Description
SpiderFoot automates OSINT collection for threat intelligence, attack surface monitoring, and security assessments. It queries 200+ data sources to gather information about IPs, domains, emails, names, and more.
Installation
BASH
pip install spiderfoot
# Or from source
git clone https://github.com/smicallef/spiderfoot && cd spiderfoot
pip install -r requirements.txt
python sf.py -l 127.0.0.1:5001 # Web UIBasic Usage
BASH
# Web interface
python sf.py -l 127.0.0.1:5001
# Browse: http://127.0.0.1:5001
# CLI scan
python sf.py -s target.com -t DOMAIN_NAME -m sfp_dnsresolve,sfp_whois
# Scan types:
# All — everything (slow but thorough)
# Footprint — external footprint
# Investigate — deep investigation
# Passive — passive recon onlyAdvanced Usage
BASH
# Scan with specific modules
python sf.py -s target.com -m sfp_shodan,sfp_virustotal,sfp_haveibeenpwned
# API key configuration
# Edit ~/.spiderfoot/spiderfoot.conf
# Add API keys for: Shodan, VirusTotal, SecurityTrails, etc.
# Export results
# Web UI: Download as CSV, JSON, or GEXF (graph)
# Correlate across scan types
# Run IP scan → find domains → scan domains → find emailsCommon Workflows
BASH
# Full organization reconnaissance
python sf.py -s company.com -t DOMAIN_NAME -o output.json
# Review: subdomains, IPs, emails, technologies, breaches, social media