Stars
Forks
Watchers
Developer links
Web-Check
Enter a URL and get a dashboard of everything publicly discoverable about its security posture, server architecture, and technology stack: Web-Check is an all-in-one OSINT tool for analyzing any website. One scan surfaces IP info and server location, the full SSL certificate chain with issuing authority and validity, DNS records (A, MX, NS, CNAME, TXT) with DNSSEC status, HTTP response headers interpreted for security directives like HSTS, CSP, and X-Frame-Options, cookies and their flags, WHOIS domain info, robots.txt crawl rules, a sitemap-derived page map, the redirect ledger, open ports, traceroute, detected technologies, third-party trackers, associated hostnames, site performance, and even carbon footprint. Each card explains what the data means and why it matters, which makes the tool double as a security education resource - junior engineers learn headers and attack surfaces by scanning real sites. Practical uses span pre-deployment security audits (catch missing headers and misconfigurations before they ship), privacy compliance checks (identify trackers and cookie behavior for GDPR work), competitive tech-stack research, and network debugging via DNS and redirect inspection. Built by Lissy93 in TypeScript, it deploys as a single Docker container, and self-hosting keeps your reconnaissance targets and audit activity off third-party services.
Benefits
- Twenty Tools in One Scan
- SSL Labs, dig, WHOIS, port scanner, header checker, and tech detector consolidated into a single dashboard from one URL.
- Catch Misconfigurations Before Attackers
- Missing HSTS, weak CSP, exposed ports, and stale certificates surface in seconds during pre-deployment review.
- Recon That Stays Private
- Self-hosting keeps the domains you investigate and your audit patterns off third-party scanning services.
- Security Education Built In
- Every result card explains what the data means and why it matters - a learning tool as much as a scanner.
Features
- Certificate and DNS Analysis
- Full SSL chain, A/MX/NS/CNAME/TXT records, and DNSSEC configuration checks.
- Security Header Interpretation
- HSTS, CSP, X-Frame-Options, and more, decoded with explanations.
- Network Reconnaissance
- Open ports, traceroute, server location, IP info, and redirect chains.
- Privacy Inspection
- Cookies, third-party trackers, and crawl rules for compliance assessment.
- Tech Stack Detection
- Identifies frameworks, servers, and libraries a site runs, plus associated hostnames.
- Single-Container Deploy
- One Docker image serves the full dashboard - point it at any URL and scan.