Checks Overview

Every time you scan a URL, recon-web runs 39 checks across 6 categories. Each check runs in parallel so the entire scan typically completes in under 30 seconds.

Some checks depend on optional API keys. Without any keys configured, 34 checks run out of the box. See Configuration for details on adding API keys.

Tip

You can run a subset of checks from the CLI with the --only and --skip flags, or from the API by specifying which handlers to include.

All checks by category

#	Check	Category	Description
1	SSL Certificate	Security	Reads the TLS certificate — issuer, expiry, trust chain
2	SSL Grade	Security	Letter grade (A+ to F) from Qualys SSL Labs
3	TLS Configuration	Security	Protocol version, cipher suites, configuration quality
4	HSTS	Security	Strict-Transport-Security header and preload status
5	HTTP Security Headers	Security	Scores CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
6	Firewall (WAF)	Security	Detects web application firewalls (Cloudflare, AWS WAF, Akamai, etc.)
7	security.txt	Security	Checks for a vulnerability disclosure policy file
8	Threats	Security	Cross-references against Google Safe Browsing, URLHaus, PhishTank, Cloudmersive
9	Block Lists	Security	Checks 17 DNS-based block lists
10	VirusTotal	Security	Scans against 70+ antivirus engines
11	AbuseIPDB	Security	IP reputation and abuse confidence scoring
12	WordPress	Security	Detects WordPress, enumerates plugins/themes, finds misconfigurations
13	DNS Records	DNS	Resolves A, AAAA, MX, NS, TXT, CNAME, SOA, SRV, PTR
14	DNS Provider	DNS	Identifies authoritative nameserver and DoH support
15	DNSSEC	DNS	Validates DNSKEY, DS, and RRSIG records
16	TXT Records	DNS	Parses SPF, DKIM, domain verification entries
17	Mail Configuration	DNS	MX records, mail provider identification, SPF/DMARC analysis
18	HTTP Status	Network	Status code and response time
19	HTTP Headers	Network	Full response header dump
20	Cookies	Network	Cookie names and security flags
21	Redirects	Network	Full redirect chain with status codes
22	Open Ports	Network	Scans 33 common TCP ports
23	IP Address	Network	Resolves domain to IP
24	Server Location	Network	GeoIP lookup with map display
25	Traceroute	Network	Network hops to target
26	robots.txt	Content	Parses crawler directives
27	Sitemap	Content	Finds and parses XML sitemap
28	Social Tags	Content	OpenGraph, Twitter Cards, meta description
29	Linked Pages	Content	Internal and external link analysis
30	SEO Audit	Content	On-page SEO scoring (0-100)
31	WHOIS	Meta	Domain registration details
32	Archive History	Meta	Wayback Machine snapshot count and date range
33	Domain Ranking	Meta	Tranco top-1M popularity ranking
34	Legacy Ranking	Meta	Cisco Umbrella popularity ranking
35	Features	Meta	BuiltWith feature and technology detection
36	Tech Stack	Meta	Framework, CMS, CDN, analytics detection from HTML/headers
37	Screenshot	Meta	Visual capture of the rendered page
38	Carbon Footprint	Performance	Page weight, CO2 estimate, green hosting check
39	PageSpeed	Performance	Google Lighthouse performance, accessibility, best practices, SEO scores

Category breakdown

Category	Checks	Focus area
Security	12	SSL/TLS, headers, WAF, threat intelligence, WordPress
DNS	5	Records, DNSSEC, provider, email configuration
Network	8	Status, headers, cookies, ports, traceroute, geolocation
Content	5	robots.txt, sitemap, social tags, links, SEO
Meta	7	WHOIS, archives, ranking, tech stack, screenshot
Performance	2	Carbon footprint, Lighthouse audits

Checks requiring API keys

Five checks require optional API keys to function. Without the key, the check is skipped gracefully.

Check	Environment variable	Free tier
VirusTotal	VIRUSTOTAL_API_KEY	500 requests/day
AbuseIPDB	ABUSEIPDB_API_KEY	1,000 checks/day
PageSpeed	GOOGLE_CLOUD_API_KEY	Generous free quota
Features	BUILT_WITH_API_KEY	Limited free tier
Threats (partial)	CLOUDMERSIVE_API_KEY	Limited free tier