SpiderFoot is a Free Open-source Intelligence (OSINT) Automation Tool
SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate.
SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line. It's written in Python 3 and MIT-licensed.
Its modular architecture enables users to customize and expand functionality easily, making it suitable for various cybersecurity and investigative tasks.
Key Modules
- Domain: Gather information related to a domain.
- IP: Perform reconnaissance on IP addresses.
- Email: Extract information related to email addresses.
- Whois: Retrieve registration details of domains.
- Shodan: Integrate with Shodan to find connected devices.
- VirusTotal: Check URLs and files against the VirusTotal database.
- DNS: Perform DNS lookups and gather related records.
- GeoIP: Obtain geolocation data for IP addresses.
Features
- Web based UI or CLI
- Over 200 modules (see below)
- Python 3.7+
- YAML-configurable correlation engine with 37 pre-defined rules
- CSV/JSON/GEXF export
- API key export/import
- SQLite back-end for custom querying
- Highly configurable
- Fully documented
- Visualisations
- TOR integration for dark web searching
- Dockerfile for Docker-based deployments
- Can call other tools like DNSTwist, Whatweb, Nmap and CMSeeK
Usage
SpiderFoot can be used offensively (e.g. in a red team exercise or penetration test) for reconnaissance of your target or defensively to gather information about what you or your organisation might have exposed over the Internet.
You can target the following entities in a SpiderFoot scan:
- IP address
- Domain/sub-domain name
- Hostname
- Network subnet (CIDR)
- ASN
- E-mail address
- Phone number
- Username
- Person's name
- Bitcoin address
License
MIT License
Resources & Downloads
smicallef
