Enterprise Web Intelligence & Cybersecurity Interface
High-performance Svelte 5 & Tauri UI for the web-analyzer reconnaissance engine
- Monolithic Intelligence Dashboard — Centralized UI utilizing advanced Glassmorphism design tokens for high-density OSINT data tracking.
- Deep Reconnaissance Arrays — Visually maps concurrent HTTP/HTTPS infrastructure profiling, subdomain takeover checking, and cloud CDN bypasses.
- Dynamic Security Matrices — Interactive Wiki dashboards covering 109 WHOIS Native root registries, 200+ port definitions, and 15+ modern Security Header specifications.
- Seamless Tauri IPC Flow — Connects directly to the
web-analyzercrates.io engine, broadcasting real-time concurrent JSON streams and shell footprints via MPSC channels without UI blocking. - Granular Security Gradings — Automatically assesses and grades Domain Posture from
A+toFfactoring in WAF configurations, CORS vulnerabilities, and Nmap CVE mappings. - Automated Deployments — Fully synchronized Github Action CI/CD targeting
.deb,.AppImage,.exe(NSIS), andApple Silicon .dmgalongside bleeding-edge Cannonical Snap Store availability.
WebQ bridges the entire suite of web-analyzer features into an interactive cross-platform UI.
| Module | Core Functionality |
|---|---|
| Domain Insight | Renders WHOIS (TCP), SSL chain checks, local DNS mapping, and port detection grids. |
| SEO Auditing | Scans 13 categories, tracking schema markers and visualizes technical gaps via checklists. |
| Tech Fingerprinting | Identifies 11 CMS platforms, frameworks, CDN footprints, and WpUser enumerations via Wappalyzer-like matrices. |
| Bulk Domain Validation | Parallel processing for bulk asset arrays testing DNS, HTTP, and TLS statuses with unified success graphs. |
| Module | Core Functionality |
|---|---|
| Subdomain Live Probing | Combines subfinder with concurrent async HTTP tests to visually filter live/dead target subdomains. |
| Target Contact Spidering | Implements BFS crawling to extract organization Emails, Social signatures, and Vcards matching specified regex bounds. |
| Advanced Secret Scanner | Sweeps exposed /config, /env, and /v1 logic testing 24 hardcoded API secret leaks with pulsing CVSS alerts. |
| Module | Core Functionality |
|---|---|
| Takeover Analysis | Maps active subdomains against a 36-service vulnerable CNAME registry with explicit mitigation tips. |
| Cloudflare Unmasking | Scrapes history logs against reverse DNS databases to filter private IPs and verify origin connectivity. |
| Nmap Zero-Day Correlation | Pipes nmap XML footprints natively into NVD databases rendering critical CVE threat data via interactive accordions. |
Help us build the next generation of cybersecurity tools! We are actively looking for community contributions. Check out our open requests below:
| Request | Description | Details |
|---|---|---|
| React2Shell Honeypot | Implement UI components for the React2Shell Honeypot engine | Read Request |
| React2Shell UI Profiling | Build Attacker Profiling and Signature Matrix UI for React2Shell | Read Request |
| Intelligence Gathering Extended UI | Expose missing SEO, CMS, SSL, and DNS telemetry in the UI | Read Request |
| Reconnaissance Extended UI | Surface data provenance and code context windows for scanners | Read Request |
| Security Assessment Extended UI | Add Exploit-DB linkage and granular header/cookie analysis | Read Request |
| Engine Transparency UI | Expose backend dictionaries, regexes, and payload rulesets | Read Request |
| AI Crawler Readiness Dashboard | Visualize LLMs.txt, WebMCP endpoints, and bot-blocking posture | Read Request |
| Bulk Domain Triage UI | Expose the async semaphore engine for high-concurrency batch scanning | Read Request |
| Infrastructure Port Matrix | Map 100+ ports to specific DB/DevOps services and show SSL expiry | Read Request |
| Configurable Nmap Profiles | Allow custom Nmap flags (Stealth, Exhaustive) instead of hardcoded args | Read Request |
| DNS Investigation Dashboard | Render parallelized A/MX/TXT records and SPF/DMARC health | Read Request |
# Frontend
npm install -g bun
# Desktop Dependencies
sudo apt install libwebkit2gtk-4.1-dev build-essential curl wget file libxdo-dev libssl-dev libayatana-appindicator3-dev librsvg2-dev
# Analysis Subprocesses
sudo apt install nmap dnsutils openssl whois
go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest# Configure submodules and SvelteKit parameters
bun install
# Launch Tauri Development Hot-Reload
bun run tauri devWebQ includes sophisticated native compilation pipelines for deployment.
git commit -m "chore: release WebQ vX.Y.Z"
git tag vX.Y.Z
git push origin main --tagsDeploying an annotated v* tag dynamically triggers the .github/workflows/release.yml and .github/workflows/snap.yml cloud compilation matrices, auto-releasing the UI builds to Github and Cannonical.
Thanks to all the amazing people who have contributed to WebQ!
| Contributor | Role | Contribution |
|---|---|---|
| Keyvan Arasteh | Core Developer | Architecture, Engine Integration, Full-Stack Development |
| Morteza (Mori) | Contributor | React2Shell Honeypot Telemetry UI, Attacker Profiling, Signature Matrix (#7) |
UI crafted with ✨ Obsidian Dashboards — İstinye University