SentinelDeck 0.4.0

HTTP header depth plus a much richer terminal experience.

Added

• HTTP security-header depth: CORS misconfiguration (a wildcard origin with credentials is flagged high), Referrer-Policy quality, HSTS preload eligibility, cookie SameSite, and Cross-Origin-Opener-Policy. Each ships a copy-paste fix.
• Live scan progress: each surface (DNS, TLS, HTTP, email, certificate transparency) is reported as it finishes, on stderr so piped output stays clean.
• A red ASCII-art SENTINELDECK banner on the home screen.
• New commands: checks lists every check, explain <finding-id> prints the copy-paste fix for a finding, and version.
• scan now writes HTML/score-card/badge output directly (--html, --svg, --badge) and prints the absolute path of every file it saves.

Upgrade:

pip install -U sentineldeck

SentinelDeck 0.3.0

Email and DNS depth, closing gaps versus internet.nl. Every new check is passive and ships a copy-paste fix.

Added

• DKIM key strength: decodes the published key and flags anything under 2048-bit RSA.
• MTA-STS policy validation: fetches the HTTPS policy file and flags a missing or invalid policy, or a non-enforce mode (not just the DNS record).
• Nameserver redundancy: flags a single nameserver as a DNS single point of failure.
• IPv6 (AAAA) readiness.
• DANE/TLSA detection, gated on DNSSEC being enabled.

Upgrade:

pip install -U sentineldeck

SentinelDeck 0.2.0

A premium CLI experience.

Added

• A branded home screen: run sentineldeck with no command for the logo, commands, quick-start, and a tip, all in the SentinelDeck colours.
• Colorized scan output: a grade banner and severity-coloured findings on a terminal. JSON is still emitted when piped or with --pretty, so automation is unchanged.

Fixed

• The cryptography deprecation warnings no longer leak into scan output.

Install

pip install -U sentineldeck

SentinelDeck 0.1.0

First public release of SentinelDeck — a passive attack-surface scanner that turns a domain into a risk score, an A to F grade, and a client-ready report.

Highlights

• Passive checks across DNS, HTTP, TLS, email (SPF/DMARC/DKIM/MTA-STS/TLS-RPT/BIMI), and domain intelligence (RDAP)
• Attack-surface mapping via certificate transparency, with dangling-CNAME subdomain-takeover detection
• A copy-paste fix for every finding, plus an interactive remediation simulator in the HTML report
• Scan-to-scan diffing and a monitor command with webhook alerts on regression
• JSON, HTML, score card, and badge outputs, and a confidence model that never lets an inconclusive check inflate the score

Install

pip install sentineldeck