Open-source website intelligence and security reconnaissance tool
The reconnaissance tool you actually want to use β fast, web-based, and free.
Unicorn Scanner is a free, open-source web-based reconnaissance tool that gives you a comprehensive intelligence report on any website β in seconds. Think of it as having whois, nmap, wpscan, whatmydns, and who.is all rolled into one clean interface, accessible from any browser with no installation required.
Built for security researchers, web developers, and digital agencies who need fast, reliable website intelligence without switching between a dozen different tools.
β οΈ For authorized use only. Always ensure you have explicit permission before scanning any website. Unauthorized scanning may be illegal in your jurisdiction.
No sign-up. No API key. Just enter a URL and scan.
| Module | Details |
|---|---|
| Online Status | HTTP status code, response time, live/offline detection |
| Performance | Page load time, transfer size, KB/s |
| SSL Certificate | Issuer, expiry date, days remaining, TLS version, SANs, fingerprint |
| HTTP Headers | Full header dump + security header scorecard (HSTS, CSP, X-Frame-Options, etc.) |
| Module | Details |
|---|---|
| IP & Geolocation | City, country, ISP, ASN, coordinates, timezone |
| DNS Records | A, AAAA, MX, NS, TXT, CAA, SOA |
| DNS Propagation | A record checked across 7 global resolvers (Google, Cloudflare, Quad9, OpenDNS, AdGuard, NextDNS, Comcast) β like whatmydns |
| WHOIS | Registrar, registrant details, contacts, created/expiry/updated dates, DNSSEC status |
| Module | Details |
|---|---|
| Email Security | SPF record, DMARC policy, DKIM selector detection |
| Security Checks | Exposed .git, .env, phpinfo.php, backup.zip, readme.html, xmlrpc, admin panels |
| Cookies | Name, HttpOnly, Secure, SameSite flags for every cookie |
| Module | Details |
|---|---|
| Meta / SEO | Title, description, keywords, Open Graph tags, Twitter Card, Schema.org, canonical URL |
| Tech Stack | 35+ technology fingerprints β frameworks, CMS, analytics, CDN, payments |
| Common Files | robots.txt, sitemap.xml (with URL count), security.txt, ads.txt, humans.txt |
| Socials & Emails | Email addresses and social media profile links extracted from page HTML |
| Feature | Details |
|---|---|
| Core Version | Detected from meta generator or readme.html |
| Theme Details | Name, version, author, URI, description β parsed from style.css |
| Plugin Audit | Every plugin detected, with installed version vs latest version from WordPress.org API, flagging outdated plugins in red |
| Username Security | Weak username detection (admin, administrator, root, etc.), REST API exposure (/wp-json/wp/v2/users), author enumeration via /?author=N redirects |
| Exposure Checks | xmlrpc.php, readme.html, REST API enabled/disabled |
Unicorn Scanner was designed with security at its core β not just for scanning others, but in how it's built:
- No shell injection β zero
exec()oreval()with user input - WHOIS via TCP β direct socket connection, no shell commands
- Private IP blocking β SSRF protection, localhost/RFC1918 ranges rejected
- Rate limiting β 10 scans per 15 minutes per IP
- Consent required β users must confirm authorization before every scan
- Helmet.js β security headers on all API responses
| Layer | Technology |
|---|---|
| Frontend | React 18 + TypeScript + Tailwind CSS |
| Build | Vite |
| API (production) | Cloudflare Pages Functions (Workers runtime) |
| API (local/self-hosted) | Node.js + Express |
| DNS lookups | DNS-over-HTTPS (Cloudflare / Google DoH) |
| WHOIS | Direct TCP socket to WHOIS servers |
| SSL | Node.js tls module |
| Deployment | Cloudflare Pages / Netlify |
- Fork this repo
- Go to Cloudflare Pages β Create β Pages β Connect to Git
- Select your fork
- Set Build command:
npm run buildΒ· Output directory:dist - Leave Deploy command blank
- Deploy
Cloudflare auto-discovers functions/api/scan.js and serves it at /api/scan.
- Fork this repo
- Go to Netlify β Add new site β Import from Git
- Select your fork β
netlify.tomlhandles everything automatically - Deploy
git clone https://github.com/davidjenner/Unicorn.git
cd Unicorn
npm install
# Run both server and client in parallel
npm run devThe React dev server runs on http://localhost:5173 and proxies /api to the Express server on :5000.
βββ src/
β βββ App.tsx # React UI β all 16 result cards
β βββ main.tsx # Entry point
βββ functions/
β βββ api/scan.js # Cloudflare Pages Function (fetch-based)
βββ lib/
β βββ scanner.js # Shared Node.js scan logic (Express / Netlify)
βββ netlify/
β βββ functions/scan.js # Netlify serverless handler
βββ server.js # Express server (local dev / self-hosted)
βββ netlify.toml # Netlify build + redirect config
βββ wrangler.toml # Cloudflare Pages config
- PDF / JSON export of scan results
- Scan history (saved locally)
- Subdomain enumeration
- Port scanning (common ports)
- Broken link checker
- Email address harvesting (deeper crawl)
- API endpoint for programmatic access
- Dark/light theme toggle
Got a feature request? Open an issue.
Contributions are welcome. Please open an issue first to discuss what you'd like to change, then submit a pull request.
- Fork the repo
- Create a feature branch (
git checkout -b feature/my-feature) - Commit your changes
- Push and open a PR
David Jenner π linkedin.com/in/davidjenner6 π github.com/davidjenner
If Unicorn Scanner saved you time, consider giving the repo a star β it helps others find it.
If this tool genuinely helped you and you'd like to support its development:
Every coffee keeps the scanner running and the features coming. π¦
MIT Β© David Jenner
Use it, fork it, build on it β just don't scan systems you don't own.