Home

Awesome

<a href="https://www.spiderfoot.net/r.php?u=aHR0cHM6Ly93d3cuc3BpZGVyZm9vdC5uZXQv&s=os_gh"><img src="https://www.spiderfoot.net/wp-content/themes/spiderfoot/img/spiderfoot-wide.png"></a>

License Python Version Stable Release CI status Last Commit Codecov Twitter Follow Discord

SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate.

SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line. It's written in Python 3 and MIT-licensed.

<img src="https://www.spiderfoot.net/wp-content/uploads/2022/04/opensource-screenshot-v4.png" />

FEATURES

WANT MORE?

Need more from SpiderFoot? Check out SpiderFoot HX for:

See the full set of differences between SpiderFoot HX and the open source version here.

USES

SpiderFoot can be used offensively (e.g. in a red team exercise or penetration test) for reconnaissance of your target or defensively to gather information about what you or your organisation might have exposed over the Internet.

You can target the following entities in a SpiderFoot scan:

SpiderFoot's 200+ modules feed each other in a publisher/subscriber model to ensure maximum data extraction to do things like:

INSTALLING & RUNNING

To install and run SpiderFoot, you need at least Python 3.7 and a number of Python libraries which you can install with pip. We recommend you install a packaged release since master will often have bleeding edge features and modules that aren't fully tested.

Stable build (packaged release):

 wget https://github.com/smicallef/spiderfoot/archive/v4.0.tar.gz
 tar zxvf v4.0.tar.gz
 cd spiderfoot-4.0
 pip3 install -r requirements.txt
 python3 ./sf.py -l 127.0.0.1:5001

Development build (cloning git master branch):

 git clone https://github.com/smicallef/spiderfoot.git
 cd spiderfoot
 pip3 install -r requirements.txt
 python3 ./sf.py -l 127.0.0.1:5001

Check out the documentation and our asciinema videos for more tutorials.

COMMUNITY

Whether you're a contributor, user or just curious about SpiderFoot and OSINT in general, we'd love to have you join our community! SpiderFoot now has a Discord server for seeking help from the community, requesting features or just general OSINT chit-chat.

WRITING CORRELATION RULES

We have a comprehensive write-up and reference of the correlation rule-set introduced in SpiderFoot 4.0 here.

Also take a look at the template.yaml file for a walk through. The existing 37 rules are also quite readable and good as starting points for additional rules.

MODULES / INTEGRATIONS

SpiderFoot has over 200 modules, most of which don't require API keys, and many of those that do require API keys have a free tier.

