SpiderFoot automates OSINT collection so that you can focus on analysis.

Overview

License Python Version Stable Release CI Status Last Commit Libraries.io dependency status for latest release Codecov Twitter Follow Discourse Posts Discord

SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate.

SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line. It's written in Python 3 and GPL-licensed.

FEATURES

  • Web based UI or CLI
  • Over 200 modules (see below)
  • Python 3
  • CSV/JSON/GEXF export
  • API key export/import
  • SQLite back-end for custom querying
  • Highly configurable
  • Fully documented
  • Visualisations
  • TOR integration for dark web searching
  • Dockerfile for Docker-based deployments
  • Can call other tools like DNSTwist, Whatweb, Nmap and CMSeeK
  • Actively developed since 2012!

USES

SpiderFoot can be used offensively (e.g. in a red team exercise or penetration test) for reconnaissance of your target or defensively to gather information about what you or your organisation might have exposed over the Internet.

You can target the following entities in a SpiderFoot scan:

  • IP address
  • Domain/sub-domain name
  • Hostname
  • Network subnet (CIDR)
  • ASN
  • E-mail address
  • Phone number
  • Username
  • Person's name
  • Bitcoin address

SpiderFoot's 200+ modules feed each other in a publisher/subscriber model to ensure maximum data extraction to do things like:

INSTALLING & RUNNING

To install and run SpiderFoot, you need at least Python 3.6 and a number of Python libraries which you can install with pip. We recommend you install a packaged release since master will often have bleeding edge features and modules that aren't fully tested.

Stable build (packaged release):

$ wget https://github.com/smicallef/spiderfoot/archive/v3.3.tar.gz
$ tar zxvf v3.3.tar.gz
$ cd spiderfoot
$ pip3 install -r requirements.txt
$ python3 ./sf.py -l 127.0.0.1:5001

Development build (cloning git master branch):

$ git clone https://github.com/smicallef/spiderfoot.git
$ cd spiderfoot
$ pip3 install -r requirements.txt
$ python3 ./sf.py -l 127.0.0.1:5001

Check out the documentation and our asciinema videos for more tutorials.

COMMUNITY

Whether you're a contributor, user or just curious about SpiderFoot and OSINT in general, we'd love to have you join our community! SpiderFoot now has a Discord server for chat, and a Discourse server to serve as a more permanent knowledge base.

MODULES / INTEGRATIONS

SpiderFoot has over 200 modules, most of which don't require API keys, and many of those that do require API keys have a free tier.

