Quick security info for a given URL
Project description
quicksec
A command-line tool for quickly auditing the security posture of any website. Pass it a URL and get a structured report covering TLS, HTTP security headers, HTTPS enforcement, and cookie flags — no config needed.
Install
pip install quicksec
Or install from source:
git clone https://github.com/nGubbins/quicksec.git
cd quicksec
pip install .
Usage
quicksec <url>
The scheme is optional — quicksec example.com defaults to https://.
Examples
quicksec github.com
quicksec https://example.com
quicksec http://legacy-site.com
Sample output
==========================================================
Security check >> github.com
==========================================================
--- SSL / TLS ---
[OK] Valid certificate CN=github.com
[OK] Expires 2026-06-03 (39 days)
[INFO] Protocol: TLSv1.3 | Cipher: TLS_AES_128_GCM_SHA256
[INFO] SANs: github.com, www.github.com
--- HTTPS redirect ---
[OK] HTTP -> HTTPS redirect: yes
--- Security headers ---
[WARN] Server header present: github.com
[OK] Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
[OK] Content-Security-Policy: default-src 'none'; base-uri 'self'; ...
[OK] X-Frame-Options: deny
[OK] X-Content-Type-Options: nosniff
[OK] Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
[WARN] Permissions-Policy: missing
--- Cookies ---
[OK] _gh_sess [Secure, HttpOnly, SameSite=Lax]
[WARN] _octo [Secure, SameSite=Lax] (missing: HttpOnly)
What it checks
| Check | Details |
|---|---|
| SSL / TLS | Certificate validity, expiry (warns under 30 days), TLS version, cipher suite, SANs |
| HTTPS redirect | Whether plain HTTP redirects to HTTPS |
| Security headers | Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy |
| Info disclosure | Flags Server and X-Powered-By headers |
| Cookies | Checks each cookie for Secure, HttpOnly, and SameSite flags |
Status indicators
| Tag | Meaning |
|---|---|
[OK] |
Passes the check |
[WARN] |
Present but could be improved, or missing a recommended header |
[FAIL] |
Missing or broken (e.g. expired cert, SSL error) |
[INFO] |
Informational — no judgement |
Use cases
- Pre-launch audit — run before deploying a new site to catch missing headers or misconfigured TLS
- Third-party vendor review — quickly assess the security hygiene of an API or partner domain
- Security regression check — spot headers that quietly disappeared after a config change
- CTF / bug bounty recon — fast first-pass on a target to see what's exposed
Development
git clone https://github.com/nGubbins/quicksec.git
cd quicksec
python -m venv env
source env/bin/activate # Windows: env\Scripts\activate
pip install -r requirements.txt
pytest
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
quicksec-0.1.5.tar.gz
(5.2 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file quicksec-0.1.5.tar.gz.
File metadata
- Download URL: quicksec-0.1.5.tar.gz
- Upload date:
- Size: 5.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b3a0744104dec331448250c9a7000806f7787435c3248e19cd070eaff89215ca
|
|
| MD5 |
927e587d0a56d1c2fe92d066baa021b1
|
|
| BLAKE2b-256 |
0c800ba19f19bd767b0f935d736685f1357fa224da92ac7accb7cfa03fd85966
|
Provenance
The following attestation bundles were made for quicksec-0.1.5.tar.gz:
Publisher:
publish.yml on nGubbins/quicksec
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
quicksec-0.1.5.tar.gz -
Subject digest:
b3a0744104dec331448250c9a7000806f7787435c3248e19cd070eaff89215ca - Sigstore transparency entry: 1376569622
- Sigstore integration time:
-
Permalink:
nGubbins/quicksec@3ae272a0d5f67006b4ba75e72a097ddf7236ebf5 -
Branch / Tag:
refs/tags/v0.1.5 - Owner: https://github.com/nGubbins
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@3ae272a0d5f67006b4ba75e72a097ddf7236ebf5 -
Trigger Event:
push
-
Statement type:
File details
Details for the file quicksec-0.1.5-py3-none-any.whl.
File metadata
- Download URL: quicksec-0.1.5-py3-none-any.whl
- Upload date:
- Size: 4.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
17986f4bdd4c477870292584ad0db1b156af392e69c53d04c917d88d480965fa
|
|
| MD5 |
e3f2e976ebc3dc20c7f5657db7799a13
|
|
| BLAKE2b-256 |
d9556b88948cddd94b9a5932de723dd86a14ce8f30453edd19e896361ee2b7ec
|
Provenance
The following attestation bundles were made for quicksec-0.1.5-py3-none-any.whl:
Publisher:
publish.yml on nGubbins/quicksec
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
quicksec-0.1.5-py3-none-any.whl -
Subject digest:
17986f4bdd4c477870292584ad0db1b156af392e69c53d04c917d88d480965fa - Sigstore transparency entry: 1376569655
- Sigstore integration time:
-
Permalink:
nGubbins/quicksec@3ae272a0d5f67006b4ba75e72a097ddf7236ebf5 -
Branch / Tag:
refs/tags/v0.1.5 - Owner: https://github.com/nGubbins
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@3ae272a0d5f67006b4ba75e72a097ddf7236ebf5 -
Trigger Event:
push
-
Statement type:
