Web Check: An Essential Tool for OSINT URL and Domain Analysis

Open-source intelligence (OSINT) tools have become increasingly vital in today’s security landscape, playing an important role in strengthening any organization’s defense strategy. “Web Check” is a critical tool that offers detailed insights into website security posture and infrastructure. This free, open-source tool comprehensively analyses potential attack vectors, server architectures, and security configurations. Created by Alicia Sykes, Web Check is designed to assist cybersecurity professionals, OSINT investigators, developers, and site owners identify vulnerabilities and enhance their digital security.

Understanding a website’s technical structure and security framework is essential in our interconnected world. Web Check meets this need by offering in-depth analyses, including assessments of SSL chains, DNS records, and server information. Its extensive range of checks, such as malware and phishing detection, makes it an invaluable resource for cybersecurity research. This introduction delves into the core features of Web Check, highlights its benefits for cybersecurity research, and provides insights into its installation and usage. By documenting the capabilities of this OSINT tool, the article emphasizes Web Check’s importance in safeguarding digital environments.

Core Features of Web-Check

Once installed, Web Check injects code into webpages, unlocking several functionalities that enhance OSINT capabilities:

• MHTML Saving and Screenshots: Users can save pages in the MHTML format for offline viewing and take screenshots for records or analysis. This feature is handy for capturing the state of a webpage at a specific point in time.
• Graph Access and Highlights: The tool enables access to graphs that visually represent browsing history and interactions with web entities. It also allows users to go directly to highlighted sections of interest on a webpage.

The tool’s action menus are designed for efficiency, offering easy access to various entities:

• Entity Action Menus: Action menus appear for entities like names, email addresses, aliases, IP addresses, etc., simplifying tasks such as research and data correlation.

Web Check’s tracking and bookmarking capabilities streamline the research process:

• Page Tracking: Every visited page is tracked and saved as nodes in the graph view, creating a visual map of the user’s OSINT journey.
• Bookmarking with Colors: Four different colors can be used to bookmark webpages, allowing users to assign specific meanings to each color for quick reference.
• Bookmark Filtering: Users can filter their results by bookmark color, making organizing and revisiting significant findings easy.
• Quick Bookmarking: This convenient feature allows users to bookmark a page quickly by hovering over the control and selecting a color.

Additional screenshot functionality enhances the tool’s utility:

• Unlimited Screenshots: Users can mark webpage areas and save additional screenshots beyond the initial capture. In some cases, the screenshot action fails; if you do not see the screenshots, check out the details section for each task for more information:

• Screenshot Retrieval: Screenshots can be easily retrieved with a click, and there’s an option to copy them to the clipboard, which helps compile reports.
• Visual Indicators: Pages with additional screenshots are indicated with yellow borders in thumbnails and graph views, signaling extra information at a glance.

Web Check’s daily checks and notifications ensure up-to-date security assessments:

• Regular URL and Domain Checks: The tool performs daily checks on URLs and Domains within an organization’s asset list, providing regular security updates.
• Change Notifications: Notifications alert users to any changes in results, keeping them informed about their website’s security status.

The tool categorizes findings to aid in cybersecurity prioritization:

• Findings Categorization: Web Check sorts findings based on severity and relevance, aiding organizations in focusing their cybersecurity efforts effectively.

Web Check’s ease of use makes it accessible for varying expertise levels:

• User-Friendly Interface: The tool is designed for ease of use and does not require advanced technical skills, which broadens its accessibility.

The dashboard offers a comprehensive overview of a website’s technical aspects:

• Detailed Technical Insights: Users gain insights into a website’s IP info, SSL chains, DNS records, and more, which are essential for a thorough security and performance analysis.

Web Check’s core features encompass a wide range of checks and analyses:

• Extensive OSINT Features: From malware and phishing detection to server status and TLS cipher suites, Web Check’s features cover a broad spectrum of OSINT needs.

By integrating these features, Web Check stands out as an open-source intelligence tool that provides comprehensive insights into websites, aiding in identifying potential attack vectors and security configurations. Its dashboard is a testament to its all-encompassing approach, featuring everything from IP information to carbon footprint analysis, making it an indispensable tool for cybersecurity professionals and organizations.

Benefits of Web- Check for Cybersecurity Research

Web Check is an excellent tool for Cybersecurity Researchers.

