This program is still in Alpha phase and is nowhere near complete. It’s purpose is quite simply to be run on a server and let you know if there are any possible security holes in your configuration. It is designed and configured around Debian so will not work properly on Red Hat-based distributions without modifications to the tests.

What can it scan?

  • OpenSSH
  • nginx
  • Apache2
  • PHP5
  • DenyHosts

How does it work?

Am I secure will open up your configuration files in the order that each program would include them in, for example Apache2 includes them in the following order on Debian-based systems;

  1. /etc/apache2/apache2.conf,
  2. /etc/apache2/mods-enabled/*,
  3. /etc/apache2/httpd.conf,
  4. /etc/apache2/ports.conf,
  5. /etc/apache2/conf.d/*,
  6. /etc/apache2/sites-enabled/*,

it will then run through each this, ignoring commented out config options and show you where things are configured insecurely.


Am I Secure is a tool that helps show possible security holes, but it is just a basic tool.


*Please note this is alpha software.*


  • Python >2.6


Once downloaded simply run

sudo python

Example output

Am I Secure?


You can fork, modify and create pull requests on GitHub.


Anarchist. Pessimist. Bipolar. Hacker. Hyperpolyglot. Musician. Ex-(semi-)pro gamer. They/Them.

View Source