Web-Check
Enter a URL and get a dashboard of everything publicly discoverable about its security posture, server architecture, and technology stack: Web-Check is an all-in-one OSINT tool for analyzing any website. One scan surfaces IP info and server location, the full SSL certificate chain with issuing authority and validity, DNS records (A, MX, NS, CNAME, TXT) with DNSSEC status, HTTP response headers interpreted for security directives like HSTS, CSP, and X-Frame-Options, cookies and their flags, WHOIS domain info, robots.txt crawl rules, a sitemap-derived page map, the redirect ledger, open ports, traceroute, detected technologies, third-party trackers, associated hostnames, site performance, and even carbon footprint. Each card explains what the data means and why it matters, which makes the tool double as a security education resource - junior engineers learn headers and attack surfaces by scanning real sites. Practical uses span pre-deployment security audits (catch missing headers and misconfigurations before they ship), privacy compliance checks (identify trackers and cookie behavior for GDPR work), competitive tech-stack research, and network debugging via DNS and redirect inspection. Built by Lissy93 in TypeScript, it deploys as a single Docker container, and self-hosting keeps your reconnaissance targets and audit activity off third-party services.
PowerDNS-Admin
Raw zone files and API calls become something a whole team can operate safely once PowerDNS-Admin puts its web interface in front of a PowerDNS authoritative server. It's a Python/Flask application covering full forward and reverse zone management, with the touches that matter in daily DNS work: zone templates for stamping out consistent new domains, easy IPv6 PTR record editing (reverse zones by hand are misery), full IDN/Punycode support for internationalized domains, and DynDNS 2 protocol support so routers and scripts can update records the way they would against a commercial dynamic-DNS service. Access control is enterprise-grade: local users, LDAP against OpenLDAP or Active Directory, SAML, and OAuth via Google, GitHub, Azure, or OpenID Connect, hardened with TOTP two-factor authentication. Role-based permissions extend to zone-specific access control - hand a developer their project's zone without exposing the rest of your namespace - and activity logging records who changed which record when, the audit trail bare PowerDNS never gives you. The dashboard monitors PDNS service configuration and statistics, and its own API exposes zone and record management for automation on top of the UI. Runs against MySQL/MariaDB or PostgreSQL, talking to PowerDNS through its REST API. MIT-licensed.
Oxigen
The social preview cards shown when links hit Twitter, LinkedIn, Slack, or Discord, generated on the fly: Oxigen is a small Go service for dynamic Open Graph images, no designer required per page. Instead of exporting static images per page, you compose a card once and drive it with parameters: title, author, website, logo, background image, and background dimming all arrive as URL query arguments, so your og:image meta tag simply points at the Oxigen endpoint with the page's own values substituted in. Every blog post, product page, and doc gets a branded, correctly sized preview generated on the fly. A built-in web UI covers interactive composition - tweak the text and imagery, watch the preview update, copy the resulting URL - while the same rendering path serves programmatic API use from static site generators, CMS templates, or build pipelines. Rendering is pure Go using the gg 2D graphics library, freetype fonts, and the imaging package, built on the kyoto framework by that project's author. Deployment is one stateless container on port 80 with no database and no external dependencies, so instances scale and restart freely.