Name Description Link Type
abuse.ch Check if a host/domain, IP or netblock is malicious according to abuse.ch. https://www.abuse.ch Free API
AbuseIPDB Check if an IP address is malicious according to AbuseIPDB.com blacklist. https://www.abuseipdb.com Tiered API
Account Finder Look for possible associated accounts on nearly 200 websites like Ebay, Slashdot, reddit, etc. N/A Internal
AdBlock Check Check if linked pages would be blocked by AdBlock Plus. https://adblockplus.org/ Tiered API
Ahmia Search Tor 'Ahmia' search engine for mentions of the target domain. https://ahmia.fi/ Free API
AlienVault IP Reputation Check if an IP or netblock is malicious according to the AlienVault IP Reputation database. https://cybersecurity.att.com/ Free API
AlienVault OTX Obtain information from AlienVault Open Threat Exchange (OTX) https://otx.alienvault.com/ Tiered API
Amazon S3 Bucket Finder Search for potential Amazon S3 buckets associated with the target and attempt to list their contents. https://aws.amazon.com/s3/ Free API
Apility Search Apility API for IP address and domain reputation. https://auth0.com/signals Tiered API
Apple iTunes Search Apple iTunes for mobile apps. https://itunes.apple.com/ Internal
Archive.org Identifies historic versions of interesting files/pages from the Wayback Machine. https://archive.org/ Free API
ARIN Queries ARIN registry for contact information. https://www.arin.net/ Free API
Azure Blob Finder Search for potential Azure blobs associated with the target and attempt to list their contents. https://azure.microsoft.com/en-in/services/storage/blobs/ Free API
Bad Packets Obtain information about any malicious activities involving IP addresses found https://badpackets.net Internal
badips.com Check if an IP address is malicious according to BadIPs.com. https://www.badips.com/ Free API
Bambenek C&C List Check if a host/domain or IP appears on Bambenek Consulting's C&C tracker lists. http://www.bambenekconsulting.com/ Free API
Base64 Decoder Identify Base64-encoded strings in URLs, often revealing interesting hidden information. N/A Internal
BGPView Obtain network information from BGPView API. https://bgpview.io/ Free API
Binary String Extractor Attempt to identify strings in binary content. N/A Internal
BinaryEdge Obtain information from BinaryEdge.io Internet scanning systems, including breaches, vulnerabilities, torrents and passive DNS. https://www.binaryedge.io/ Tiered API
Bing (Shared IPs) Search Bing for hosts sharing the same IP. https://www.bing.com/ Tiered API
Bing Obtain information from bing to identify sub-domains and links. https://www.bing.com/ Tiered API
Bitcoin Finder Identify bitcoin addresses in scraped webpages. N/A Internal
Bitcoin Who's Who Check for Bitcoin addresses against the Bitcoin Who's Who database of suspect/malicious addresses. https://bitcoinwhoswho.com/ Tiered API
BitcoinAbuse Check Bitcoin addresses against the bitcoinabuse.com database of suspect/malicious addresses. https://www.bitcoinabuse.com/ Free API
Blockchain Queries blockchain.info to find the balance of identified bitcoin wallet addresses. https://www.blockchain.com/ Free API
blocklist.de Check if a netblock or IP is malicious according to blocklist.de. http://www.blocklist.de/en/index.html Free API
BotScout Searches botscout.com's database of spam-bot IPs and e-mail addresses. http://botscout.com/ Tiered API
botvrij.eu Check if a domain is malicious according to botvrij.eu. N/A Internal
BuiltWith Query BuiltWith.com's Domain API for information about your target's web technology stack, e-mail addresses and more. https://builtwith.com/ Tiered API
C99 Queries the C99 API which offers various data (geo location, proxy detection, phone lookup, etc). https://api.c99.nl/ Internal
CallerName Lookup US phone number location and reputation information. http://callername.com/ Free API
Censys Obtain information from Censys.io https://censys.io/ Tiered API
Certificate Transparency Gather hostnames from historical certificates in crt.sh. https://crt.sh/ Free API
CINS Army List Check if a netblock or IP address is malicious according to cinsscore.com's Army List. N/A Internal
CIRCL.LU Obtain information from CIRCL.LU's Passive DNS and Passive SSL databases. https://www.circl.lu/ Free API
CleanBrowsing.org Check if a host would be blocked by CleanBrowsing.org DNS https://cleanbrowsing.org/ Free API
CleanTalk Spam List Check if a netblock or IP address is on CleanTalk.org's spam IP list. https://cleantalk.org Free API
Clearbit Check for names, addresses, domains and more based on lookups of e-mail addresses on clearbit.com. https://clearbit.com/ Tiered API
CloudFlare Malware DNS Check if a host would be blocked by CloudFlare Malware-blocking DNS https://www.cloudflare.com/ Free API
CoinBlocker Lists Check if a host/domain or IP appears on CoinBlocker lists. https://zerodot1.gitlab.io/CoinBlockerListsWeb/ Free API
CommonCrawl Searches for URLs found through CommonCrawl.org. http://commoncrawl.org/ Free API
Comodo Check if a host would be blocked by Comodo DNS https://www.comodo.com/secure-dns/ Free API
Company Name Extractor Identify company names in any obtained data. N/A Internal
Cookie Extractor Extract Cookies from HTTP headers. N/A Internal
Country Name Extractor Identify country names in any obtained data. N/A Internal
Credit Card Number Extractor Identify Credit Card Numbers in any data N/A Internal
Crobat API Search Crobat API for subdomains. N/A Internal
Cross-Referencer Identify whether other domains are associated ('Affiliates') of the target by looking for links back to the target site(s). N/A Internal
CRXcavator Search CRXcavator for Chrome extensions. https://crxcavator.io/ Internal
Custom Threat Feed Check if a host/domain, netblock, ASN or IP is malicious according to your custom feed. N/A Internal
