Best Self Hosted Alternatives to VirusTotal

Web-Check is an open source OSINT tool designed to analyze any website and reveal its underlying architecture, security posture, and technology footprint. It aggregates data such as IP information, SSL chain details, DNS records, cookies, response headers, domain information, crawl rules, site map, server location, redirects, open ports, traceroute results, DNSSEC status, site performance, trackers, related hostnames, and even carbon footprint metrics.

Key Features

• IP info and network layout
• SSL chain and certificate details
• DNS records and domain information
• Cookies and response headers analysis
• Crawl rules and site map visibility
• Server location and redirects ledger
• Open ports and traceroute data
• DNSSEC presence and related security data
• Site performance metrics and trackers
• Related hostnames and asset discovery
• Carbon footprint estimation

Use Cases

• OSINT reconnaissance for security teams and threat intel
• Web security assessments and architecture discovery for devops and security engineers
• Performance and infrastructure analysis to optimize websites

Limitations and Considerations

• There is a known security advisory affecting the project’s screenshot API (command injection via unvalidated URL). Users should ensure they are on a patched release and follow secure deployment practices. (github.com)

Conclusion

• Web-Check is an open source, self-hostable OSINT solution that helps you understand a website’s internals and security posture. It supports multiple deployment options (Docker, Netlify, Vercel) and offers a hosted live demo for quick evaluation. (github.com)

Mistborn is an open source threat intelligence aggregation service designed to collect indicators of compromise (IOCs) and related threat data from multiple sources, normalize it, and make it easier to consume for security operations. It helps teams centralize feeds, reduce duplication, and improve the usability of threat intel in downstream tooling.

Key Features

• Aggregates threat intelligence from multiple sources and feed formats
• Normalizes and de-duplicates common IOC types (such as IPs, domains, URLs, and hashes)
• Enrichment support to add context to indicators (where configured)
• Export-oriented design for integrating aggregated intel into other systems
• Designed for ongoing ingestion and updating of intelligence over time

Use Cases

• Consolidating multiple threat feeds into a single curated dataset
• Providing enriched IOC lists for SIEM, EDR, or firewall blocklists
• Supporting incident response investigations with centralized threat intel

Mistborn is a practical option for teams that want a lightweight, self-managed way to operationalize threat intelligence, especially when working with many disparate feeds. By unifying collection and normalization, it can reduce analyst overhead and improve consistency across security workflows.