Web-Check: On-demand OSINT for any website's inner workings
W

Web-Check: On-demand OSINT for any website's inner workings

Web-Check: On-demand OSINT for any website's inner workings

34,025 stars
N/A forks
N/A contributors

README

Project documentation from GitHub

Web-Check: One-Click OSINT for Any Website's Inner Workings

There are plenty of times you want to peek under the hood of a website. Maybe you’re auditing your own site’s security headers, checking if a competitor is using Cloudflare, or investigating a suspicious domain. Usually that means juggling a dozen different tools — one for DNS lookups, another for SSL checks, yet another for HTTP headers. It’s tedious.

Enter Web-Check. It’s an open-source tool that does all of that in one place. Give it a URL, and it returns a comprehensive breakdown of that website’s technical setup. DNS records, SSL certs, server location, open ports, security headers, tech stack — it’s all there.


What It Does

Web-Check is a self-hosted web app (or you can use the live demo) that runs a suite of OSINT checks against any domain or URL. Just type in the address, and it fires off a series of scans:

  • DNS records (A, AAAA, MX, NS, TXT, CNAME, SOA)
  • SSL certificate details (issuer, validity, ciphers)
  • HTTP security headers (HSTS, CSP, X-Frame-Options, etc.)
  • Server location (IP geolocation)
  • Open ports (common services)
  • Technology stack detection (CMS, frameworks, analytics)
  • Email and social link discovery
  • WhoIs info (if available)
  • Cookie analysis
  • And more

The results are presented in a clean, organized dashboard with color-coded status indicators. Green means good, red means something to investigate.


Why It’s Cool

First, it’s one tool instead of ten. You don’t need to open separate tabs for each check. Web-Check runs everything in parallel, so you get a full site report in seconds.

Second, it’s self-hostable. Luke Smith, the creator, built it as a single Docker container. You can run it on your own server, keep your scan data private, and avoid rate limits from public services. The entire stack is Node.js + React + a handful of well-written API wrappers.

Third, the UI is excellent. The dashboard uses cards and expandable sections. Each check shows the raw data (like exact DNS records) but also a summary — “SSL certificate expires in 47 days” — so you don’t have to parse technical output every time.

Practical use cases:

  • Security audits: Check your own site’s headers and SSL config before a pentest.
  • Recon: Before engaging with a target domain (for legal work), get a quick picture of their tech stack.
  • Competitive analysis

Did you like this issue?

Join our weekly newsletter

Love discovering amazing projects?

Help us continue bringing you the best open-source discoveries every week.

Back to Projects
Last updated: Jun 9, 2026