cybercrime-tracker.net Check if a host/domain or IP is malicious according to cybercrime-tracker.net. http://cybercrime-tracker.net/ Free API
Darksearch Search the Darksearch.io Tor search engine for mentions of the target domain. https://darksearch.io/ Free API
Debounce Check whether an email is disposable https://debounce.io/ Free API
Digital Ocean Space Finder Search for potential Digital Ocean Spaces associated with the target and attempt to list their contents. https://www.digitalocean.com/products/spaces/ Free API
DNS Brute-forcer Attempts to identify hostnames through brute-forcing common names and iterations. N/A Internal
DNS Common SRV Attempts to identify hostnames through brute-forcing common DNS SRV records. N/A Internal
DNS Look-aside Attempt to reverse-resolve the IP addresses next to your target to see if they are related. N/A Internal
DNS Raw Records Retrieves raw DNS records such as MX, TXT and others. N/A Internal
DNS Resolver Resolves Hosts and IP Addresses identified, also extracted from raw content. N/A Internal
DNS Zone Transfer Attempts to perform a full DNS zone transfer. N/A Internal
DNSDB Query FarSight's DNSDB for historical and passive DNS data. https://www.farsightsecurity.com Tiered API
DNSGrep Obtain Passive DNS information from Rapid7 Sonar Project using DNSGrep API. https://opendata.rapid7.com/ Free API
DroneBL Query the DroneBL database for open relays, open proxies, vulnerable servers, etc. https://dronebl.org/ Free API
DuckDuckGo Query DuckDuckGo's API for descriptive information about your target. https://duckduckgo.com/ Free API
E-Mail Address Extractor Identify e-mail addresses in any obtained data. N/A Internal
EmailCrawlr Search EmailCrawlr for email addresses and phone numbers associated with a domain. https://emailcrawlr.com/ Tiered API
EmailFormat Look up e-mail addresses on email-format.com. https://www.email-format.com/ Free API
EmailRep Search EmailRep.io for email address reputation. https://emailrep.io/ Tiered API
Emerging Threats Check if a netblock or IP is malicious according to emergingthreats.net. https://rules.emergingthreats.net/ Free API
Error String Extractor Identify common error messages in content like SQL errors, etc. N/A Internal
Ethereum Address Extractor Identify ethereum addresses in scraped webpages. N/A Internal
F-Secure Riddler.io Obtain network information from F-Secure Riddler.io API. https://riddler.io/ Internal
File Metadata Extractor Extracts meta data from documents and images. N/A Internal
Flickr Search Flickr for domains, URLs and emails related to the specified domain. https://www.flickr.com/ Free API
Fortiguard.com Check if an IP is malicious according to Fortiguard.com. https://fortiguard.com/ Free API
Fraudguard Obtain threat information from Fraudguard.io https://fraudguard.io/ Tiered API
Fringe Project Obtain network information from Fringe Project API. https://fringeproject.com/ Free API
FullContact Gather domain and e-mail information from FullContact.com API. https://www.fullcontact.com Tiered API
Github Identify associated public code repositories on Github. https://github.com/ Free API
Google Maps Identifies potential physical addresses and latitude/longitude coordinates. https://cloud.google.com/maps-platform/ Tiered API
Google Object Storage Finder Search for potential Google Object Storage buckets associated with the target and attempt to list their contents. https://cloud.google.com/storage Free API
Google SafeBrowsing Check if the URL is included on any of the Safe Browsing lists. https://developers.google.com/safe-browsing/v4/lookup-api Free API
Google Obtain information from the Google Custom Search API to identify sub-domains and links. https://developers.google.com/custom-search Tiered API
Gravatar Retrieve user information from Gravatar API. https://secure.gravatar.com/ Free API
Greensnow Check if a netblock or IP address is malicious according to greensnow.co. https://greensnow.co/ Free API
grep.app Search grep.app API for links and emails related to the specified domain. https://grep.app/ Free API
Greynoise Obtain information from Greynoise.io's Enterprise API. https://greynoise.io/ Tiered API
HackerOne (Unofficial) Check external vulnerability scanning/reporting service h1.nobbd.de to see if the target is listed. http://www.nobbd.de/ Free API
HackerTarget Search HackerTarget.com for hosts sharing the same IP. https://hackertarget.com/ Free API
Hash Extractor Identify MD5 and SHA hashes in web content, files and more. N/A Internal
HaveIBeenPwned Check HaveIBeenPwned.com for hacked e-mail addresses identified in breaches. https://haveibeenpwned.com/ Internal
Honeypot Checker Query the projecthoneypot.org database for entries. https://www.projecthoneypot.org/ Free API
Host.io Obtain information about domain names from host.io. https://host.io Tiered API
Hosting Provider Identifier Find out if any IP addresses identified fall within known 3rd party hosting ranges, e.g. Amazon, Azure, etc. N/A Internal
Human Name Extractor Attempt to identify human names in fetched content. N/A Internal
Hunter.io Check for e-mail addresses and names on hunter.io. https://hunter.io/ Tiered API
Hybrid Analysis Search Hybrid Analysis for domains and URLs related to the target. https://www.hybrid-analysis.com Free API
IBAN Number Extractor Identify IBAN Numbers in any data N/A Internal
Iknowwhatyoudownload.com Check iknowwhatyoudownload.com for IP addresses that have been using BitTorrent. https://iknowwhatyoudownload.com/en/peer/ Tiered API
Instagram Gather information from Instagram profiles. https://www.instagram.com/ Free API
IntelligenceX Obtain information from IntelligenceX about identified IP addresses, domains, e-mail addresses and phone numbers. https://intelx.io/ Tiered API