NameDescriptionType
AbstractAPILook up domain, phone and IP address information from AbstractAPI.Tiered API
abuse.chCheck if a host/domain, IP address or netblock is malicious according to Abuse.ch.Free API
AbuseIPDBCheck if an IP address is malicious according to AbuseIPDB.com blacklist.Tiered API
Abusix Mail IntelligenceCheck if a netblock or IP address is in the Abusix Mail Intelligence blacklist.Tiered API
Account FinderLook for possible associated accounts on over 500 social and other websites such as Instagram, Reddit, etc.Internal
AdBlock CheckCheck if linked pages would be blocked by AdBlock Plus.Tiered API
AdGuard DNSCheck if a host would be blocked by AdGuard DNS.Free API
AhmiaSearch Tor 'Ahmia' search engine for mentions of the target.Free API
AlienVault IP ReputationCheck if an IP or netblock is malicious according to the AlienVault IP Reputation database.Free API
AlienVault OTXObtain information from AlienVault Open Threat Exchange (OTX)Tiered API
Amazon S3 Bucket FinderSearch for potential Amazon S3 buckets associated with the target and attempt to list their contents.Free API
Apple iTunesSearch Apple iTunes for mobile apps.Free API
Archive.orgIdentifies historic versions of interesting files/pages from the Wayback Machine.Free API
ARINQueries ARIN registry for contact information.Free API
Azure Blob FinderSearch for potential Azure blobs associated with the target and attempt to list their contents.Free API
Base64 DecoderIdentify Base64-encoded strings in URLs, often revealing interesting hidden information.Internal
BGPViewObtain network information from BGPView API.Free API
Binary String ExtractorAttempt to identify strings in binary content.Internal
BinaryEdgeObtain information from BinaryEdge.io Internet scanning systems, including breaches, vulnerabilities, torrents and passive DNS.Tiered API
Bing (Shared IPs)Search Bing for hosts sharing the same IP.Tiered API
BingObtain information from bing to identify sub-domains and links.Tiered API
Bitcoin FinderIdentify bitcoin addresses in scraped webpages.Internal
Bitcoin Who's WhoCheck for Bitcoin addresses against the Bitcoin Who's Who database of suspect/malicious addresses.Tiered API
BitcoinAbuseCheck Bitcoin addresses against the bitcoinabuse.com database of suspect/malicious addresses.Free API
BlockchainQueries blockchain.info to find the balance of identified bitcoin wallet addresses.Free API
blocklist.deCheck if a netblock or IP is malicious according to blocklist.de.Free API
BotScoutSearches BotScout.com's database of spam-bot IP addresses and e-mail addresses.Tiered API
botvrij.euCheck if a domain is malicious according to botvrij.eu.Free API
BuiltWithQuery BuiltWith.com's Domain API for information about your target's web technology stack, e-mail addresses and more.Tiered API
C99Queries the C99 API which offers various data (geo location, proxy detection, phone lookup, etc).Commercial API
CallerNameLookup US phone number location and reputation information.Free API
CensysObtain host information from Censys.io.Tiered API
Certificate TransparencyGather hostnames from historical certificates in crt.sh.Free API
CertSpotterGather information about SSL certificates from SSLMate CertSpotter API.Tiered API
CINS Army ListCheck if a netblock or IP address is malicious according to Collective Intelligence Network Security (CINS) Army list.Free API
CIRCL.LUObtain information from CIRCL.LU's Passive DNS and Passive SSL databases.Free API
CleanBrowsing.orgCheck if a host would be blocked by CleanBrowsing.org DNS content filters.Free API
CleanTalk Spam ListCheck if a netblock or IP address is on CleanTalk.org's spam IP list.Free API
ClearbitCheck for names, addresses, domains and more based on lookups of e-mail addresses on clearbit.com.Tiered API
CloudFlare DNSCheck if a host would be blocked by CloudFlare DNS.Free API
CoinBlocker ListsCheck if a domain appears on CoinBlocker lists.Free API
CommonCrawlSearches for URLs found through CommonCrawl.org.Free API
Comodo Secure DNSCheck if a host would be blocked by Comodo Secure DNS.Tiered API
Company Name ExtractorIdentify company names in any obtained data.Internal
