Web-Check: One-Click OSINT for Any Website's Inner Workings

There are plenty of times you want to peek under the hood of a website. Maybe you’re auditing your own site’s security headers, checking if a competitor is using Cloudflare, or investigating a suspicious domain. Usually that means juggling a dozen different tools — one for DNS lookups, another for SSL checks, yet another for HTTP headers. It’s tedious.

Enter Web-Check. It’s an open-source tool that does all of that in one place. Give it a URL, and it returns a comprehensive breakdown of that website’s technical setup. DNS records, SSL certs, server location, open ports, security headers, tech stack — it’s all there.

What It Does

Web-Check is a self-hosted web app (or you can use the live demo) that runs a suite of OSINT checks against any domain or URL. Just type in the address, and it fires off a series of scans:

• DNS records (A, AAAA, MX, NS, TXT, CNAME, SOA)
• SSL certificate details (issuer, validity, ciphers)
• HTTP security headers (HSTS, CSP, X-Frame-Options, etc.)
• Server location (IP geolocation)
• Open ports (common services)
• Technology stack detection (CMS, frameworks, analytics)
• Email and social link discovery
• WhoIs info (if available)
• Cookie analysis
• And more

The results are presented in a clean, organized dashboard with color-coded status indicators. Green means good, red means something to investigate.

Why It’s Cool

First, it’s one tool instead of ten. You don’t need to open separate tabs for each check. Web-Check runs everything in parallel, so you get a full site report in seconds.

Second, it’s self-hostable. Luke Smith, the creator, built it as a single Docker container. You can run it on your own server, keep your scan data private, and avoid rate limits from public services. The entire stack is Node.js + React + a handful of well-written API wrappers.

Third, the UI is excellent. The dashboard uses cards and expandable sections. Each check shows the raw data (like exact DNS records) but also a summary — “SSL certificate expires in 47 days” — so you don’t have to parse technical output every time.

Practical use cases:

• Security audits: Check your own site’s headers and SSL config before a pentest.
• Recon: Before engaging with a target domain (for legal work), get a quick picture of their tech stack.
• Competitive analysis: See what hosting provider or CDN a competitor uses.
• Bug bounty hunting: Many bounty programs ask for basic recon first. Web-Check gives you a solid starting point.

How to Try It

The easiest way is the live demo at web-check.xyz. Just type a URL and hit enter. No signup required.

If you want to host it yourself:

git clone https://github.com/Lissy93/web-check.git
cd web-check
docker build -t web-check .
docker run -p 3000:3000 web-check

That’s it. Open http://localhost:3000 and you’re good.

For non-Docker setups, check the README — it covers manual install with Node.js and npm.

Final Thoughts

Web-Check is one of those tools you bookmark and forget about until you need it — and then it saves you 20 minutes of clicking around. It’s not trying to be a full-blown security scanner or a pentesting framework. It’s a fast, reliable info-grabber for when you need to know what’s sitting behind a domain.

If you’re a developer who does occasional security checks, runs your own sites, or just likes exploring the web’s plumbing, this is a solid addition to your toolkit. It’s free, open source, and the code is clean enough to extend if you want.

I keep a local instance running on my dev machine. It’s the first thing I hit when I encounter a new domain I’m about to work with.

Found this on GitHub, shared by @githubprojects