Skip to content

πŸ•΅οΈβ€β™‚οΈ All-in-one OSINT tool for analysing any website. Self-Hosted Edition!

License

Notifications You must be signed in to change notification settings

xray-web/web-check-free

Β 
Β 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

Web Check (Free!)


A fork of Lissy93/Web-Check, optimized for easy self-hosting
Comprehensive, on-demand open source intelligence for any website


Deployment

Deploying - Option #1: Netlify

Click the button below, to deploy to Netlify πŸ‘‡

Deploy to Netlify

Deploying - Option #2: Vercel

Click the button below, to deploy to Vercel πŸ‘‡

Deploy with Vercel

Deploying - Option #3: Docker

Run docker run -p 3000:3000 lissy93/web-check:1.0.0, then open localhost:3000

Docker Options

You can get the Docker image from:

Be sure to include the 1.0.0 tag when pulling the image.

Deploying - Option #4: From Source

git clone https://github.com/xray-web/web-check-free.git  # Download the code from GitHub
cd web-check-free                                         # Navigate into the project dir
yarn install                                              # Install the NPM dependencies
yarn build                                                # Build the app for production
yarn serve                                                # Start the app (API and GUI)

Configuring

By default, no configuration is needed.

But there are some optional environmental variables that you can set to give you access to some additional checks, or to increase rate-limits for some checks that use external APIs.

API Keys & Credentials
Key Value
GOOGLE_CLOUD_API_KEY A Google API key (get here). This can be used to return quality metrics for a site
REACT_APP_SHODAN_API_KEY A Shodan API key (get here). This will show associated host names for a given domain
REACT_APP_WHO_API_KEY A WhoAPI key (get here). This will show more comprehensive WhoIs records than the default job
Full / Upcoming Vals
  • GOOGLE_CLOUD_API_KEY - A Google API key (get here). This can be used to return quality metrics for a site
  • REACT_APP_SHODAN_API_KEY - A Shodan API key (get here). This will show associated host names for a given domain
  • REACT_APP_WHO_API_KEY - A WhoAPI key (get here). This will show more comprehensive WhoIs records than the default job
  • SECURITY_TRAILS_API_KEY - A Security Trails API key (get here). This will show org info associated with the IP
  • CLOUDMERSIVE_API_KEY - API key for Cloudmersive (get here). This will show known threats associated with the IP
  • TRANCO_USERNAME - A Tranco email (get here). This will show the rank of a site, based on traffic
  • TRANCO_API_KEY - A Tranco API key (get here). This will show the rank of a site, based on traffic
  • URL_SCAN_API_KEY - A URLScan API key (get here). This will fetch miscalanious info about a site
  • BUILT_WITH_API_KEY - A BuiltWith API key (get here). This will show the main features of a site
  • TORRENT_IP_API_KEY - A torrent API key (get here). This will show torrents downloaded by an IP
Configuration Settings
Key Value
PORT Port to serve the API, when running server.js (e.g. 3000)
API_ENABLE_RATE_LIMIT Enable rate-limiting for the /api endpoints (e.g. true)
API_TIMEOUT_LIMIT The timeout limit for API requests, in milliseconds (e.g. 10000)
API_CORS_ORIGIN Enable CORS, by setting your allowed hostname(s) here (e.g. example.com)
CHROME_PATH The path the Chromium executable (e.g. /usr/bin/chromium)
DISABLE_GUI Disable the GUI, and only serve the API (e.g. false)
REACT_APP_API_ENDPOINT The endpoint for the API, either local or remote (e.g. /api)

All values are optional.

You can add these as environmental variables. Either put them directly into an .env file in the projects root, or via the Netlify / Vercel UI, or by passing to the Docker container with the --env flag, or using your own environmental variable management system

Note that keys that are prefixed with REACT_APP_ are used client-side, and as such they must be scoped correctly with minimum privileges, since may be made visible when intercepting browser <-> server network requests


Why this Fork?

While Web Check will always remain 100% free and open source, the work on the upstream repo at the moment is more geared towards making the managed instance as scalable and cost effective to run at scale as possible. This includes features for advanced rate-limiting, user signup and billing. This new work adds excess overhead for those who just want to host their own instance on the cloud or locally.

To solve this, we cut this repo from Web-Check:1.0.0, to keep it free and easy for anyone who wants to self-host their own instance of Web Check.

If you'd rather not deploy your own, and would just like to use the public instance, you can do so at web-check.xyz.


Sponsor

Found Web Check useful? Consider supporting us, by sponsoring Lissy93 on GitHub πŸ’–

This project is only possible, thanks to supporters like you. Your donations will be used to cover running costs, and to fund both ongoing maintence and the development of new features, on both Web Check, and our other projects.

Sponsor Lissy93 on GitHub


License

Web-Check is licensed under MIT Β© Alicia Sykes 2024.
For information, see TLDR Legal > MIT

Expand License
The MIT License (MIT)
Copyright (c) Alicia Sykes <[email protected]> 

Permission is hereby granted, free of charge, to any person obtaining a copy 
of this software and associated documentation files (the "Software"), to deal 
in the Software without restriction, including without limitation the rights 
to use, copy, modify, merge, publish, distribute, sub-license, and/or sell 
copies of the Software, and to permit persons to whom the Software is furnished 
to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included install 
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANT ABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

View Dependency Licenses & SBOM on FOSSA


Kindly supported by:
Terminal Trove
The $HOME of all things in the terminal.

Find your next CLI / TUI tool and more at Terminal Trove,
Get updates on new tools on our newsletter.


Β© Alicia Sykes 2024
Licensed under MIT

Thanks for visiting :)

About

πŸ•΅οΈβ€β™‚οΈ All-in-one OSINT tool for analysing any website. Self-Hosted Edition!

Resources

License

Stars

Watchers

Forks

Sponsor this project

 

Languages

  • TypeScript 76.1%
  • JavaScript 21.4%
  • HTML 1.5%
  • Other 1.0%