Interesting File Finder Identifies potential files of interest, e.g. office documents, zip files. N/A Internal
Internet Storm Center Check if an IP is malicious according to SANS ISC. https://isc.sans.edu Free API
IPInfo.io Identifies the physical location of IP addresses identified using ipinfo.io. https://ipinfo.io Tiered API
IPQualityScore Determine if target is malicious using IPQualityScore API https://www.ipqualityscore.com/ Tiered API
ipregistry Query the ipregistry.co database for reputation and geo-location. https://ipregistry.co/ Tiered API
ipstack Identifies the physical location of IP addresses identified using ipstack.com. https://ipstack.com/ Tiered API
JsonWHOIS.com Search JsonWHOIS.com for WHOIS records associated with a domain. https://jsonwhois.com Tiered API
Junk File Finder Looks for old/temporary and other similar files. N/A Internal
Keybase Obtain additional information about target username https://keybase.io/ Free API
Koodous Search Koodous for mobile apps. https://koodous.com/apks/ Free API
Leak-Lookup Searches Leak-Lookup.com's database of breaches. https://leak-lookup.com/ Free API
LeakIX Search LeakIX for host data leaks, open ports, software and geoip. https://leakix.net/ Free API
Maltiverse Obtain information about any malicious activities involving IP addresses https://maltiverse.com Free API
malwaredomainlist.com Check if a host/domain, IP or netblock is malicious according to malwaredomainlist.com. http://www.malwaredomainlist.com/ Free API
malwaredomains.com Check if a host/domain is malicious according to malwaredomains.com. http://www.malwaredomains.com/ Free API
MalwarePatrol Searches malwarepatrol.net's database of malicious URLs/IPs. https://www.malwarepatrol.net/ Tiered API
MetaDefender Search MetaDefender API for IP address and domain IP reputation. https://metadefender.opswat.com/ Tiered API
Mnemonic PassiveDNS Obtain Passive DNS information from PassiveDNS.mnemonic.no. https://www.mnemonic.no Free API
multiproxy.org Open Proxies Check if an IP is an open proxy according to multiproxy.org' open proxy list. https://multiproxy.org/ Free API
MySpace Gather username and location from MySpace.com profiles. https://myspace.com/ Free API
NameAPI Check whether an email is disposable https://www.nameapi.org/ Tiered API
NetworksDB Search NetworksDB.io API for IP address and domain information. https://networksdb.io/ Tiered API
NeutrinoAPI Search NeutrinoAPI for IP address info and check IP reputation. https://www.neutrinoapi.com/ Tiered API
Norton ConnectSafe Check if a host would be blocked by Norton ConnectSafe DNS N/A Internal
numverify Lookup phone number location and carrier information from numverify.com. http://numverify.com/ Tiered API
Onion.link Search Tor 'Onion City' search engine for mentions of the target domain. https://onion.link/ Free API
Onionsearchengine.com Search Tor onionsearchengine.com for mentions of the target domain. https://as.onionsearchengine.com Free API
Onyphe Check Onyphe data (threat list, geo-location, pastries, vulnerabilities) about a given IP. https://www.onyphe.io Tiered API
Open Bug Bounty Check external vulnerability scanning/reporting service openbugbounty.org to see if the target is listed. https://www.openbugbounty.org/ Free API
Open Passive DNS Database Obtain passive DNS information from pdns.daloo.de Open passive DNS database. http://pdns.daloo.de/ Free API
OpenCorporates Look up company information from OpenCorporates. https://opencorporates.com Tiered API
OpenDNS Check if a host would be blocked by OpenDNS DNS https://www.opendns.com/ Free API
OpenPhish Check if a host/domain is malicious according to OpenPhish.com. https://openphish.com/ Free API
OpenStreetMap Retrieves latitude/longitude coordinates for physical addresses from OpenStreetMap API. https://www.openstreetmap.org/ Free API
Page Information Obtain information about web pages (do they take passwords, do they contain forms, etc.) N/A Internal
PasteBin PasteBin search (via Google Search API) to identify related content. https://pastebin.com/ Tiered API
PGP Key Servers Look up e-mail addresses in PGP public key servers. N/A Internal
PhishStats Determine if an IP Address is malicious https://phishstats.info/ Free API
PhishTank Check if a host/domain is malicious according to PhishTank. https://phishtank.com/ Free API
Phone Number Extractor Identify phone numbers in scraped webpages. N/A Internal
Port Scanner - TCP Scans for commonly open TCP ports on Internet-facing systems. N/A Internal
ProjectDiscovery Chaos Search for hosts/subdomains using chaos.projectdiscovery.io https://chaos.projectdiscovery.io Internal
Psbdmp Check psbdmp.cc (PasteBin Dump) for potentially hacked e-mails and domains. https://psbdmp.cc/ Free API
Pulsedive Obtain information from Pulsedive's API. https://pulsedive.com/ Tiered API
Quad9 Check if a host would be blocked by Quad9 https://quad9.net/ Free API
Recon.dev Search Recon.dev for subdomains. https://recon.dev Internal
RIPE Queries the RIPE registry (includes ARIN data) to identify netblocks and other info. https://www.ripe.net/ Free API
RiskIQ Obtain information from RiskIQ's (formerly PassiveTotal) Passive DNS and Passive SSL databases. https://community.riskiq.com/ Tiered API
Robtex Search Robtex.com for hosts sharing the same IP. https://www.robtex.com/ Free API
Scylla Gather breach data from Scylla API. https://scylla.sh/ Free API
SecurityTrails Obtain Passive DNS and other information from SecurityTrails https://securitytrails.com/ Tiered API
SHODAN Obtain information from SHODAN about identified IP addresses. https://www.shodan.io/ Tiered API
Similar Domain Finder Search various sources to identify similar looking domain names, for instance squatted domains. N/A Internal
