Contents

This program is still in Alpha phase and is nowhere near complete. It’s purpose is quite simply to be run on a server and let you know if there are any possible security holes in your configuration. It is designed and configured around Debian so will not work properly on Red Hat-based distributions without modifications to the tests.

What can it scan?

  • OpenSSH
  • nginx
  • Apache2
  • PHP5
  • DenyHosts

How does it work?

Am I secure will open up your configuration files in the order that each program would include them in, for example Apache2 includes them in the following order on Debian-based systems;

  1. /etc/apache2/apache2.conf,
  2. /etc/apache2/mods-enabled/*,
  3. /etc/apache2/httpd.conf,
  4. /etc/apache2/ports.conf,
  5. /etc/apache2/conf.d/*,
  6. /etc/apache2/sites-enabled/*,

it will then run through each this, ignoring commented out config options and show you where things are configured insecurely.

Caveats

Am I Secure is a tool that helps show possible security holes, but it is just a basic tool.

Downloads

*Please note this is alpha software.*

Requires

  • Python >2.6

Usage

Once downloaded simply run

sudo python amisecure.py

Example output

Am I Secure?

Issue tracking

Issue tracking is on GitHub.

Source

You can fork, modify and create pull requests on GitHub.

Kura

Anarchist. Pessimist. Bipolar. Hacker. Hyperpolyglot. Musician. Ex-(semi-)pro gamer. They/Them.

Kura
View Source