Is it illegal to use this tool?

No. ZenUtils Web Check only collects 'OSINT (Open Source Intelligence)', meaning data that is public on the internet (DNS records, SSL certificates). It does not perform brute force attacks or attempt to breach passwords.

Can it detect if my site was hacked?

It can detect symptoms, like unusual open ports or strange redirects, but it is not a server-side antivirus. It is an external auditing tool.

What do the DNS records mean?

They are the phonebook of the internet. The 'A' record points to the server IP. The 'MX' record tells where to send email. The 'TXT' record is often used to verify domain ownership (Google, Facebook).

Website Forensic Analyzer (OSINT)

What does the internet know about your website?

When you publish a website, you don't just publish the visible HTML. Your server constantly emits metadata that, into the wrong hands, can be attack vectors. Or in the right hands, valuable information for optimization.

OSINT (Open Source Intelligence) is the discipline of collecting this public data. ZenUtils Web Check automates the work of 10 command-line tools (`dig`, `whois`, basic `nmap`, `curl`) in a single click.

Analysis Layers

1. Infrastructure and DNS

We analyze DNS records to see who provides the hosting (Cloudflare, AWS, DigitalOcean). We detect misconfigurations in SPF/DMARC records that could make your emails land in Spam.

2. SSL/TLS Security

Having the "green padlock" is not enough. We analyze the certificate chain. When does your certificate expire? Are you using obsolete TLS versions (1.0 or 1.1) that modern browsers will soon block?

3. HTTP Security Headers

Security headers are instructions that your server sends to the browser to protect the user. We check for the presence of:

HSTS: Forces the browser to always use HTTPS.
CSP (Content Security Policy): Prevents XSS attacks by blocking the loading of scripts from unauthorized domains.
X-Frame-Options: Prevents other sites from embedding your web in an iframe (Clickjacking).

Ethical Warning: This tool should be used to audit your own assets or investigate public domains for educational purposes. Do not use it to look for vulnerabilities in third-party sites without explicit authorization (Bug Bounty).

Technology Inspection (Wappalyzer)

Have you ever wondered "What is this site made with?". Web Check analyzes the source code and cookies to identify:

CMS: WordPress, Drupal, Ghost.
Web Server: Nginx, Apache, LiteSpeed.
JS Frameworks: React, Vue, Angular, Svelte.
Analytics: Google Analytics, Plausible, Hotjar.

This is vital for competitive intelligence. If you see that your competition loads in 0.5s and uses Next.js with Vercel, perhaps you should consider modernizing your old PHP stack.

Server Geolocation

Knowing where a server physically lives is important for two reasons:

Latency: If your users are from Spain but your server is in California, light takes 150ms to make the round trip. Moving it to Frankfurt or Madrid would instantly improve the experience.
GDPR: If you handle data of European citizens, you must ensure that data does not travel to jurisdictions without adequate privacy agreements. Web Check shows you the country and network (ASN) of the hosting.

Firewall and Ports

We perform a passive scan of common ports (80, 443, 8080, 22). Leaving the SSH port (22) open to the whole internet is inviting bots to try guessing your root password. If Web Check detects unnecessary open ports, rush to close your Firewall (UFW/IPTables).

Complete X-Ray Audit (OSINT)