cookie
We use cookies

This website use cookies to give you the best, most relevant experience. By continuing to use this website you’re accepting this. If you wish to find out more, click this link (or by clicking the Privacy link at the bottom of any page)

Automate OSINT for

Threat Intelligence

Security Assessments

Attack Surface Monitoring

Asset Discovery

SpiderFoot automates OSINT so you can find what matters, faster.
Download

Open source edition

or

Immediate free access to SpiderFoot HX

icon integrations
primary icon

OSINT.  Automated.

No matter your use case, SpiderFoot will save you time by automating the collection and surfacing of interesting OSINT

Cyber Threat Intelligence

Found a suspicious IP address or other indicators in your logs that you need to investigate? Maybe you want to dig deeper into the e-mail address used, or the links referenced in a recent phishing campaign your organization faced?

Learn more
scanning
Asset Discovery

With over 200 modules for data collection and analysis, you can be confident that with SpiderFoot you’ll be gaining the most comprehensive view into the Internet-facing attack surface of your organization.

Learn more
works2
Security Assessments

Red teams and penetration testers love SpiderFoot due to it’s broad OSINT reach and identification of low hanging fuit, revealing long-forgotten and unmanaged IT assets, exposed credentials, open cloud storage buckets and much more.

Learn more
works3
Attack Surface Monitoring

What if e-mail addresses on your organization’s domain suddenly appeared in a data breach, or if an IP address on your network appeared in a botnet tracker? Use SpiderFoot to continually monitor OSINT data sources and detect when new intelligence is discovered about your organization.

Learn more

Features

Open Source or Cloud

SpiderFoot comes in two flavors: an Open Source version that you can set up and run locally if all you need is to peform scans, or SpiderFoot HX which is a completely revamped and managed cloud-based version with scanning plus collaboration, analysis and monitoring features.

 

Learn More
Over 100 Integrations

SpiderFoot modules integrate with a wide variety of threat intelligence sources, Internet scanners, breach databases, e-mail contact databases and more. Be confident that when a SpiderFoot scan completes, everything that was found is everything that can be found about your target.

Learn More
Deep Data Analysis

SpiderFoot is unique in that it recursively analyses each piece of data found during a scan so that no stone is left unturned in the search for that critical IP address, e-mail address or other data point that makes the difference between the success or failure of your investigation.

Learn More

Integrations

There’s probably no OSINT data source that SpiderFoot doesn’t already have an integration for today. And if you want to see one added, simply put in a request. Its modular open source architecture means it can usually implement it in days, not months.

Do you use another tool for the initial reconnaissance phase or have a list of entities you’ve extracted from logs locally? No problem, import your list of targets from Hunchly or CSV and let SpiderFoot take care of the deeper data collection.

Prefer working with the results on the command line or your own offline database? With SpiderFoot you can easily export the data into JSON, CSV or GEXF format. You should never have the fear of lock-in by proprietary databases or file formats. It’s your data, your way.

If you want to be notified when a scan completes, or when the OSINT data out there about your target changes, you can configure SpiderFoot HX to send notifications to Slack, generic Web-hooks and/or e-mail.

Recent News

SpiderFoot is continuously growing. Check us out on Twitter for the latest news.
Top 5 OSINT Sources for Threat Intelligence

In this post we explore the top 5 APIs (and a few more!) that provide useful OSINT for threat intelligence.
Top 5 OSINT Sources for Penetration Testing and Bug Bounties

In this post we explore the top 5 APIs (and a few more!) that provide useful OSINT for penetration testing and bug bounties.
Attack Surface Management: You’re probably doing it wrong

In this post, SpiderFoot founder and CEO Steve Micallef talks about the importance of leveraging a broad spectrum of OSINT for managing your attack surface: …when determining the attackable surface of an organization, we must not only care about externally exposed assets, but also externally exposed information relevant to that organization. Such information (OSINT) can […]