Cookie ExtractorExtract Cookies from HTTP headers.Internal
Country Name ExtractorIdentify country names in any obtained data.Internal
Credit Card Number ExtractorIdentify Credit Card Numbers in any dataInternal
Crobat APISearch Crobat API for subdomains.Free API
Cross-ReferencerIdentify whether other domains are associated ('Affiliates') of the target by looking for links back to the target site(s).Internal
CRXcavatorSearch CRXcavator for Chrome extensions.Free API
Custom Threat FeedCheck if a host/domain, netblock, ASN or IP is malicious according to your custom feed.Internal
CyberCrime-Tracker.netCheck if a host/domain or IP address is malicious according to CyberCrime-Tracker.net.Free API
DebounceCheck whether an email is disposableFree API
DehashedGather breach data from Dehashed API.Commercial API
Digital Ocean Space FinderSearch for potential Digital Ocean Spaces associated with the target and attempt to list their contents.Free API
DNS Brute-forcerAttempts to identify hostnames through brute-forcing common names and iterations.Internal
DNS Common SRVAttempts to identify hostnames through brute-forcing common DNS SRV records.Internal
DNS for FamilyCheck if a host would be blocked by DNS for Family.Free API
DNS Look-asideAttempt to reverse-resolve the IP addresses next to your target to see if they are related.Internal
DNS Raw RecordsRetrieves raw DNS records such as MX, TXT and others.Internal
DNS ResolverResolves hosts and IP addresses identified, also extracted from raw content.Internal
DNS Zone TransferAttempts to perform a full DNS zone transfer.Internal
DNSDBQuery FarSight's DNSDB for historical and passive DNS data.Tiered API
DNSDumpsterPassive subdomain enumeration using HackerTarget's DNSDumpsterFree API
DNSGrepObtain Passive DNS information from Rapid7 Sonar Project using DNSGrep API.Free API
DroneBLQuery the DroneBL database for open relays, open proxies, vulnerable servers, etc.Free API
DuckDuckGoQuery DuckDuckGo's API for descriptive information about your target.Free API
E-Mail Address ExtractorIdentify e-mail addresses in any obtained data.Internal
EmailCrawlrSearch EmailCrawlr for email addresses and phone numbers associated with a domain.Tiered API
EmailFormatLook up e-mail addresses on email-format.com.Free API
EmailRepSearch EmailRep.io for email address reputation.Tiered API
Emerging ThreatsCheck if a netblock or IP address is malicious according to EmergingThreats.net.Free API
Error String ExtractorIdentify common error messages in content like SQL errors, etc.Internal
Ethereum Address ExtractorIdentify ethereum addresses in scraped webpages.Internal
EtherscanQueries etherscan.io to find the balance of identified ethereum wallet addresses.Free API
File Metadata ExtractorExtracts meta data from documents and images.Internal
FlickrSearch Flickr for domains, URLs and emails related to the specified domain.Free API
FocsecLook up IP address information from Focsec.Tiered API
FortiGuard AntispamCheck if an IP address is malicious according to FortiGuard Antispam.Free API
FraudguardObtain threat information from Fraudguard.ioTiered API
F-Secure Riddler.ioObtain network information from F-Secure Riddler.io API.Commercial API
FullContactGather domain and e-mail information from FullContact.com API.Tiered API
FullHuntIdentify domain attack surface using FullHunt API.Tiered API
GithubIdentify associated public code repositories on Github.Free API
GLEIFLook up company information from Global Legal Entity Identifier Foundation (GLEIF).Tiered API
Google MapsIdentifies potential physical addresses and latitude/longitude coordinates.Tiered API
Google Object Storage FinderSearch for potential Google Object Storage buckets associated with the target and attempt to list their contents.Free API
Google SafeBrowsingCheck if the URL is included on any of the Safe Browsing lists.Free API
GoogleObtain information from the Google Custom Search API to identify sub-domains and links.Tiered API
GravatarRetrieve user information from Gravatar API.Free API
Grayhat WarfareFind bucket names matching the keyword extracted from a domain from Grayhat API.Tiered API
GreensnowCheck if a netblock or IP address is malicious according to greensnow.co.Free API