Skymem Look up e-mail addresses on Skymem. http://www.skymem.info/ Free API
SlideShare Gather name and location from SlideShare profiles. https://www.slideshare.net Free API
Snov Gather available email IDs from identified domains https://snov.io/ Tiered API
Social Media Profile Finder Tries to discover the social media profiles for human names identified. https://developers.google.com/custom-search Tiered API
Social Network Identifier Identify presence on social media networks such as LinkedIn, Twitter and others. N/A Internal
SORBS Query the SORBS database for open relays, open proxies, vulnerable servers, etc. http://www.sorbs.net/ Free API
SpamCop Query various spamcop databases for open relays, open proxies, vulnerable servers, etc. https://www.spamcop.net/ Free API
Spamhaus Query the Spamhaus databases for open relays, open proxies, vulnerable servers, etc. https://www.spamhaus.org/ Free API
spur.us Obtain information about any malicious activities involving IP addresses found https://spur.us/ Internal
SpyOnWeb Search SpyOnWeb for hosts sharing the same IP address, Google Analytics code, or Google Adsense code. http://spyonweb.com/ Tiered API
Spyse SpiderFoot plug-in to search Spyse API for IP address and domain information. https://spyse.com Tiered API
SSL Certificate Analyzer Gather information about SSL certificates used by the target's HTTPS sites. N/A Internal
Strange Header Identifier Obtain non-standard HTTP headers returned by web servers. N/A Internal
Subdomain Takeover Checker Check if affiliated subdomains are vulnerable to takeover. N/A Internal
Talos Intelligence Check if a netblock or IP is malicious according to talosintelligence.com. https://talosintelligence.com/ Free API
TextMagic Obtain phone number type from TextMagic API https://www.textmagic.com/ Tiered API
ThreatCrowd Obtain information from ThreatCrowd about identified IP addresses, domains and e-mail addresses. https://www.threatcrowd.org Free API
ThreatMiner Obtain information from ThreatMiner's database for passive DNS and threat intelligence. https://www.threatminer.org/ Free API
TLD Searcher Search all Internet TLDs for domains with the same name as the target (this can be very slow.) N/A Internal
Tool - CMSeeK Identify what Content Management System (CMS) might be used. https://github.com/Tuhinshubhra/CMSeeK Internal
Tool - DNSTwist Identify bit-squatting, typo and other similar domains to the target using a local DNSTwist installation. https://github.com/elceef/dnstwist Internal
Tool - Nmap Identify what Operating System might be used. https://nmap.org/ Internal
Tool - WhatWeb Identify what software is in use on the specified website. https://github.com/urbanadventurer/whatweb Internal
TOR Exit Nodes Check if an IP or netblock appears on the torproject.org exit node list. N/A Internal
TORCH Search Tor 'TORCH' search engine for mentions of the target domain. N/A Internal
TotalHash.com Check if a host/domain or IP is malicious according to TotalHash.com. https://totalhash.cymru.com/ Free API
Trumail Check whether an email is disposable https://trumail.io/ Free API
Twilio Obtain information from Twilio about phone numbers. Ensure you have the Caller Name add-on installed in Twilio. https://www.twilio.com/ Tiered API
Twitter Gather name and location from Twitter profiles. https://twitter.com/ Free API
UCEPROTECT Query the UCEPROTECT databases for open relays, open proxies, vulnerable servers, etc. http://www.uceprotect.net/ Free API
URLScan.io Search URLScan.io cache for domain information. https://urlscan.io/ Free API
Venmo Gather user information from Venmo API. https://venmo.com/ Free API
ViewDNS.info Reverse Whois lookups using ViewDNS.info. https://viewdns.info/ Tiered API
VirusTotal Obtain information from VirusTotal about identified IP addresses. https://www.virustotal.com/ Tiered API
VoIPBL OpenPBX IPs Check if an IP or netblock is an open PBX according to VoIPBL OpenPBX IPs. http://www.voipbl.org/ Free API
VXVault.net Check if a domain or IP is malicious according to VXVault.net. http://vxvault.net/ Free API
Watchguard Check if an IP is malicious according to Watchguard's reputationauthority.org. http://reputationauthority.org/ Free API
Web Analytics Extractor Identify web analytics IDs in scraped webpages and DNS TXT records. N/A Internal
Web Framework Identifier Identify the usage of popular web frameworks like jQuery, YUI and others. N/A Internal
Web Server Identifier Obtain web server banners to identify versions of web servers being used. N/A Internal
Web Spider Spidering of web-pages to extract content for searching. N/A Internal
WhatCMS Check web technology using WhatCMS.org API. https://whatcms.org/ Tiered API
Whoisology Reverse Whois lookups using Whoisology.com. https://whoisology.com/ Internal
Whois Perform a WHOIS look-up on domain names and owned netblocks. N/A Internal
Whoxy Reverse Whois lookups using Whoxy.com. https://www.whoxy.com/ Internal
WiGLE Query WiGLE to identify nearby WiFi access points. https://wigle.net/ Free API
Wikileaks Search Wikileaks for mentions of domain names and e-mail addresses. https://wikileaks.org/ Free API
Wikipedia Edits Identify edits to Wikipedia articles made from a given IP address or username. https://www.wikipedia.org/ Free API
XForce Exchange Obtain IP reputation and passive DNS information from IBM X-Force Exchange https://exchange.xforce.ibmcloud.com/ Tiered API
Yandex DNS Check if a host would be blocked by Yandex DNS https://yandex.com/ Free API
Zetalytics Query the Zetalytics database for hosts on your target domain(s). https://zetalytics.com/ Tiered API
Zone-H Defacement Check Check if a hostname/domain appears on the zone-h.org 'special defacements' RSS feed. https://zone-h.org/ Free API

