Web Check

Web Check (Lissy93/web-check) is an open-source, all-in-one OSINT website scanner that collects metadata, security indicators and configuration details to give quick "X‑ray" visibility into a URL. It combines a React frontend with lambda-style backend routines to aggregate DNS, headers, server info, safe‑browsing flags and other public artefacts into a single report.

It targets security, DevOps and governance teams, plus individual researchers and product owners who need fast external triage. Web Check replaces manual multi-tool lookups, surfaces exposed hosts and headers, and flags blocklist or configuration issues before deeper scans or formal pentests.

Use Cases

• Check a third-party site before linking or integrating it.
• Scan personal projects and side‑project domains for misconfiguration.
• Learn OSINT workflows with a simple UI-driven scanner.
• Pre-integration checks for SaaS connectors and vendor endpoints.
• External surface inventory for compliance and data residency reviews.
• Triage incident response by validating blocklist and header indicators.

Strengths

• Aggregates DNS, headers, server info and other OSINT signals.
• Shows security indicators including Google Safe Browsing flags.
• Exportable, shareable UI for team triage and reporting outputs.
• Deployable as Docker image or static site with serverless functions.
• Lightweight, fast reconnaissance for initial surface-area discovery.
• Focuses on aggregation and triage rather than deep authenticated scanning.
• Suitable for self-hosting; avoids sending scan data to external services.

Limitations

• Not a replacement for authenticated scanning or professional pentesting.
• May produce false positives and lacks exhaustive vulnerability coverage.
• Legal or acceptable-use policies may restrict scanning; follow scope rules.
• No documented enterprise SLA or official commercial support (Unverified).
• Demo or hosted instance behaviour and data retention are Unverified.

Final Thoughts

Try it now if you need fast external triage, want an OSS tool you can self-host, and accept lightweight, unauthenticated checks. Wait if you require authenticated scanning, regulatory-grade reports, or formal vendor SLAs.

Choose managed cloud when you lack ops resources or need third‑party hosting; note no official hosted offering or SLA is documented (Unverified).

References

• Lissy93/web-check — GitHub repository
• Lissy93/web-check — Releases
• Exploring Web Check: The OSINT Tool for Website Security — dbtechreviews
• Hacker News discussion: Show HN: I made tool that let's you see everything about any website