz.
File metadata
- Download URL: djcheckup-0.5.1.tar.gz
- Upload date:
- Size: 11.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.9.13 {"installer":{"name":"uv","version":"0.9.13"},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
afb1e7507e71ac8488abbc0c4cfbf9bc7b671af8851cc152e2ed1f0d4d32a081
|
|
| MD5 |
43665753d37da175c492f66cdeb8fb84
|
|
| BLAKE2b-256 |
7c06f3e3e4b840d53669d7614fdb92eac9ad1851f94a520c7bcb67dfa9c80fbd
|
File details
Details for the file djcheckup-0.5.1-py3-none-any.whl.
File metadata
- Download URL: djcheckup-0.5.1-py3-none-any.whl
- Upload date:
- Size: 13.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.9.13 {"installer":{"name":"uv","version":"0.9.13"},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b3417f983b8a845eec5f5f1ff305d16a8aefdfe5f45ee88be685053a009e6c77
|
|
| MD5 |
1bb2374502243e693e42f4b8ad69e9da
|
|
| BLAKE2b-256 |
bc04f7b07d29b298a1db2204d8b3746bd8f96b174afa498d1349e86f9933ce22
|
