SecAudit: Passive Web Security Auditing with a Hacker-Aesthetic Terminal UI
The problem
Every time I finished a web project, I had to run 5 different tools to check security basics:
- testssl.sh for TLS
- securityheaders.com for headers
- mxtoolbox for DNS
- Manual cookie inspection in DevTools
- Another tool for CSP
None of them gave me a single prioritized view. So I built SecAudit.
What it does
SecAudit is a Python CLI that runs a complete external security posture audit in one command — everything runs in parallel via asyncio so it finishes in seconds, not minutes.
Modules:
| Module | What it checks |
|---|---|
tls |
Certificate chain, expiry, protocol version, cipher suites |
headers |
HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, COOP |
csp |
Content Security Policy completeness and unsafe directives |
cookies |
Secure, HttpOnly, SameSite on every Set-Cookie header |
cors |
Cross-origin credentialed request permissiveness |
csrf |
CSRF token presence and SameSite coverage |
dns |
SPF, DKIM, DMARC, CAA records |
js |
Source map exposure, debug builds in production |
api |
API endpoint fingerprinting |
cache |
Proxy/cache header leakage |
Install
bash
git clone https://github.com/SllHex/secaudit
cd secaudit
pip install -r requirements.txt
python -m secaudit scan https://your-app.com
Top comments (0)