DOCUMENTATION

Read more at the project website, including more complete documentation, blog posts with tutorials/guides, plus information about SpiderFoot HX.

Latest updates announced on Twitter.

Comments
  • Final release issue

    Final release issue

    Debian - Parrot Security OS (latest version) Dell laptop 64bit

    python3 sf.py Traceback (most recent call last): File "sf.py", line 21, in import cherrypy ModuleNotFoundError: No module named 'cherrypy'

    opened by hwac121 21
  • Why SpiderFoot no longer supports loading the spiderfoot.db database from the application directory? Also bash: cd: /root/.spiderfoot: No such file or directory

    Why SpiderFoot no longer supports loading the spiderfoot.db database from the application directory? Also bash: cd: /root/.spiderfoot: No such file or directory

    I just pulled spiderfoot tried running it but ERROR

    How can I can run it? I tried running it root home and su home etc.

    also cd /root/.spiderfoot/spiderfoot.db is not found too bash: cd: /root/.spiderfoot: No such file or directory

    ERROR: spiderfoot.db file exists in .
    SpiderFoot no longer supports loading the spiderfoot.db database from the application directory.
    The database is now loaded from your home directory: /root/.spiderfoot/spiderfoot.db
    This message will go away once you move or remove spiderfoot.db from .
    
    Please provide a description of the issue and any relevant error messages.
    
    If you can provide an application stack trace that is even better.
    

    is there any tutorial for this one? What version of Python are you using? Python 3.8.6 What version of SpiderFoot are you using (stable release or Git master branch)? Git master branch You may also wish to check if your issue has been posted previously:

    • https://github.com/smicallef/spiderfoot/issues
    opened by MiChaelinzo 20
  • ImportError: cannot import name 'gcd' from 'fractions' (/usr/lib/python3.9/fractions.py)

    ImportError: cannot import name 'gcd' from 'fractions' (/usr/lib/python3.9/fractions.py)

    Please provide a description of the issue and any relevant error messages. When python3 ./sf.py -l 127.0.0.1:5001 is executed , i get the below error.