grep.appSearch grep.app API for links and emails related to the specified domain.Free API
GreyNoise CommunityObtain IP enrichment data from GreyNoise Community APITiered API
GreyNoiseObtain IP enrichment data from GreyNoiseTiered API
HackerOne (Unofficial)Check external vulnerability scanning/reporting service h1.nobbd.de to see if the target is listed.Free API
HackerTargetSearch HackerTarget.com for hosts sharing the same IP.Free API
Hash ExtractorIdentify MD5 and SHA hashes in web content, files and more.Internal
HaveIBeenPwnedCheck HaveIBeenPwned.com for hacked e-mail addresses identified in breaches.Commercial API
Hosting Provider IdentifierFind out if any IP addresses identified fall within known 3rd party hosting ranges, e.g. Amazon, Azure, etc.Internal
Host.ioObtain information about domain names from host.io.Tiered API
Human Name ExtractorAttempt to identify human names in fetched content.Internal
Hunter.ioCheck for e-mail addresses and names on hunter.io.Tiered API
Hybrid AnalysisSearch Hybrid Analysis for domains and URLs related to the target.Free API
IBAN Number ExtractorIdentify International Bank Account Numbers (IBANs) in any data.Internal
Iknowwhatyoudownload.comCheck iknowwhatyoudownload.com for IP addresses that have been using torrents.Tiered API
IntelligenceXObtain information from IntelligenceX about identified IP addresses, domains, e-mail addresses and phone numbers.Tiered API
Interesting File FinderIdentifies potential files of interest, e.g. office documents, zip files.Internal
Internet Storm CenterCheck if an IP address is malicious according to SANS ISC.Free API
ipapi.coQueries ipapi.co to identify geolocation of IP Addresses using ipapi.co APITiered API
ipapi.comQueries ipapi.com to identify geolocation of IP Addresses using ipapi.com APITiered API
IPInfo.ioIdentifies the physical location of IP addresses identified using ipinfo.io.Tiered API
IPQualityScoreDetermine if target is malicious using IPQualityScore APITiered API
ipregistryQuery the ipregistry.co database for reputation and geo-location.Tiered API
ipstackIdentifies the physical location of IP addresses identified using ipstack.com.Tiered API
JsonWHOIS.comSearch JsonWHOIS.com for WHOIS records associated with a domain.Tiered API
Junk File FinderLooks for old/temporary and other similar files.Internal
KeybaseObtain additional information about domain names and identified usernames.Free API
KoodousSearch Koodous for mobile apps.Tiered API
LeakIXSearch LeakIX for host data leaks, open ports, software and geoip.Free API
Leak-LookupSearches Leak-Lookup.com's database of breaches.Free API
MaltiverseObtain information about any malicious activities involving IP addressesFree API
MalwarePatrolSearches malwarepatrol.net's database of malicious URLs/IPs.Tiered API
MetaDefenderSearch MetaDefender API for IP address and domain IP reputation.Tiered API
Mnemonic PassiveDNSObtain Passive DNS information from PassiveDNS.mnemonic.no.Free API
multiproxy.org Open ProxiesCheck if an IP address is an open proxy according to multiproxy.org open proxy list.Free API
MySpaceGather username and location from MySpace.com profiles.Free API
NameAPICheck whether an email is disposableTiered API
NetworksDBSearch NetworksDB.io API for IP address and domain information.Tiered API
NeutrinoAPISearch NeutrinoAPI for phone location information, IP address information, and host reputation.Tiered API
numverifyLookup phone number location and carrier information from numverify.com.Tiered API
Onion.linkSearch Tor 'Onion City' search engine for mentions of the target domain using Google Custom Search.Free API
Onionsearchengine.comSearch Tor onionsearchengine.com for mentions of the target domain.Free API
OnypheCheck Onyphe data (threat list, geo-location, pastries, vulnerabilities) about a given IP.Tiered API
Open Bug BountyCheck external vulnerability scanning/reporting service openbugbounty.org to see if the target is listed.Free API
OpenCorporatesLook up company information from OpenCorporates.Tiered API
OpenDNSCheck if a host would be blocked by OpenDNS.Free API
