Quick security info for a given URL

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for lost_0 from gravatar.com lost_0

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: lost_0
  • Requires: Python >=3.10
Report project as malware

Project description

quicksec

A command-line tool for quickly auditing the security posture of any website. Pass it a URL and get a structured report covering TLS, HTTP security headers, HTTPS enforcement, and cookie flags — no config needed.

CI

Install

pip install quicksec

Or install from source:

git clone https://github.com/nGubbins/quicksec.git
cd quicksec
pip install .

Usage

quicksec <url>

The scheme is optional — quicksec example.com defaults to https://.

Examples

quicksec github.com
quicksec https://example.com
quicksec http://legacy-site.com

Sample output

==========================================================
  Security check  >>  github.com
==========================================================

--- SSL / TLS ---
  [OK]   Valid certificate  CN=github.com
  [OK]   Expires 2026-06-03  (39 days)
 [INFO]  Protocol: TLSv1.3  |  Cipher: TLS_AES_128_GCM_SHA256
 [INFO]  SANs: github.com, www.github.com

--- HTTPS redirect ---
  [OK]   HTTP -> HTTPS redirect: yes

--- Security headers ---
 [WARN]  Server header present: github.com
  [OK]   Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
  [OK]   Content-Security-Policy: default-src 'none'; base-uri 'self'; ...
  [OK]   X-Frame-Options: deny
  [OK]   X-Content-Type-Options: nosniff
  [OK]   Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
 [WARN]  Permissions-Policy: missing

--- Cookies ---
  [OK]   _gh_sess  [Secure, HttpOnly, SameSite=Lax]
 [WARN]  _octo  [Secure, SameSite=Lax]  (missing: HttpOnly)

What it checks

Check Details
SSL / TLS Certificate validity, expiry (warns under 30 days), TLS version, cipher suite, SANs
HTTPS redirect Whether plain HTTP redirects to HTTPS
Security headers Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
Info disclosure Flags Server and X-Powered-By headers
Cookies Checks each cookie for Secure, HttpOnly, and SameSite flags

Status indicators

Tag Meaning
[OK] Passes the check
[WARN] Present but could be improved, or missing a recommended header
[FAIL] Missing or broken (e.g. expired cert, SSL error)
[INFO] Informational — no judgement

Use cases

  • Pre-launch audit — run before deploying a new site to catch missing headers or misconfigured TLS
  • Third-party vendor review — quickly assess the security hygiene of an API or partner domain
  • Security regression check — spot headers that quietly disappeared after a config change
  • CTF / bug bounty recon — fast first-pass on a target to see what's exposed

Development

git clone https://github.com/nGubbins/quicksec.git
cd quicksec
python -m venv env
source env/bin/activate   # Windows: env\Scripts\activate
pip install -r requirements.txt
pytest

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for lost_0 from gravatar.com lost_0

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: lost_0
  • Requires: Python >=3.10

Release history Release notifications | RSS feed

0.1.5

0.1.4

0.1.3

0.1.2

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

quicksec-0.1.0.tar.gz (3.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

quicksec-0.1.0-py3-none-any.whl (2.7 kB view details)

Uploaded Python 3

File details

Details for the file quicksec-0.1.0.tar.gz.

File metadata

  • Download URL: quicksec-0.1.0.tar.gz
  • Upload date:
  • Size: 3.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for quicksec-0.1.0.tar.gz
Algorithm Hash digest
SHA256 7f603c2c01635bd205d3fd0251c08ba556535585d12ec3ff75ed082ad54848c3
MD5 4fcca41246905ca5eab36e38c73e8cad
BLAKE2b-256 c7f8bd36bce8e47fb578de8f45677d12b65633020047d60fead6ecb7809107e6

See more details on using hashes here.

Provenance

The following attestation bundles were made for quicksec-0.1.0.tar.gz:

Publisher: publish.yml on nGubbins/quicksec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file quicksec-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: quicksec-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 2.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for quicksec-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 8d822e171d7d72feb8320c861ca8a3091b363a3cf3958ae9269be3822e911a2f
MD5 4dbdda1a660268c6b326906a1c3456c3
BLAKE2b-256 8b4c72f8ce75c1f5a3b717e0e6a7765cbfff7ab38d6461055acf91fafa9078c0

See more details on using hashes here.

Provenance

The following attestation bundles were made for quicksec-0.1.0-py3-none-any.whl:

Publisher: publish.yml on nGubbins/quicksec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page