Web-Check - Comprehensive, on-demand open source intelligence for any website

Admin

Web-Check - Comprehensive, on-demand open source intelligence for any website

Web-Check is a powerful all-in-one tool for discovering information about a website/host. The core philosophy is simple: feed Web-Check a URL and let it gather, collate, and present a broad array of open data for you to delve into.

The report shines a spotlight onto potential attack vectors, existing security measures, and the web of connections within a site's architecture. The results can also help optimizing server responses, configuring redirects, managing cookies, or fine-tuning DNS records for your site.

So, weather you're a developer, system administrator, security researcher, penetration tester or are just interested in discovering the underlying technologies of a given site - I'm sure you'll find this a useful addition to your toolbox.

Features

When conducting an OSINT investigation on a given website or host, there are several key areas to look at. Each of these are documented below, along with links to the tools and techniques you can use to gather the relevant information.

Web-Check can automate the process of gathering this data, but it will be up to you to interpret the results and draw conclusions.

Contents

  1. IP Info
  2. SSL Chain
  3. DNS Records
  4. Cookies
  5. Crawl Rules
  6. Headers
  7. Quality Metrics
  8. Server Location
  9. Associated Hosts
  10. Redirect Chain
  11. TXT Records
  12. Server Status
  13. Open Ports
  14. Traceroute
  15. Carbon Footprint
  16. Server Info
  17. Whois Lookup
  18. Domain Info
  19. DNS Security Extensions
  20. Site Features
  21. HTTP Strict Transport Security
  22. DNS Server
  23. Tech Stack
  24. Listed Pages
  25. Security.txt
  26. Linked Pages
  27. Social Tags
  28. Email Configuration
  29. Firewall Detection
  30. HTTP Security Features
  31. Archive History
  32. Global Ranking
  33. Block Detection
  34. Malware & Phishing Detection
  35. TLS Cipher Suites
  36. TLS Security Config
  37. TLS Handshake Simulation
  38. Screenshot

Manual Deployment

  1. git clone https://github.com/Lissy93/web-check.git
  2. cd web-check # Move into the project directory
  3. yarn install # Install dependencies
  4. yarn build # Build the app for production
  5. yarn serve # Start the app (API and GUI)

Further Docs

More detailed installation and setup instructions can be found in the GitHub repository - github.com/lissy93/web-check

Configuring

There are some optional environmental variables you can specify to give you access to some additional Web-Checks. See the README for full list of options.

  • GOOGLE_CLOUD_API_KEY: A Google API key Used to return quality metrics for a site
  • REACT_APP_SHODAN_API_KEY: A Shodan API key To show associated hosts for a domain
  • REACT_APP_WHO_API_KEY: A WhoAPI key Allows for more comprehensive WhoIs records

Support

Web-Check is free to use without restriction.

All the code is open source, so you're also free to deploy your own instance, as well as fork, modify and distribute the code in both private and commercial settings.

Running web-check does cost a small amount of money each month, so if you're finding the app useful, consider sponsoring the project on GitHub if you're able to. Even just $1 or $2/month would be a huge help in supporting the ongoing project running costs.

Otherwise, there are other ways you can help out, like submitting or reviewing a pull request to the GitHub repo, upvoting us on Product Hunt, or sharing with your network.