Command-line security checks: TLS, HTTP security headers, DNS/email posture and subdomain discovery — run locally, no account needed.
Project description
secably
Quick security checks from your terminal — TLS certificates, HTTP security headers, DNS/email posture, and subdomain discovery. The everyday checks run locally on your machine, with no account and no rate limit. Heavier scans (full website vulnerability scan, port scan) use the free Secably API.
pip install secably # core checks (zero dependencies)
pip install "secably[dns]" # adds MX/TXT/SPF/DMARC/DNSSEC via dnspython
Usage
# TLS certificate + negotiated protocol, with a CI-friendly expiry gate
secably ssl example.com
secably ssl example.com --fail-if-expires 14
# Grade the HTTP security headers A–F (fail a build below B)
secably headers https://example.com
secably headers example.com --fail-below B
# DNS records + email spoofing posture (SPF / DMARC / DNSSEC)
secably dns example.com
# Passive subdomain discovery via Certificate Transparency (crt.sh)
secably subdomains example.com --resolve
# Hosted port / website vulnerability scan (needs a free API key)
secably scan example.com --type website
Add --json to any command for machine-readable output — handy in pipelines.
Local vs. hosted
| Command | Where it runs | Account needed |
|---|---|---|
ssl, headers, dns, subdomains |
your machine | no |
scan (website / port) |
Secably API | free API key |
The local commands never touch Secably's servers, so there's no quota to hit.
The scan command runs deeper, server-side checks; create a free key at
https://secably.com/dashboard/api-keys/ and pass it via --api-key or the
SECABLY_API_KEY environment variable. Free keys include a daily allowance;
paid plans lift it.
Use in CI
Both ssl --fail-if-expires and headers --fail-below exit non-zero on
failure, so they drop straight into a pipeline:
- run: pipx run secably ssl your-domain.com --fail-if-expires 21
- run: pipx run secably headers https://your-domain.com --fail-below B
For always-on monitoring of certificate expiry, new subdomains and open ports between deploys, Secably runs the same checks continuously and alerts you: https://secably.com/?utm_source=cli&utm_medium=github&utm_campaign=secably-cli
License
MIT — see LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file secably-0.1.0.tar.gz.
File metadata
- Download URL: secably-0.1.0.tar.gz
- Upload date:
- Size: 14.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5cda3d4a73a9676397b00599830f01a7d24acd92929a795808509b2806b9531d
|
|
| MD5 |
6d81f8e5b45154e19df44a6a8171b843
|
|
| BLAKE2b-256 |
b9c28f0fac8361f45bd0a9166f38fc94f72b1142b0a20570968d9777fb91c74a
|
File details
Details for the file secably-0.1.0-py3-none-any.whl.
File metadata
- Download URL: secably-0.1.0-py3-none-any.whl
- Upload date:
- Size: 15.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
08e90332f927bffc75912d01ccbce75f05541a3b068b1819248cb9006033bb5e
|
|
| MD5 |
cad18fedb3530dfeb295e80c18d921d1
|
|
| BLAKE2b-256 |
fb4ba7beeac865323b9bb0349b4e6a8d31511e420982a40f2744b304e578c249
|