Webq
WebQ: A blazing fast, cross-platform security analysis and intelligence gathering utility powered by Tauri v2, Svelte 5, and the web-analyzer Rust crate.
π WebQ
Enterprise Web Intelligence & Cybersecurity Interface
High-performance Svelte 5 & Tauri UI for the web-analyzer reconnaissance engine
β¨ Features
- Monolithic Intelligence Dashboard β Centralized UI utilizing advanced Glassmorphism design tokens for high-density OSINT data tracking.
- Deep Reconnaissance Arrays β Visually maps concurrent HTTP/HTTPS infrastructure profiling, subdomain takeover checking, and cloud CDN bypasses.
- Dynamic Security Matrices β Interactive Wiki dashboards covering 109 WHOIS Native root registries, 200+ port definitions, and 15+ modern Security Header specifications.
- Seamless Tauri IPC Flow β Connects directly to the
web-analyzercrates.io engine, broadcasting real-time concurrent JSON streams and shell footprints via MPSC channels without UI blocking. - Granular Security Gradings β Automatically assesses and grades Domain Posture from
A+toFfactoring in WAF configurations, CORS vulnerabilities, and Nmap CVE mappings. - Automated Deployments β Fully synchronized Github Action CI/CD targeting
.deb,.AppImage,.exe(NSIS), andApple Silicon .dmgalongside bleeding-edge Cannonical Snap Store availability.
π¦ Reconnaissance Modules
WebQ bridges the entire suite of web-analyzer features into an interactive cross-platform UI.
π Intelligence Gathering
| Module | Core Functionality |
|---|---|
| Domain Insight | Renders WHOIS (TCP), SSL chain checks, local DNS mapping, and port detection grids. |
| SEO Auditing | Scans 13 categories, tracking schema markers and visualizes technical gaps via checklists. |
| Tech Fingerprinting | Identifies 11 CMS platforms, frameworks, CDN footprints, and WpUser enumerations via Wappalyzer-like matrices. |
| Bulk Domain Validation | Parallel processing for bulk asset arrays testing DNS, HTTP, and TLS statuses with unified success graphs. |
π΅οΈ Defensive SecOps
| Module | Core Functionality |
|---|---|
| Subdomain Live Probing | Combines subfinder with concurrent async HTTP tests to visually filter live/dead target subdomains. |
| Target Contact Spidering | Implements BFS crawling to extract organization Emails, Social signatures, and Vcards matching specified regex bounds. |
| Advanced Secret Scanner | Sweeps exposed /config, /env, and /v1 logic testing 24 hardcoded API secret leaks with pulsing CVSS alerts. |
π‘οΈ Vulnerability Analysis
| Module | Core Functionality |
|---|---|
| Takeover Analysis | Maps active subdomains against a 36-service vulnerable CNAME registry with explicit mitigation tips. |
| Cloudflare Unmasking | Scrapes history logs against reverse DNS databases to filter private IPs and verify origin connectivity. |
| Nmap Zero-Day Correlation | Pipes nmap XML footprints natively into NVD databases rendering critical CVE threat data via interactive accordions. |
π Quick Start (Development)
Prerequisites
# Frontend
npm install -g bun
# Desktop Dependencies
sudo apt install libwebkit2gtk-4.1-dev build-essential curl wget file libxdo-dev libssl-dev libayatana-appindicator3-dev librsvg2-dev
# Analysis Subprocesses
sudo apt install nmap dnsutils openssl whois
go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
Build Pipeline
# Configure submodules and SvelteKit parameters
bun install
# Launch Tauri Development Hot-Reload
bun run tauri dev
ποΈ Release Pipeline
WebQ includes sophisticated native compilation pipelines for deployment.
git commit -m "chore: release WebQ vX.Y.Z"
git tag vX.Y.Z
git push origin main --tags
Deploying an annotated v* tag dynamically triggers the .github/workflows/release.yml and .github/workflows/snap.yml cloud compilation matrices, auto-releasing the UI builds to Github and Cannonical.
UI crafted with β¨ Obsidian Dashboards β Δ°stinye University