    I have installed gcd and also added PATH to .profile

    Stack Trace

    Traceback (most recent call last): File "/home/user1/Desktop/user2/OSINT/spiderfoot-3.2.1/./sf.py", line 30, in from sflib import SpiderFoot File "/home/user1/Desktop/user2/OSINT/spiderfoot-3.2.1/sflib.py", line 40, in from networkx import nx File "/home/user1/.local/lib/python3.9/site-packages/networkx/init.py", line 114, in import networkx.generators File "/home/user1/.local/lib/python3.9/site-packages/networkx/generators/init.py", line 14, in from networkx.generators.intersection import * File "/home/user1/.local/lib/python3.9/site-packages/networkx/generators/intersection.py", line 13, in from networkx.algorithms import bipartite File "/home/user1/.local/lib/python3.9/site-packages/networkx/algorithms/init.py", line 16, in from networkx.algorithms.dag import * File "/home/user1/.local/lib/python3.9/site-packages/networkx/algorithms/dag.py", line 23, in from fractions import gcd ImportError: cannot import name 'gcd' from 'fractions' (/usr/lib/python3.9/fractions.py)

    What version of Python are you using?

    Python 3.9

    What version of SpiderFoot are you using (stable release or Git master branch)?

    Stable

    opened by rigyaja 17
  • Unhandled exception (error) encountered during scan

    Unhandled exception (error) encountered during scan

    While scanning, I received the following error message:

    Unhandled exception (error) encountered during scan. Please report this as a bug: Traceback (most recent call last): File "/home/spiderfoot/sfscan.py", line 265, in startScan psMod.notifyListeners(firstEvent) File "/home/spiderfoot/sflib.py", line 1527, in notifyListeners listener.handleEvent(sfEvent) File "/home/spiderfoot/modules/sfp_dnsresolve.py", line 222, in handleEvent self.processHost(addr, parentEvent, False) File "/home/spiderfoot/modules/sfp_dnsresolve.py", line 338, in processHost self.processDomain(dom, evt) File "/home/spiderfoot/modules/sfp_dnsresolve.py", line 357, in processDomain self.notifyListeners(domevt) File "/home/spiderfoot/sflib.py", line 1527, in notifyListeners listener.handleEvent(sfEvent) File "/home/spiderfoot/modules/sfp_dnsbrute.py", line 131, in handleEvent self.notifyListeners(evt) File "/home/spiderfoot/sflib.py", line 1527, in notifyListeners listener.handleEvent(sfEvent) File "/home/spiderfoot/modules/sfp_dnsresolve.py", line 222, in handleEvent self.processHost(addr, parentEvent, False) File "/home/spiderfoot/modules/sfp_dnsresolve.py", line 334, in processHost self.notifyListeners(evt) File "/home/spiderfoot/sflib.py", line 1527, in notifyListeners listener.handleEvent(sfEvent) File "/home/spiderfoot/modules/sfp_robtex.py", line 167, in handleEvent self.notifyListeners(evt) File "/home/spiderfoot/sflib.py", line 1527, in notifyListeners listener.handleEvent(sfEvent) File "/home/spiderfoot/modules/sfp_badipscom.py", line 246, in handleEvent url = self.lookupItem(cid, typeId, eventData) File "/home/spiderfoot/modules/sfp_badipscom.py", line 197, in lookupItem return self.resourceList(cid, target, itemType) File "/home/spiderfoot/modules/sfp_badipscom.py", line 183, in resourceList re.match(rxTgt, line, re.IGNORECASE): File "/usr/lib/python2.7/re.py", line 141, in match return _compile(pattern, flags).match(string) File "/usr/lib/python2.7/re.py", line 251, in _compile raise error, v # invalid expression error: nothing to repeat


    What could be the cause of this error message?

    opened by ADL7 14
  • fullName Unhandled exception (KeyError)

    fullName Unhandled exception (KeyError)

    Unhandled exception (KeyError) encountered during scan. Please report this as a bug: ['Traceback (most recent call last):\n', ' File "/root/Tools/spiderfoot-2.12/sfscan.py", line 265, in startScan\n psMod.notifyListeners(firstEvent)\n', ' File "/root/Tools/spiderfoot-2.12/sflib.py", line 1527, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/root/Tools/spiderfoot-2.12/modules/sfp_pastebin.py", line 123, in handleEvent\n self.notifyListeners(evt2)\n', ' File "/root/Tools/spiderfoot-2.12/sflib.py", line 1527, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/root/Tools/spiderfoot-2.12/modules/sfp_email.py", line 98, in handleEvent\n self.notifyListeners(evt)\n', ' File "/root/Tools/spiderfoot-2.12/sflib.py", line 1527, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/root/Tools/spiderfoot-2.12/modules/sfp_fullcontact.py", line 151, in handleEvent\n e = SpiderFootEvent("HUMAN_NAME", data['fullName'], self.name, event)\n', "KeyError: 'fullName'\n"]

