Spiderfoot is an open-source intelligence (OSINT) automation tool. That allows users to gather information about a target by automating the process of data collection from various sources on the internet. It is designed to provide a fast and efficient way to collect and analyze large amounts of data from various sources. Such as search engines, social media platforms, and other online databases.
Spiderfoot is a Python-based tool. That can be run on multiple platforms, including Linux, Windows, and macOS. It is designed to be easy to use, and its web-based interface allows users to create and customize their data collection and analysis workflows using a simple drag-and-drop interface.
Some of the data that can be collected by Spiderfoot include information about domain names, IP addresses, email addresses, social media accounts, and other online profiles. The tool can also perform a range of analysis tasks. Such as identifying relationships between different pieces of data and flagging potential security risks or vulnerabilities.
Overall, Spiderfoot is a powerful OSINT tool that can help security professionals, researchers, and other users gather and analyze large amounts of data quickly and efficiently. However, it should be used responsibly and in accordance with ethical guidelines to avoid any potential legal or ethical issues.
- Web based UI or CLI
- Over 200 modules (see below)
- Python 3
- CSV/JSON/GEXF export
- API key export/import
- SQLite back-end for custom querying
- Highly configurable
- Fully documented
- TOR integration for dark web searching
- Dockerfile for Docker-based deployments
- Can call other tools like DNSTwist, Whatweb, Nmap and CMSeeK
Need more from SpiderFoot? Check out SpiderFoot HX for:
- 100% Cloud-based and managed for you
- Attack Surface Monitoring with change notifications by email, REST and Slack
- Multiple targets per scan
- Multi-user collaboration
- Authenticated and 2FA
- Customer support
- Third party tools pre-installed & configured
- Drive it with a fully RESTful API
- TOR integration built-in
- Feed scan data to Splunk, ElasticSearch and REST endpoints
- See the full set of differences between SpiderFoot HX and the open source version here.
SpiderFoot can be used offensively (for example, in a red team exercise or penetration test) to explore your target. Or defensively to find out information about what you or your organisation has exposed over the Internet.
You can target the following entities in a SpiderFoot scan:
- IP address
- Domain/sub-domain name
- Network subnet (CIDR)
- E-mail address
- Phone number
- Person’s name
- Bitcoin address
SpiderFoot’s 200+ modules feed each other in a publisher/subscriber model to ensure maximum data extraction to do things like:
- Host/sub-domain/TLD enumeration/extraction
- Email address, phone number and human name extraction
- Bitcoin and Ethereum address extraction
- Check for susceptibility to sub-domain hijacking
- DNS zone transfers
- Threat intelligence and Blacklist queries
- API integration with SHODAN, HaveIBeenPwned, GreyNoise, AlienVault, SecurityTrails, etc.
- Social media account enumeration
- S3/Azure/Digitalocean bucket enumeration/scraping
- IP geo-location
- Web scraping, web content analysis
- Image, document and binary file meta data analysis
- Dark web searches
- Port scanning and banner grabbing
- Data breach searches
- So much more…
Installing & Running Spiderfoot
To install and run SpiderFoot. You need at least Python 3.7 and a number of Python libraries. Which you can install with
pip. We recommend you install a packaged release since master will often have bleeding edge features and modules that aren’t fully tested.
Stable build (packaged release):
$ wget https://github.com/smicallef/spiderfoot/archive/v3.4.tar.gz
$ tar zxvf v3.4.tar.gz
$ cd spiderfoot
$ pip3 install -r requirements.txt
$ python3 ./sf.py -l 127.0.0.1:5001
Development build (cloning git master branch):
$ git clone https://github.com/smicallef/spiderfoot.git $ cd spiderfoot $ pip3 install -r requirements.txt $ python3 ./sf.py -l 127.0.0.1:5001