Quick security info for a given URL

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for lost_0 from gravatar.com lost_0

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: lost_0
  • Requires: Python >=3.10
Report project as malware

Project description

quicksec

A command-line tool for quickly auditing the security posture of any website. Pass it a URL and get a structured report covering TLS, HTTP security headers, HTTPS enforcement, and cookie flags — no config needed.

CI

Install

pip install quicksec

Or install from source:

git clone https://github.com/nGubbins/quicksec.git
cd quicksec
pip install .

Usage

quicksec <url>

The scheme is optional — quicksec example.com defaults to https://.

Examples

quicksec github.com
quicksec https://example.com
quicksec http://legacy-site.com

Sample output

==========================================================
  Security check  >>  github.com
==========================================================

--- SSL / TLS ---
  [OK]   Valid certificate  CN=github.com
  [OK]   Expires 2026-06-03  (39 days)
 [INFO]  Protocol: TLSv1.3  |  Cipher: TLS_AES_128_GCM_SHA256
 [INFO]  SANs: github.com, www.github.com

--- HTTPS redirect ---
  [OK]   HTTP -> HTTPS redirect: yes

--- Security headers ---
 [WARN]  Server header present: github.com
  [OK]   Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
  [OK]   Content-Security-Policy: default-src 'none'; base-uri 'self'; ...
  [OK]   X-Frame-Options: deny
  [OK]   X-Content-Type-Options: nosniff
  [OK]   Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
 [WARN]  Permissions-Policy: missing

--- Cookies ---
  [OK]   _gh_sess  [Secure, HttpOnly, SameSite=Lax]
 [WARN]  _octo  [Secure, SameSite=Lax]  (missing: HttpOnly)

What it checks

Check Details
SSL / TLS Certificate validity, expiry (warns under 30 days), TLS version, cipher suite, SANs
HTTPS redirect Whether plain HTTP redirects to HTTPS
Security headers Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
Info disclosure Flags Server and X-Powered-By headers
Cookies Checks each cookie for Secure, HttpOnly, and SameSite flags

Status indicators

Tag Meaning
[OK] Passes the check
[WARN] Present but could be improved, or missing a recommended header
[FAIL] Missing or broken (e.g. expired cert, SSL error)
[INFO] Informational — no judgement

Use cases

  • Pre-launch audit — run before deploying a new site to catch missing headers or misconfigured TLS
  • Third-party vendor review — quickly assess the security hygiene of an API or partner domain
  • Security regression check — spot headers that quietly disappeared after a config change
  • CTF / bug bounty recon — fast first-pass on a target to see what's exposed

Development

git clone https://github.com/nGubbins/quicksec.git
cd quicksec
python -m venv env
source env/bin/activate   # Windows: env\Scripts\activate
pip install -r requirements.txt
pytest

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for lost_0 from gravatar.com lost_0

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: lost_0
  • Requires: Python >=3.10

Release history Release notifications | RSS feed

0.1.5

0.1.4

This version

0.1.3

0.1.2

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

quicksec-0.1.3.tar.gz (5.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

quicksec-0.1.3-py3-none-any.whl (4.8 kB view details)

Uploaded Python 3

File details

Details for the file quicksec-0.1.3.tar.gz.

File metadata

  • Download URL: quicksec-0.1.3.tar.gz
  • Upload date:
  • Size: 5.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for quicksec-0.1.3.tar.gz
Algorithm Hash digest
SHA256 d3adb86d68fe7c4b28b093d8cd2f32b86bae87f5cf3bf5d8339e6f65dd28e37f
MD5 c009aef19705a6fd5574224360d8eabc
BLAKE2b-256 ce79b176e839453e24b020d5400150537129d10fc307d2f3dfa189eff1a57b46

See more details on using hashes here.

Provenance

The following attestation bundles were made for quicksec-0.1.3.tar.gz:

Publisher: publish.yml on nGubbins/quicksec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file quicksec-0.1.3-py3-none-any.whl.

File metadata

  • Download URL: quicksec-0.1.3-py3-none-any.whl
  • Upload date:
  • Size: 4.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for quicksec-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 d6d40d039e8fcf667919ce53c95b738f7178cb8d1f9c8d8bed6ddc77c731a5ff
MD5 368fcea356b993afb0b83af9a475174f
BLAKE2b-256 9e84f0609c2936d60469347b2fa1139c52474b8e9980265e311f1e5e9d63015d

See more details on using hashes here.

Provenance

The following attestation bundles were made for quicksec-0.1.3-py3-none-any.whl:

Publisher: publish.yml on nGubbins/quicksec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page