Web-Check

Comprehensive, on-demand open source intelligence for any website
🌐 web-check.xyz

Contents

• About
  • Screenshot
  • Live Demo
  • Mirror
  • Features
• Usage
  • Deployment
    • Option#1: Netlify
    • Option#2: Vercel
    • Option#3: Docker
    • Option#4: Source
  • Configuration Options
  • Developer Setup
• Community
  • Contributing
  • Bugs
  • Support
• License

About

Get an insight into the inner-workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using.

Currently the dashboard will show: IP info, SSL chain, DNS records, cookies, headers, domain info, search crawl rules, page map, server location, redirect ledger, open ports, traceroute, DNS security extensions, site performance, trackers, associated hostnames, carbon footprint. Stay tuned, as I'll add more soon!

The aim is to help you easily understand, optimize and secure your website.

Screenshot

Live Demo

A hosted version can be accessed at: web-check.as93.net

Mirror

The source for this repo is mirrored to CodeBerg, available at: codeberg.org/alicia/web-check

Features

Click to expand / collapse section

^{Note this list needs updating, many more jobs have been added since...}

The following section outlines the core features, and briefly explains why this data might be useful for you to know, as well as linking to further resources for learning more.

IP Info

Description

An IP address (Internet Protocol address) is a numerical label assigned to each device connected to a network / the internet. The IP associated with a given domain can be found by querying the Domain Name System (DNS) for the domain's A (address) record.

Use Cases

Finding the IP of a given server is the first step to conducting further investigations, as it allows us to probe the server for additional info. Including creating a detailed map of a target's network infrastructure, pinpointing the physical location of a server, identifying the hosting service, and even discovering other domains that are hosted on the same IP address.

Useful Links

• Understanding IP Addresses
• IP Addresses - Wiki
• RFC-791 Internet Protocol
• whatismyipaddress.com

SSL Chain

Description

SSL certificates are digital certificates that authenticate the identity of a website or server, enable secure encrypted communication (HTTPS), and establish trust between clients and servers. A valid SSL certificate is required for a website to be able to use the HTTPS protocol, and encrypt user + site data in transit. SSL certificates are issued by Certificate Authorities (CAs), which are trusted third parties that verify the identity and legitimacy of the certificate holder.

Use Cases

SSL certificates not only provide the assurance that data transmission to and from the website is secure, but they also provide valuable OSINT data. Information from an SSL certificate can include the issuing authority, the domain name, its validity period, and sometimes even organization details. This can be useful for verifying the authenticity of a website, understanding its security setup, or even for discovering associated subdomains or other services.

Useful Links

• TLS - Wiki
• What is SSL (via Cloudflare learning)
• RFC-8446 - TLS
• SSL Checker

DNS Records

Description

This task involves looking up the DNS records associated with a specific domain. DNS is a system that translates human-readable domain names into IP addresses that computers use to communicate. Various types of DNS records exist, including A (address), MX (mail exchange), NS (name server), CNAME (canonical name), and TXT (text), among others.

Use Cases

Extracting DNS records can provide a wealth of information in an OSINT investigation. For example, A and AAAA records can disclose IP addresses associated with a domain, potentially revealing the location of servers. MX records can give clues about a domain's email provider. TXT records are often used for various administrative purposes and can sometimes inadvertently leak internal information. Understanding a domain's DNS setup can also be useful in understanding how its online infrastructure is built and managed.

Useful Links

• What are DNS records? (via Cloudflare learning)
• DNS Record Types
• RFC-1035 - DNS
• DNS Lookup (via MxToolbox)

Cookies

Description

The Cookies task involves examining the HTTP cookies set by the target website. Cookies are small pieces of data stored on the user's computer by the web browser while browsing a website. They hold a modest amount of data specific to a particular client and website, such as site preferences, the state of the user's session, or tracking information.

Use Cases

Cookies can disclose information about how the website tracks and interacts with its users. For instance, session cookies can reveal how user sessions are managed, and tracking cookies can hint at what kind of tracking or analytics frameworks are being used. Additionally, examining cookie policies and practices can offer insights into the site's security settings and compliance with privacy regulations.

Useful Links

• HTTP Cookie Docs (Mozilla)
• What are Cookies (via Cloudflare Learning)
• Testing for Cookie Attributes (OWASP)
• RFC-6265 - Coolies

Crawl Rules

Description

Robots.txt is a file found (usually) at the root of a domain, and is used to implement the Robots Exclusion Protocol (REP) to indicate which pages should be ignored by which crawlers and bots. It's good practice to avoid search engine crawlers from over-loading your site, but should not be used to keep pages out of search results (use the noindex meta tag or header instead).

Use Cases

It's often useful to check the robots.txt file during an investigation, as it can sometimes disclose the directories and pages that the site owner doesn't want to be indexed, potentially because they contain sensitive information, or reveal the existence of otherwise hidden or unlinked directories. Additionally, understanding crawl rules may offer insights into a website's SEO strategies.

Useful Links

• Google Search Docs - Robots.txt
• Learn about robots.txt (via Moz.com)
• RFC-9309 - Robots Exclusion Protocol
• Robots.txt - wiki

> You can read more at https://github.com/Lissy93/web-check