OpenNIC DNSResolves host names in the OpenNIC alternative DNS system.Free API
OpenPhishCheck if a host/domain is malicious according to OpenPhish.com.Free API
OpenStreetMapRetrieves latitude/longitude coordinates for physical addresses from OpenStreetMap API.Free API
Page InformationObtain information about web pages (do they take passwords, do they contain forms, etc.)Internal
PasteBinPasteBin search (via Google Search API) to identify related content.Tiered API
PGP Key ServersLook up domains and e-mail addresses in PGP public key servers.Internal
PhishStatsCheck if a netblock or IP address is malicious according to PhishStats.Free API
PhishTankCheck if a host/domain is malicious according to PhishTank.Free API
Phone Number ExtractorIdentify phone numbers in scraped webpages.Internal
Port Scanner - TCPScans for commonly open TCP ports on Internet-facing systems.Internal
Project Honey PotQuery the Project Honey Pot database for IP addresses.Free API
ProjectDiscovery ChaosSearch for hosts/subdomains using chaos.projectdiscovery.ioCommercial API
PsbdmpCheck psbdmp.cc (PasteBin Dump) for potentially hacked e-mails and domains.Free API
PulsediveObtain information from Pulsedive's API.Tiered API
PunkSpiderCheck the QOMPLX punkspider.io service to see if the target is listed as vulnerable.Free API
Quad9Check if a host would be blocked by Quad9 DNS.Free API
ReverseWhoisReverse Whois lookups using reversewhois.io.Free API
RIPEQueries the RIPE registry (includes ARIN data) to identify netblocks and other info.Free API
RiskIQObtain information from RiskIQ's (formerly PassiveTotal) Passive DNS and Passive SSL databases.Tiered API
RobtexSearch Robtex.com for hosts sharing the same IP.Free API
searchcodeSearch searchcode for code repositories mentioning the target domain.Free API
SecurityTrailsObtain Passive DNS and other information from SecurityTrailsTiered API
SeonQueries seon.io to gather intelligence about IP Addresses, email addresses, and phone numbersCommercial API
SHODANObtain information from SHODAN about identified IP addresses.Tiered API
Similar Domain FinderSearch various sources to identify similar looking domain names, for instance squatted domains.Internal
SkymemLook up e-mail addresses on Skymem.Free API
SlideShareGather name and location from SlideShare profiles.Free API
SnovGather available email IDs from identified domainsTiered API
Social LinksQueries SocialLinks.io to gather intelligence from social media platforms and dark web.Commercial API
Social Media Profile FinderTries to discover the social media profiles for human names identified.Tiered API
Social Network IdentifierIdentify presence on social media networks such as LinkedIn, Twitter and others.Internal
SORBSQuery the SORBS database for open relays, open proxies, vulnerable servers, etc.Free API
SpamCopCheck if a netblock or IP address is in the SpamCop database.Free API
Spamhaus ZenCheck if a netblock or IP address is in the Spamhaus Zen database.Free API
spur.usObtain information about any malicious activities involving IP addresses foundCommercial API
SpyOnWebSearch SpyOnWeb for hosts sharing the same IP address, Google Analytics code, or Google Adsense code.Tiered API
SSL Certificate AnalyzerGather information about SSL certificates used by the target's HTTPS sites.Internal
StackOverflowSearch StackOverflow for any mentions of a target domain. Returns potentially related information.Tiered API
Steven Black HostsCheck if a domain is malicious (malware or adware) according to Steven Black Hosts list.Free API
Strange Header IdentifierObtain non-standard HTTP headers returned by web servers.Internal
Subdomain Takeover CheckerCheck if affiliated subdomains are vulnerable to takeover.Internal
Sublist3r PassiveDNSPassive subdomain enumeration using Sublist3r's APIFree API
SURBLCheck if a netblock, IP address or domain is in the SURBL blacklist.Free API
Talos IntelligenceCheck if a netblock or IP address is malicious according to TalosIntelligence.Free API
TextMagicObtain phone number type from TextMagic APITiered API
Threat JammerCheck if an IP address is malicious according to ThreatJammer.comTiered API