1. Early Detection of Security Issues: Implemented and maintained correctly, Web Check can proactively alert organizations to common website security issues. This preemptive approach allows for timely interventions, minimizing the risk of cyber-attacks and enhancing confidence in web-facing services.
2. Mitigation Advice: Web Check not only identifies vulnerabilities but also provides actionable advice on how to fix them. This guidance is crucial for organizations to address and mitigate cybersecurity threats effectively.
3. Cost-Effectiveness: Web-Check is free and relatively simple to run and use, allowing even small organizations to maintain high levels of cybersecurity without incurring significant expenses.
4. Comprehensive Insights: Users gain valuable insights into potential attack vectors, server architecture, security configurations, and technologies in use. This thorough analysis aids in understanding, optimizing, and securing websites more effectively. For a deeper dive into how Web Check can provide these insights, review the resources available on GitHub and Help Net Security.
5. Cybersecurity Maturity: Using DNS Security Extensions, Web Check offers insights into an organization’s cybersecurity maturity and potential vulnerabilities, such as DNS spoofing and cache poisoning. This tool aspect is crucial for understanding and improving a website's security infrastructure. Further DNS security and maturity information can be found on Web Check’s GitHub repository.

Incorporating Web Check into your cybersecurity research enhances the detection and mitigation of security risks. It is so cost-effective and user-friendly, making it a valuable addition to any organization’s digital defense arsenal.

In-depth Feature Analysis

Depending on the Domain you are researching, your output will vary, as an example for google.com, here is what you could expect.

IP Information Analysis

When utilizing Web Check, the IP info feature displays the IP address linked to a domain, which is a starting point for probing the server for more details. This can be instrumental in creating a comprehensive map of a target’s network infrastructure and in discovering other domains hosted on the same IP address, which can reveal shared hosting environments or connected services.

SSL Chain Examination

The tool’s SSL chain functionality provides crucial information about SSL certificates, including details like the issuing authority, domain name, and validity period. Sometimes, it may even disclose organizational details. This information is pivotal for verifying a website’s authenticity and understanding its security setup, a cornerstone of trust in online transactions and communications.

DNS Records Insight

DNS records are a treasure trove of information, and Web Check displays various types associated with a domain, such as A, MX, NS, CNAME, and TXT records. This gives users a clear view into a domain’s DNS setup and online infrastructure, which can be used to assess how a website is connected to the internet and how it handles email and other services.

Cookie Scrutiny

Examining HTTP cookies set by the target website sheds light on how the site tracks and interacts with users. This can reveal insights about session management and tracking frameworks, which are essential for understanding the website's privacy and security measures.

Performance and Accessibility Metrics

Web Check leverages Lighthouse to measure a website’s performance, accessibility, best practices, and SEO, providing a checklist of 100 core metrics with scores for each category. This helps identify areas for improvement and ensures that the website adheres to modern web standards for a better user experience.

Server Location Discovery

Another feature of Web Check is determining the physical location of a server hosting a website based on its IP address. This information is useful for optimizing content delivery, ensuring compliance with data residency requirements, and identifying potential latency issues affecting user experience.

Associated Hosts Identification

By identifying and listing all domains and subdomains associated with a website’s primary domain, users can uncover related projects, backup sites, development/test sites, or services linked to the main site. This can be particularly useful for a comprehensive security review or for understanding the full scope of an organization’s online presence.

Redirect Chain Mapping

Tracing the sequence of HTTP redirects from an original URL to its final destination can help users identify relationships between domains or uncover the use of specific technologies or hosting providers. This analysis can be crucial in understanding how users reach a website and the infrastructure that supports it.

Each feature contributes to Web Check's robust capabilities as an OSINT tool, providing users with a detailed and actionable understanding of a website’s infrastructure and security posture. With the help of Web Check, cybersecurity professionals and enthusiasts can enhance their research and protect digital assets more effectively.

There is also a ton of external tools that can be called directly from the web-check user interface.

Conclusion

Web-Check is a great tool for OSINT analysts, cybersecurity researchers, and generally interested individuals. It is very flexible, easy to deploy, and free to use. Give it a try.

How to install

To seamlessly integrate the Web Check OSINT tool into your cybersecurity toolkit, follow these straightforward installation steps:

Deployment Options:

Web Check can be deployed using Netlify or Docker or from the source. For Docker deployment, you’ll need to set up various API keys, including Google API Keys, Showdown API Keys, and WhoAPI Key, after you have pulled the image. These keys are essential for the tool to function correctly and can be set up by following instructions from this tutorial video. We will focus on Docker here, the other options are also documented on the GitHub page

Docker Installation Commands:

If you choose Docker for deployment, you can follow the instructions on the project GitHub page at https://github.com/Lissy93/web-check

Use the command docker run -p 3000:3000 lissy93/web-checkto pull the image and run it. These commands will set up Web Check on your Docker environment.

Using Web Check:

• Once the installation is complete, you can start analyzing websites by navigating to http://localhost:3000 or http://127.0.0.1:3000
• Alternatively, you can use the IP address of the server running Docker.
• Now, enter the domain name you wish to check, and Web Check will begin its analysis. Watch this installation video for a visual guide on this process.

If you like my article, buy me a coffee to keep me going :)

Sigmund Brandstaetter

OSINT|PH - Digital Forensics and Cybersecurity Consulting

https://www.linkedin.com/in/sigmundbrandstaetter/