We use cookies

This website use cookies to give you the best, most relevant experience. By continuing to use this website you’re accepting this. If you wish to find out more, click this link (or by clicking the Privacy link at the bottom of any page)

About SpiderFoot

SpiderFoot had very humble beginnings as a desktop application first released in 2005. It was quite popular even back then, despite only querying about five data sources and remaining untouched for years thereafter. It was born from the idea that having a single interface to aggregate information about your target would be very useful to security professionals, and it’s continued to evolve to the present day with the same motivation.

Today, a typical organization’s attack surface is distributed across on-premise infrastructure, multiple cloud platform services, SaaS platforms and–due to the increase in remote work–home devices and networks. Add to this the increasing number of services continually scanning the Internet and publicizing vulnerabilities found, plus services collecting and analyzing the almost daily data breaches being reported. We’re left with treasure troves of OSINT data waiting to be used for good or for harm.

Defenders (and red teams!) need tooling to find this data and make is understandable in ways that help them reason about the security posture of the target, whether it be their own organization, their client or their adversary.

That’s SpiderFoot’s mission.

Steve Micallef
Steve Micallef

SpiderFoot has grown a lot over the years, but the mission has always remained the same: Gather as much information as possible about the user’s targets and help them gain value from that information. Now that SpiderFoot has matured into something Fortune 50 companies use to defend their organizations and that of their clients, I’m humbled to keep SpiderFoot true to that mission and ensure it appeals directly to security engineers looking to reduce toil and find things that matter.

Attack Surface Monitoring
Learn more
Asset Discovery
Learn more
Security Assessments
Learn more
Threat Intelligence
Learn more

Our guiding principles

No data waste

SpiderFoot has been designed from the ground up to extract as much data as possible during every scan. Every piece of data collected is usually processed by multiple modules with the aim of extracting as much value as possible from that data so that you don’t miss that critical nugget that makes all the difference.

Keep it simple

SpiderFoot doesn’t have any setup fees because it doesn’t need to be set up, and you don’t hire us as consultants to come and tune it for you because the defaults are reasonable and you can easily configure it yourself without breaking anything. You also don’t need to install any bloated Java run time or fancy appliances to get through firewalls, or need a PhD to navigate the interface.

Give back

SpiderFoot has grown from and gives back to the community. See below for our sponsorships, but most notably check when the last commit to the Github repository was. Chances are it was within the last few weeks because we’re always improving both SpiderFoot HX and the open source version.

SpiderFoot in books

We proudly sponsor

SpiderFoot proudly sponsors these organizations who are supporting the growth and knowledge sharing within the community. If our missions are aligned, get in touch and we can talk about sponsorship!

We have more than 6,000 stars on Github
Visit our Github repo

News about SpiderFoot