Metadata-Version: 2.4
Name: secably
Version: 0.1.0
Summary: Command-line security checks: TLS, HTTP security headers, DNS/email posture and subdomain discovery — run locally, no account needed.
Author-email: Secably <hello@secably.com>
License: MIT
Project-URL: Homepage, https://secably.com
Project-URL: Source, https://github.com/secably/secably-cli
Project-URL: Issues, https://github.com/secably/secably-cli/issues
Keywords: security,tls,ssl,http-headers,dns,subdomain,recon,devsecops,cli
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security
Classifier: Topic :: Internet :: WWW/HTTP :: Site Management
Classifier: Topic :: System :: Networking :: Monitoring
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Provides-Extra: dns
Requires-Dist: dnspython>=2.0; extra == "dns"
Provides-Extra: all
Requires-Dist: dnspython>=2.0; extra == "all"
Dynamic: license-file

# secably

Quick security checks from your terminal — TLS certificates, HTTP security
headers, DNS/email posture, and subdomain discovery. The everyday checks run
**locally on your machine, with no account and no rate limit**. Heavier scans
(full website vulnerability scan, port scan) use the free
[Secably](https://secably.com) API.

```
pip install secably          # core checks (zero dependencies)
pip install "secably[dns]"   # adds MX/TXT/SPF/DMARC/DNSSEC via dnspython
```

## Usage

```bash
# TLS certificate + negotiated protocol, with a CI-friendly expiry gate
secably ssl example.com
secably ssl example.com --fail-if-expires 14

# Grade the HTTP security headers A–F (fail a build below B)
secably headers https://example.com
secably headers example.com --fail-below B

# DNS records + email spoofing posture (SPF / DMARC / DNSSEC)
secably dns example.com

# Passive subdomain discovery via Certificate Transparency (crt.sh)
secably subdomains example.com --resolve

# Hosted port / website vulnerability scan (needs a free API key)
secably scan example.com --type website
```

Add `--json` to any command for machine-readable output — handy in pipelines.

## Local vs. hosted

| Command | Where it runs | Account needed |
|---|---|---|
| `ssl`, `headers`, `dns`, `subdomains` | your machine | no |
| `scan` (website / port) | Secably API | free API key |

The local commands never touch Secably's servers, so there's no quota to hit.
The `scan` command runs deeper, server-side checks; create a free key at
**https://secably.com/dashboard/api-keys/** and pass it via `--api-key` or the
`SECABLY_API_KEY` environment variable. Free keys include a daily allowance;
paid plans lift it.

## Use in CI

Both `ssl --fail-if-expires` and `headers --fail-below` exit non-zero on
failure, so they drop straight into a pipeline:

```yaml
- run: pipx run secably ssl your-domain.com --fail-if-expires 21
- run: pipx run secably headers https://your-domain.com --fail-below B
```

For always-on monitoring of certificate expiry, new subdomains and open ports
between deploys, Secably runs the same checks continuously and alerts you:
<https://secably.com/?utm_source=cli&utm_medium=github&utm_campaign=secably-cli>

## License

MIT — see [LICENSE](LICENSE).
