WebCheck - https://webcheck.felixent.net
Web-Check is a powerful all-in-one tool for discovering information about a website/host. The core philosophy is simple: feed Web-Check a URL and let it gather, collate, and present a broad array of open data for you to delve into.
The report shines a spotlight onto potential attack vectors, existing security measures, and the web of connections within a site's architecture. The results can also help optimizing server responses, configuring redirects, managing cookies, or fine-tuning DNS records for your site.
So, whether you're a developer, system administrator, security researcher, penetration tester or are just interested in discovering the underlying technologies of a given site - I'm sure you'll find this a useful addition to your toolbox.
Web-Check is developed and maintained by Felixent. It's licensed under the MIT license, and is completely free to use, modify and distribute in both personal and commercial settings. Source code and self-hosting docs are available on GitHub. If you've found this service useful, consider sponsoring me from $1/month, to help with the ongoing hosting and development costs.
When conducting an OSINT investigation on a given website or host, there are several key areas to look at. Each of these are documented below, along with links to the tools and techniques you can use to gather the relevant information.
Web-Check can automate the process of gathering this data, but it will be up to you to interpret the results and draw conclusions.
- IP Info
- SSL Chain
- DNS Records
- Cookies
- Crawl Rules
- Headers
- Quality Metrics
- Server Location
- Associated Hosts
- Redirect Chain
- TXT Records
- Server Status
- Open Ports
- Traceroute
- Carbon Footprint
- Server Info
- Whois Lookup
- Domain Info
- DNS Security Extensions
- Site Features
- HTTP Strict Transport Security
- DNS Server
- Tech Stack
- Listed Pages
- Security.txt
- Linked Pages
- Social Tags
- Email Configuration
- Firewall Detection
- HTTP Security Features
- Archive History
- Global Ranking
- Block Detection
- Malware & Phishing Detection
- TLS Cipher Suites
- TLS Security Config
- TLS Handshake Simulation
- Screenshot
- Please use this tool responsibly. Do not use it for hosts you do not have permission to scan. Do not use it as part of a scheme to attack or disrupt services.
- Requests may be rate-limited to prevent abuse. If you need to make more bandwidth, please deploy your own instance.
- There is no guarantee of uptime or availability. If you need to make sure the service is available, please deploy your own instance.
- Please use fairly, as excessive use will quickly deplete the lambda function credits, making the service unavailable for others (and/or empty my bank account!).
-
Analytics are used on the demo instance (via a self-hosted Plausible instance), this only records the URL you visited but no personal data. There's also some basic error logging (via a self-hosted GlitchTip instance), this is only used to help me fix bugs.
-
Neither your IP address, browser/OS/hardware info, nor any other data will ever be collected or logged. (You may verify this yourself, either by inspecting the source code or the using developer tools)