Know Your Perimeter

"Footprinting" is the process of understanding as much as possible about a given target in order to perform a more complete security penetration test. Particularly for large networks, this can be a daunting task.

The main objective of SpiderFoot is to automate this process to the greatest extent possible, freeing up a penetration tester's time to focus their efforts on the security testing itself.

A good presentation on the topic by Jonathan Cran can be found here:

Initiate a Scan in Seconds

SpiderFoot's simple web-based interface enables you to kick off a scan immediately after install - just give your scan a name, the domain name of your target and select which modules to enable.

You will quickly obtain information such as: URLs handling passwords, network ranges (netblocks), web servers, open ports, information about SSL certificates, and much more, with more to come...

Browse Results

All SpiderFoot scan results are stored within an internal SQLite database, meaning that during a running scan and after a scan has completed, you can easily browse results, export to CSV and soon also be able to search scan results.


SpiderFoot is designed from the ground-up to be modular. This means you can easily add your own modules that consume data from other modules to perform whatever task you desire.

As a simple example, you could create a module that automatically attempts to brute-force usernames and passwords any time a password-handling webpage is identified by the spidering module.