ThreatCrowdObtain information from ThreatCrowd about identified IP addresses, domains and e-mail addresses.Free API
ThreatFoxCheck if an IP address is malicious according to ThreatFox.Free API
ThreatMinerObtain information from ThreatMiner's database for passive DNS and threat intelligence.Free API
TLD SearcherSearch all Internet TLDs for domains with the same name as the target (this can be very slow.)Internal
Tool - CMSeeKIdentify what Content Management System (CMS) might be used.Tool
Tool - DNSTwistIdentify bit-squatting, typo and other similar domains to the target using a local DNSTwist installation.Tool
Tool - nbtscanScans for open NETBIOS nameservers on your target's network.Tool
Tool - NmapIdentify what Operating System might be used.Tool
Tool - NucleiFast and customisable vulnerability scanner.Tool
Tool - onesixtyoneFast scanner to find publicly exposed SNMP services.Tool
Tool - Retire.jsScanner detecting the use of JavaScript libraries with known vulnerabilitiesTool
Tool - snallygasterFinds file leaks and other security problems on HTTP servers.Tool
Tool - testssl.shIdentify various TLS/SSL weaknesses, including Heartbleed, CRIME and ROBOT.Tool
Tool - TruffleHogSearches through git repositories for high entropy strings and secrets, digging deep into commit history.Tool
Tool - WAFW00FIdentify what web application firewall (WAF) is in use on the specified website.Tool
Tool - WappalyzerWappalyzer indentifies technologies on websites.Tool
Tool - WhatWebIdentify what software is in use on the specified website.Tool
TOR Exit NodesCheck if an IP adddress or netblock appears on the Tor Metrics exit node list.Free API
TORCHSearch Tor 'TORCH' search engine for mentions of the target domain.Free API
TrashpandaQueries Trashpanda to gather intelligence about mentions of target in pastesitesTiered API
TrumailCheck whether an email is disposableFree API
TwilioObtain information from Twilio about phone numbers. Ensure you have the Caller Name add-on installed in Twilio.Tiered API
TwitterGather name and location from Twitter profiles.Free API
UCEPROTECTCheck if a netblock or IP address is in the UCEPROTECT database.Free API
URLScan.ioSearch URLScan.io cache for domain information.Free API
VenmoGather user information from Venmo API.Free API
ViewDNS.infoIdentify co-hosted websites and perform reverse Whois lookups using ViewDNS.info.Tiered API
VirusTotalObtain information from VirusTotal about identified IP addresses.Tiered API
VoIP Blacklist (VoIPBL)Check if an IP address or netblock is malicious according to VoIP Blacklist (VoIPBL).Free API
VXVault.netCheck if a domain or IP address is malicious according to VXVault.net.Free API
Web Analytics ExtractorIdentify web analytics IDs in scraped webpages and DNS TXT records.Internal
Web Framework IdentifierIdentify the usage of popular web frameworks like jQuery, YUI and others.Internal
Web Server IdentifierObtain web server banners to identify versions of web servers being used.Internal
Web SpiderSpidering of web-pages to extract content for searching.Internal
WhatCMSCheck web technology using WhatCMS.org API.Tiered API
WhoisologyReverse Whois lookups using Whoisology.com.Commercial API
WhoisPerform a WHOIS look-up on domain names and owned netblocks.Internal
WhoxyReverse Whois lookups using Whoxy.com.Commercial API
WiGLEQuery WiGLE to identify nearby WiFi access points.Free API
WikileaksSearch Wikileaks for mentions of domain names and e-mail addresses.Free API
Wikipedia EditsIdentify edits to Wikipedia articles made from a given IP address or username.Free API
XForce ExchangeObtain IP reputation and passive DNS information from IBM X-Force Exchange.Tiered API
Yandex DNSCheck if a host would be blocked by Yandex DNS.Free API
ZetalyticsQuery the Zetalytics database for hosts on your target domain(s).Tiered API
ZoneFile.ioSearch ZoneFiles.io Domain query API for domain information.Tiered API
Zone-H Defacement CheckCheck if a hostname/domain appears on the zone-h.org 'special defacements' RSS feed.Free API

DOCUMENTATION

Read more at the project website, including more complete documentation, blog posts with tutorials/guides, plus information about SpiderFoot HX.

Latest updates announced on Twitter.