Web-check
by Lissy93
Comprehensive Website Intelligence & Security Scanner
A powerful TypeScript-based reconnaissance platform that aggregates multiple security and infrastructure checks into a single interface.
- 30,797+ GitHub stars
- Built with TypeScript
- All-in-one dashboard combining 30+ OSINT checks including DNS, SSL, headers, and technology fingerprinting
- MIT License license
About This Project
Web-Check is a comprehensive website analysis toolkit that consolidates dozens of OSINT (Open Source Intelligence) techniques into one streamlined application. Instead of juggling multiple tools and browser tabs, security professionals and developers can perform deep reconnaissance on any domain through a unified dashboard.
The platform executes parallel checks across DNS records, SSL certificates, server headers, technology stacks, security headers, cookie analysis, domain reputation, and hosting infrastructure. Each module provides actionable insights that help identify vulnerabilities, misconfigurations, and potential security risks before they become exploits.
Built with TypeScript for type safety and reliability, this tool stands out for its zero-configuration deployment and privacy-first approach. All analysis runs client-side or through your own instance, ensuring sensitive reconnaissance data never touches third-party servers. The modular architecture makes it easy to extend with custom checks while maintaining a clean, intuitive interface.
Whether you're conducting pre-deployment audits, competitive analysis, or security assessments, Web-Check delivers professional-grade intelligence gathering without the complexity of traditional penetration testing suites.
Key Features
- All-in-one dashboard combining 30+ OSINT checks including DNS, SSL, headers, and technology fingerprinting
- Privacy-focused architecture with client-side execution and self-hosting options
- Real-time security header analysis to identify missing protections like CSP, HSTS, and X-Frame-Options
- Comprehensive SSL/TLS certificate inspection with chain validation and expiration monitoring
- Domain reputation scoring aggregating data from multiple threat intelligence sources
- Technology stack detection revealing frameworks, CMS platforms, analytics tools, and server software
- Export functionality for generating detailed reports in multiple formats for documentation
- Zero-configuration deployment with Docker support for instant setup
How You Can Use It
Pre-deployment security audits to identify misconfigurations before going live
Competitive intelligence gathering to analyze competitor infrastructure and technology choices
Bug bounty reconnaissance to map attack surfaces and identify potential vulnerabilities
System administrator monitoring to verify DNS propagation, SSL validity, and server configurations
Privacy compliance checks to audit third-party trackers and data collection mechanisms
Domain acquisition research to assess reputation and historical ownership before purchasing
Who Is This For?
Security researchers, penetration testers, system administrators, DevOps engineers, bug bounty hunters, and web developers conducting infrastructure audits