Quick security info for a given URL
Project description
quicksec
A command-line tool for quickly auditing the security posture of any website. Pass it a URL and get a structured report covering TLS, HTTP security headers, HTTPS enforcement, and cookie flags — no config needed.
Install
pip install quicksec
Or install from source:
git clone https://github.com/nGubbins/quicksec.git
cd quicksec
pip install .
Usage
quicksec <url>
The scheme is optional — quicksec example.com defaults to https://.
Examples
quicksec github.com
quicksec https://example.com
quicksec http://legacy-site.com
Sample output
==========================================================
Security check >> github.com
==========================================================
--- SSL / TLS ---
[OK] Valid certificate CN=github.com
[OK] Expires 2026-06-03 (39 days)
[INFO] Protocol: TLSv1.3 | Cipher: TLS_AES_128_GCM_SHA256
[INFO] SANs: github.com, www.github.com
--- HTTPS redirect ---
[OK] HTTP -> HTTPS redirect: yes
--- Security headers ---
[WARN] Server header present: github.com
[OK] Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
[OK] Content-Security-Policy: default-src 'none'; base-uri 'self'; ...
[OK] X-Frame-Options: deny
[OK] X-Content-Type-Options: nosniff
[OK] Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
[WARN] Permissions-Policy: missing
--- Cookies ---
[OK] _gh_sess [Secure, HttpOnly, SameSite=Lax]
[WARN] _octo [Secure, SameSite=Lax] (missing: HttpOnly)
What it checks
| Check | Details |
|---|---|
| SSL / TLS | Certificate validity, expiry (warns under 30 days), TLS version, cipher suite, SANs |
| HTTPS redirect | Whether plain HTTP redirects to HTTPS |
| Security headers | Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy |
| Info disclosure | Flags Server and X-Powered-By headers |
| Cookies | Checks each cookie for Secure, HttpOnly, and SameSite flags |
Status indicators
| Tag | Meaning |
|---|---|
[OK] |
Passes the check |
[WARN] |
Present but could be improved, or missing a recommended header |
[FAIL] |
Missing or broken (e.g. expired cert, SSL error) |
[INFO] |
Informational — no judgement |
Use cases
- Pre-launch audit — run before deploying a new site to catch missing headers or misconfigured TLS
- Third-party vendor review — quickly assess the security hygiene of an API or partner domain
- Security regression check — spot headers that quietly disappeared after a config change
- CTF / bug bounty recon — fast first-pass on a target to see what's exposed
Development
git clone https://github.com/nGubbins/quicksec.git
cd quicksec
python -m venv env
source env/bin/activate # Windows: env\Scripts\activate
pip install -r requirements.txt
pytest
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
quicksec-0.1.4.tar.gz
(5.2 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file quicksec-0.1.4.tar.gz.
File metadata
- Download URL: quicksec-0.1.4.tar.gz
- Upload date:
- Size: 5.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
88442763b7798000bd1264dbf9bcd3f3f256575868b7c7df87c4e4d666bd54b3
|
|
| MD5 |
eba415c0ae81887cc4e7b71021e10134
|
|
| BLAKE2b-256 |
ef87d5434c4bc199b40842f1bc061f4471b5e05f3ba1cc2b8527c9f1dd088efe
|
Provenance
The following attestation bundles were made for quicksec-0.1.4.tar.gz:
Publisher:
publish.yml on nGubbins/quicksec
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
quicksec-0.1.4.tar.gz -
Subject digest:
88442763b7798000bd1264dbf9bcd3f3f256575868b7c7df87c4e4d666bd54b3 - Sigstore transparency entry: 1376545171
- Sigstore integration time:
-
Permalink:
nGubbins/quicksec@cb66739fe7653440824fee75b396cee4e4240ce0 -
Branch / Tag:
refs/tags/v0.1.4 - Owner: https://github.com/nGubbins
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@cb66739fe7653440824fee75b396cee4e4240ce0 -
Trigger Event:
push
-
Statement type:
File details
Details for the file quicksec-0.1.4-py3-none-any.whl.
File metadata
- Download URL: quicksec-0.1.4-py3-none-any.whl
- Upload date:
- Size: 4.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c460cde58761a2720f1a71c064b242466e79cddf9681e4e482664407c2f9a87a
|
|
| MD5 |
a3e4fabce8b2a126c066c2b7a65f7388
|
|
| BLAKE2b-256 |
c96aaaef3e6e9d4f5902347b164bd88db3027bb9237c0537b6d260f4a6db15ff
|
Provenance
The following attestation bundles were made for quicksec-0.1.4-py3-none-any.whl:
Publisher:
publish.yml on nGubbins/quicksec
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
quicksec-0.1.4-py3-none-any.whl -
Subject digest:
c460cde58761a2720f1a71c064b242466e79cddf9681e4e482664407c2f9a87a - Sigstore transparency entry: 1376545211
- Sigstore integration time:
-
Permalink:
nGubbins/quicksec@cb66739fe7653440824fee75b396cee4e4240ce0 -
Branch / Tag:
refs/tags/v0.1.4 - Owner: https://github.com/nGubbins
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@cb66739fe7653440824fee75b396cee4e4240ce0 -
Trigger Event:
push
-
Statement type:
