v1.0.0 · Live on PyPI · MIT Licence

Your stack has a security grade. Do you know it?

StackSentry scans your Flask, Django or PHP app — plus Nginx, Docker containers, and Linux host — assigns a grade A–F, generates AI-powered fix scripts, and applies them automatically.

Watch live demo $ pip install stacksentry GitHub →
scroll
0 security checks
0 stack layers
0 tests passing
1.55s test suite time
v1.0 live on PyPI
// live demo

Watch it find issues. Watch it fix them.

Real scan against a sandbox server we control — intentionally misconfigured. App and webserver layers scanned live. Full CLI covers all 4 layers including container and host via SSH.

✓ Application layer ✓ Webserver layer + Container (CLI only) + Host / SSH (CLI only)
Target: sandbox.stacksentry — intentionally misconfigured
stacksentry — live demo

Click "Run live demo scan" to watch StackSentry work in real time.

Scans a sandbox server — intentionally misconfigured. F → C grade improvement, live.

// how it works

Four steps. Zero guesswork.

01

Point at any target

VPS, shared hosting, or local stack. SSH, HTTP, and Docker socket scanning. No agent required on the target.

02

Get a security grade

Priority formula: severity × impact ÷ effort. Grade A–F with a prioritised hardening plan and PDF report.

03

AI-generated patches

Claude generates fix scripts per finding. Labelled AI-generated or template. Safe SSH ordering — no lockouts.

04

Track drift over time

SQLite history tracks posture across every scan. Drift alerts when your grade regresses between runs.

// coverage

Four layers. 24 checks.

Application 6 checks
  • Security headers (X-Frame, CSP, HSTS)
  • Cookie security flags
  • CORS misconfiguration
  • Secrets & debug mode exposure
Webserver 8 checks
  • Nginx / Apache hardening
  • TLS configuration
  • Server token exposure
  • Status page visibility
Container 11 checks
  • Root container detection
  • Resource limit enforcement
  • Read-only filesystem
  • Secrets in environment
Host 10 checks
  • SSH hardening
  • Firewall configuration
  • Kernel parameters
  • User privilege audit
// grade scale

Know exactly where you stand.

A
≥ 90% Hardened — production ready
B
≥ 80% Strong — minor gaps remain
C
≥ 70% Acceptable — needs attention
D
≥ 60% At risk — act soon
F
< 60% Exposed — immediate action required
// vs the alternatives

The gap others leave.

OWASP ZAP and Nikto are great at finding vulnerabilities. Neither assesses configuration posture or fixes what they find.

Feature
StackSentry
OWASP ZAP
Nikto
Configuration assessment
Security grade A–F
AI-generated fix scripts
Auto-fix via SSH
Drift tracking over time
Vulnerability scanning
Active exploit testing
Docker / container checks
Host / SSH hardening checks
Priority-ranked findings
PDF report generation
Free & open source
// real-world results

Tested against live targets.

F
C

VPS · Nginx · Docker · Ubuntu

0 attack paths remaining after autofix. 8 fixes applied automatically via SSH in a single run. Score: 40.9% → 72.0%

Before
40.9%
After
72.0%
autofix applied
D
66.7%

Blackboard LMS · Java · Nginx

Assessment only — no SSH access. Configuration gaps identified across webserver and application layers.

Score
66.7%
assessment only
F
27.3%

PHP/Apache · Shared hosting

PHP/Apache stack detection working. Limited remediation scope due to shared hosting restrictions.

Score
27.3%
host-restricted
// get started

Running in 30 seconds.

01
Install
$ pip install stacksentry
02
Scan
$ stacksentry --target https://yourapp.com --mode full
03
Fix
$ stacksentry --target https://yourapp.com --mode full --fix --ssh-host your-server
GitHub PyPI Docs Contributing