lissy93/web-check repository overview

⁠Web-Check

Comprehensive, on-demand open source intelligence for any website
🌐 web-check.xyz⁠

⁠About

Get an insight into the inner-workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using.

Currently the dashboard will show: IP info, SSL chain, DNS records, cookies, headers, domain info, search crawl rules, page map, server location, redirect ledger, open ports, traceroute, DNS security extensions, site performance, trackers, associated hostnames, carbon footprint. Stay tuned, as I'll add more soon!

The aim is to help you easily understand, optimize and secure your website.

⁠Screenshot

⁠Live Demo

A hosted version can be accessed at: web-check.as93.net⁠

⁠Mirror

The source for this repo is mirrored to CodeBerg, available at: codeberg.org/alicia/web-check⁠

⁠Motivation

Often when you're looking into a website, there's several things you always initially check. Think: Whois, SSL chain, DNS records, tech stack, security protocols, crawl rules, sitemap, redirects, basic performance, open ports, server info, etc. None of this is hard to find with a series of basic curl commands, or a combination of online tools. But it's just so much easier to have everything presented clearly and visible in one place :)

⁠Usage

⁠Developing

You'll need Node.js⁠ (V 18.16.1 or later) installed.

1. Clone the repo, git clone [email protected]:Lissy93/web-check.git
2. Cd into it, cd web-check
3. Install dependencies: yarn
4. Start the dev server, with yarn dev

Note that some checks also require chromium, traceroute and dns to be installed. These jobs will be skipped if those packages arn't present.

⁠Deploying - Option #1: Netlify

Click the button below, to deploy to Netlify 👇

⁠Deploying - Option #2: Docker

Run docker run -p 8888:3000 lissy93/web-check, then open http://localhost:3000

The app is published to DockerHub (hub.docker.com/r/lissy93/web-check⁠) as well as GHCR (ghcr.io/lissy93/web-check⁠), or you can build the image yourself by cloning the project and running docker build -t web-check .

⁠Deploying - Option #3: From Source

Follow the instructions in the Developing⁠ section above, then run yarn build && yarn start to build and serve the application.

⁠Configuring

By default, no configuration is needed, but there are some optional environmental variables that you can set to give you access to some additional checks. These include:

• GOOGLE_CLOUD_API_KEY - A Google API key (get here⁠). This can be used to return quality metrics for a site
• TORRENT_IP_API_KEY - A torrent API key (get here⁠). This will show torrents downloaded by an IP
• REACT_APP_SHODAN_API_KEY - A Shodan API key (get here⁠). This will show associated host names for a given domain
• REACT_APP_WHO_API_KEY - A WhoAPI key (get here⁠). This will show more comprehensive WhoIs records than the default job
• SECURITY_TRAILS_API_KEY - A Security Trails API key (get here⁠). This will show org info associated with the IP
• BUILT_WITH_API_KEY - A BuiltWith API key (get here⁠). This will show the main features of a site

The above keys can be added into an .env file in the projects root, or via the Netlify UI, or by passing directly to the Docker container.

⁠Community

⁠Contributing

Contributions of any kind are very welcome, and would be much appreciated. For Code of Conduct, see Contributor Convent⁠.

To get started, fork the repo, make your changes, add, commit and push the code, then come back here to open a pull request. If you're new to GitHub or open source, this guide⁠ or the git docs⁠ may help you get started, but feel free to reach out if you need any support.

⁠Reporting Bugs

If you've found something that doesn't work as it should, or would like to suggest a new feature, then go ahead and raise a ticket on GitHub. For bugs, please outline the steps needed to reproduce, and include relevant info like system info and resulting logs.

⁠Supporting

⁠License

The MIT License (MIT)
Copyright (c) Alicia Sykes <[email protected]> 

Permission is hereby granted, free of charge, to any person obtaining a copy 
of this software and associated documentation files (the "Software"), to deal 
in the Software without restriction, including without limitation the rights 
to use, copy, modify, merge, publish, distribute, sub-license, and/or sell 
copies of the Software, and to permit persons to whom the Software is furnished 
to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included install 
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANT ABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

© Alicia Sykes⁠ 2023
Licensed under MIT⁠

^{Thanks for visiting :)}