Web-Check — All-in-One Website OSINT and Analysis Dashboard

Introduction

Web-Check provides a single dashboard that runs dozens of analysis checks against any URL. Enter a domain and get back DNS records, SSL certificate details, WHOIS data, HTTP headers, open ports, technology stack detection, and more. It is useful for security audits, competitive research, and debugging.

What Web-Check Does

• Aggregates 30+ checks including DNS, WHOIS, SSL chain, HTTP security headers, and redirect chains into one report
• Detects the technology stack (frameworks, CMS, CDN, analytics) using Wappalyzer-compatible fingerprinting
• Shows server location, ASN information, and IP geolocation on an interactive map
• Scans for open ports, exposed services, and DNS misconfigurations
• Displays Lighthouse-style performance and accessibility scores alongside security analysis

Architecture Overview

Web-Check is a Next.js application with a React frontend and serverless API routes. Each analysis module runs as an independent API handler that queries external services or parses raw DNS and HTTP responses. Results stream back to the frontend where they render as interactive cards. The app can run fully self-hosted with no external API keys required for core functionality, though some modules support optional API keys for enhanced data.

Self-Hosting & Configuration

• Deploy via Docker, Docker Compose, Vercel, or Netlify with minimal configuration
• Set optional API keys via environment variables for Shodan, VirusTotal, Google Safe Browsing, and other enrichment services
• Configure behind a reverse proxy with standard Nginx or Caddy HTTPS termination
• Customize the UI theme and disable specific check modules via environment variables
• Supports running on ARM architectures including Raspberry Pi

Key Features

• Zero mandatory external dependencies: core checks (DNS, WHOIS, headers, SSL) work without API keys
• Clean responsive dashboard with dark mode and collapsible result cards
• Export results as JSON or PDF for documentation and compliance reports
• Each check module is independent, so failures in one do not block others
• Open source with an active community and frequent updates

Comparison with Similar Tools

• Netcraft — commercial web analysis service; Web-Check is free and self-hosted
• SecurityHeaders.com — checks only HTTP headers; Web-Check covers DNS, SSL, WHOIS, and more
• BuiltWith — technology detection only; Web-Check adds security and infrastructure analysis
• Shodan — deep internet scanning platform; Web-Check is lighter and focused on per-site dashboards
• Nmap — command-line port and service scanner; Web-Check adds a web UI and non-network checks

FAQ

Q: Does Web-Check require API keys? A: Core checks work without any keys. Optional keys for Shodan, VirusTotal, and others unlock additional enrichment modules.

Q: Is it safe to scan sites I do not own? A: Web-Check performs passive analysis (DNS lookups, HTTP requests, public WHOIS). It does not exploit vulnerabilities. However, respect terms of service and local laws when analyzing third-party sites.

Q: Can I run Web-Check on a Raspberry Pi? A: Yes. Docker images are available for ARM64 and ARM7 architectures.

Q: How do I add custom checks? A: Each check is a standalone API route in the api/ directory. Add a new file exporting a handler function and register it in the frontend config.

Sources

• https://github.com/Lissy93/web-check
• https://web-check.xyz/