# Reinhardt
**Reinhardt** (`rh`) is a focused security scanner for Django applications. It scans your codebase for common misconfigurations and security vulnerabilities.
## Features
Reinhardt checks for:
- **Configuration Security**: `DEBUG` mode, `ALLOWED_HOSTS`, `SECRET_KEY` management.
- **Modern Hardening**: HSTS (including subdomains/preload), Content Security Policy (CSP), and Security Headers.
- **Cookie Security**: HttpOnly, SameSite, and Secure flags for Session and CSRF cookies.
- **API Security**: Django REST Framework (DRF) permission defaults (`AllowAny`) and throttling configuration.
- **XSS Prevention**: Template scanning for unsafe filters (`|safe`) and `autoescape off` blocks.
- **Injection Risks**: SQL injection sinks (`.raw()`, `.extra()`, `cursor.execute()`).
- **Auth & Secrets**: Weak password hashers, hardcoded secrets, and default admin URLs.
## Installation
```bash
cargo install reinhardt
```
## Usage
Scan the current directory:
```bash
rh
```
Scan a specific directory:
```bash
rh /path/to/django/project
```
Scan all files (including hidden and ignored ones):
```bash
rh --all-files
```
Initialize default configuration:
```bash
rh --init
```
## Configuration
Reinhardt stores configuration in `~/.config/reinhardt/config.toml` (or platform equivalent).
On first run, it will prompt you to set a default report output directory (default: `~/reinhardt_reports`).
Reports are automatically organized into subdirectories by project name:
`~/reinhardt_reports/<project_name>/reinhardt-scan-results-<timestamp>.md`