Welcome to WebChecker Security Pro

Developed by Jose Hernandez

Passive website security intelligence, lookup tools, and professional reporting.
WebCheckerSecurity Pro
Ready

Website Security Scanner

Run non-invasive checks against domains and websites you are authorized to assess.

Ready

Passive Website Security Audit

Check HTTPS, TLS, security headers, DNS, email security, hosting, WAF/CDN indicators, cookies, exposed common web ports, robots, sitemap, and technology fingerprints.

Available Website Tools

Latest Lookup Output

Run a scan first. Lookup tools will populate automatically from the latest scan.

Professional Report Export

Export the latest scan as a complete HTML or PDF report with executive summary, risk matrix, top fixes, evidence, compliance, auditor notes, and client branding.

Compliance Score

OWASP Top 10 mapping, PCI DSS basic checks, HIPAA basic web exposure checks, and GDPR cookie/privacy checks based on passive evidence.

Run a scan first. Compliance results will appear here.

Pentest Accuracy / False Positive Validation

Safe validation that separates HTML fallback, JSON APIs, protected endpoints, disguised errors, and real exposure candidates.

Run a scan first. Pentest accuracy results will appear here.

HTTP Methods / CORS / Content-Type Pentest

Safe checks for OPTIONS, TRACE, advertised PUT/DELETE, CORS headers, and content-type confusion. No destructive PUT/DELETE requests are sent.

Run a scan first. HTTP/CORS pentest results will appear here.

Authentication & Session Pentest

Passive login surface, password form, session cookie flag, MFA indicator, and authentication weakness review. No login attempts or brute force are performed.

Run a scan first. Auth/session pentest results will appear here.

Discovery / Parameters / JS Mining Pentest

Discovers parameters, open-redirect-like names, upload surfaces, and injection-relevant parameters from HTML and JavaScript without sending payloads.

Run a scan first. Discovery pentest results will appear here.

WAF / DNS Takeover / Hidden Paths

Profiles WAF behavior, DNS takeover candidates, robots.txt hidden paths, response behavior, and clickjacking protection using safe passive probes.

Run a scan first. WAF/DNS/hidden path results will appear here.

Deep Evidence / JavaScript Analysis

Endpoint discovery from HTML and JavaScript, fetch/XHR/API calls, token-like patterns, JWT-like strings, and sensitive comments.

Run a scan first. Deep evidence results will appear here.

Audit Diff / Change Monitoring

Compares the current scan with the previous local baseline for the same hostname: score, findings, endpoints, headers, and certificate changes.

Run a scan first. Scan comparison will appear here.

WAF / Third-party Intelligence

Identifies WAF behavior against sensitive probes and reviews third-party script/domain risk.

Run a scan first. WAF and third-party intelligence will appear here.

Customization

Place your background image here and restart the app:

assets/background/background.jpg
src/renderer/assets/logo.png

The app already includes the CSS paths. Place your welcome logo as logo.png in src/renderer/assets/. If no background image exists, it uses a professional gradient background.