Web-Check is an open-source OSINT (Open Source Intelligence) tool designed to provide deep insights into the technical infrastructure of any website. It aggregates critical data such as IP addresses, SSL certificate chains, DNS records, HTTP headers, cookies, crawl rules (robots.txt), server location, and performance metrics—all in a single interactive dashboard. Built with TypeScript and intended for developers, security researchers, and sysadmins, Web-Check helps users identify potential attack surfaces, assess security posture, and understand website composition without needing to run multiple disparate tools. Whether you’re auditing your own site or performing reconnaissance on a third-party domain, Web-Check simplifies complex network diagnostics into an accessible interface.
The tool is designed for both technical and non-technical users, offering a web-based UI alongside flexible deployment options including Docker, Netlify, Vercel, and direct source builds. It is particularly valuable for red teams, penetration testers, and privacy advocates who need to quickly map a domain’s attack surface or verify compliance with security best practices.
What You Get
- IP Info - Discovers the IP address associated with a domain and provides details about hosting provider, geographic location, and potential co-hosted domains on the same IP.
- SSL Chain Analysis - Extracts full SSL/TLS certificate chains, including issuer, validity period, subject alternative names (SANs), and encryption details to assess certificate health and trust.
- DNS Records - Fetches all DNS record types (A, AAAA, MX, NS, CNAME, TXT) to reveal email infrastructure, subdomains, and potential misconfigurations or data leaks.
- Cookies Analysis - Identifies all HTTP cookies set by the target site, including their attributes (HttpOnly, Secure, SameSite), to assess tracking behavior and session security.
- HTTP Headers - Parses response headers to expose server software, caching policies, content-security-policy (CSP), X-Frame-Options, and other security headers that impact website hardening.
- Crawl Rules (robots.txt) - Extracts and interprets robots.txt directives to uncover hidden or disallowed paths that may contain sensitive endpoints or internal resources.
- Server Location & Traceroute - Determines physical server location via IP geolocation and performs traceroute to map network hops, identifying potential latency or routing issues.
- Open Ports & Traceroute - Scans for open ports on the target server and visualizes network path to detect exposed services beyond HTTP/HTTPS.
- Site Performance Metrics - Measures load time, resource size, and performance benchmarks to help optimize site speed and user experience.
- Trackers & Associated Hostnames - Detects third-party tracking scripts and identifies related domains or subdomains linked to the target for mapping ecosystem footprint.
- Carbon Footprint Estimation - Calculates estimated energy usage of the website based on data transfer and server efficiency to support sustainable web practices.
Common Use Cases
- Building a security audit dashboard - Security teams use Web-Check to automate the collection of OSINT data for client websites during penetration tests or compliance assessments.
- Identifying exposed internal endpoints - DevOps engineers analyze robots.txt and headers to uncover accidentally published admin panels, backup files, or staging environments.
- Privacy compliance review - GDPR and CCPA auditors examine cookies and trackers to verify consent mechanisms and third-party data sharing practices.
- Red team reconnaissance - Offensive security practitioners use Web-Check’s DNS, IP, and open port data to map target infrastructure before launching targeted attacks.
- Developer performance optimization - Frontend developers leverage performance metrics and header analysis to reduce page load times and improve Core Web Vitals.
- Team workflow for incident response - SOC teams use Web-Check to rapidly assess suspicious domains during phishing investigations by pulling SSL, DNS, and hosting metadata in one view.
Under The Hood
Web Check is a comprehensive web analysis platform that delivers over 30 distinct checks and insights about websites, including security headers, DNS records, SSL certificates, and performance metrics. It provides both a user-friendly web interface and a powerful API for developers to integrate into their workflows.
Architecture
Web Check adopts a modular monolithic architecture that separates API functionality from frontend rendering, enabling scalable and maintainable development.
- API endpoints are dynamically registered from files in the /api directory, supporting extensibility through new check implementations
- The frontend is built with Astro and Svelte, using a component-based approach for UI rendering and responsive design
- Middleware patterns are implemented to handle cross-cutting concerns such as CORS, rate limiting, and request validation
Tech Stack
The platform leverages a modern web stack designed for full-stack functionality, combining server-side logic with rich client-side experiences.
- Built primarily with TypeScript for enhanced type safety and developer experience
- Uses Express.js as the core backend framework, complemented by Astro for static site generation and Svelte for UI components
- Integrates a variety of system-level tools including Puppeteer, Wappalyzer, and DNS lookup utilities for in-depth analysis
- Development and build tools include Vite, Webpack, and Astro, enabling flexible deployment across platforms like Vercel and Netlify
Code Quality
The codebase maintains a moderate level of quality with consistent patterns and structured organization, although some areas show room for improvement.
- API endpoint handlers follow a standardized structure with consistent error handling and request validation
- Extensive use of middleware ensures cross-cutting concerns are handled uniformly across the application
- Shared utilities and configuration files promote reuse and reduce redundancy in logic
- Error handling is implemented at multiple levels, though not consistently applied across all modules
What Makes It Unique
Web Check distinguishes itself through its modular design and comprehensive suite of web analysis capabilities, making it a versatile tool for developers and analysts.
- The modular API architecture allows new checks to be added without modifying core logic, enhancing extensibility and maintainability
- Offers a rich set of over 30 different web analysis features in one unified platform, from security to performance
- Built-in rate limiting and security measures make it production-ready for enterprise use cases
- A component-based frontend with animated UI elements improves user engagement and provides visual feedback during analysis