    opened by tskorick 12
  • memory error in sfp_spider.py

    memory error in sfp_spider.py

    stack trace: Unhandled exception (MemoryError) encountered during scan. Please report this as a bug: ['Traceback (most recent call last):\n', ' File "/home/gianz/spiderfoot/sfscan.py", line 195, in startScan\n module.start()\n', ' File "/home/gianz/spiderfoot/modules/sfp_bingsearch.py", line 81, in start\n self.notifyListeners(evt)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 120, in handleEvent\n self.processHost(match, parentEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 271, in processHost\n self.notifyListeners(evt)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 250, in handleEvent\n return self.spiderFrom(spiderTarget)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 274, in spiderFrom\n links = self.processUrl(startingPoint) # fetch first page\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 105, in processUrl\n self.contentNotify(url, fetched, self.urlEvents[url])\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 189, in contentNotify\n self.notifyListeners(event)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 120, in handleEvent\n self.processHost(match, parentEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 271, in processHost\n self.notifyListeners(evt)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 250, in handleEvent\n return self.spiderFrom(spiderTarget)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 300, in spiderFrom\n freshLinks = self.processUrl(link)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 128, in processUrl\n self.urlEvents[link] = self.linkNotify(link, self.urlEvents[url])\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 181, in linkNotify\n self.notifyListeners(event)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 120, in handleEvent\n self.processHost(match, parentEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 271, in processHost\n self.notifyListeners(evt)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 250, in handleEvent\n return self.spiderFrom(spiderTarget)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 274, in spiderFrom\n links = self.processUrl(startingPoint) # fetch first page\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 105, in processUrl\n self.contentNotify(url, fetched, self.urlEvents[url])\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 189, in contentNotify\n self.notifyListeners(event)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 120, in handleEvent\n self.processHost(match, parentEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 271, in processHost\n self.notifyListeners(evt)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 250, in handleEvent\n return self.spiderFrom(spiderTarget)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 300, in spiderFrom\n freshLinks = self.processUrl(link)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 105, in processUrl\n self.contentNotify(url, fetched, self.urlEvents[url])\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 189, in contentNotify\n self.notifyListeners(event)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 120, in handleEvent\n self.processHost(match, parentEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 271, in processHost\n self.notifyListeners(evt)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 250, in handleEvent\n return self.spiderFrom(spiderTarget)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 300, in spiderFrom\n freshLinks = self.processUrl(link)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 105, in processUrl\n self.contentNotify(url, fetched, self.urlEvents[url])\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 189, in contentNotify\n self.notifyListeners(event)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 120, in handleEvent\n self.processHost(match, parentEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 271, in processHost\n self.notifyListeners(evt)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 250, in handleEvent\n return self.spiderFrom(spiderTarget)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 300, in spiderFrom\n freshLinks = self.processUrl(link)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 105, in processUrl\n self.contentNotify(url, fetched, self.urlEvents[url])\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 189, in contentNotify\n self.notifyListeners(event)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 120, in handleEvent\n self.processHost(match, parentEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 271, in processHost\n self.notifyListeners(evt)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 250, in handleEvent\n return self.spiderFrom(spiderTarget)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 274, in spiderFrom\n links = self.processUrl(startingPoint) # fetch first page\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 105, in processUrl\n self.contentNotify(url, fetched, self.urlEvents[url])\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 189, in contentNotify\n self.notifyListeners(event)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 120, in handleEvent\n self.processHost(match, parentEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 271, in processHost\n self.notifyListeners(evt)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 250, in handleEvent\n return self.spiderFrom(spiderTarget)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 300, in spiderFrom\n freshLinks = self.processUrl(link)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 128, in processUrl\n self.urlEvents[link] = self.linkNotify(link, self.urlEvents[url])\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 181, in linkNotify\n self.notifyListeners(event)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 120, in handleEvent\n self.processHost(match, parentEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 271, in processHost\n self.notifyListeners(evt)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 250, in handleEvent\n return self.spiderFrom(spiderTarget)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 300, in spiderFrom\n freshLinks = self.processUrl(link)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 105, in processUrl\n self.contentNotify(url, fetched, self.urlEvents[url])\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 189, in contentNotify\n self.notifyListeners(event)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 120, in handleEvent\n self.processHost(match, parentEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_dns.py", line 271, in processHost\n self.notifyListeners(evt)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 1050, in notifyListeners\n listener.handleEvent(sfEvent)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 250, in handleEvent\n return self.spiderFrom(spiderTarget)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 300, in spiderFrom\n freshLinks = self.processUrl(link)\n', ' File "/home/gianz/spiderfoot/modules/sfp_spider.py", line 117, in processUrl\n links = sf.parseLinks(url, fetched['content'], self.baseDomain)\n', ' File "/home/gianz/spiderfoot/sflib.py", line 578, in parseLinks\n self.error("Error applying regex2 to: " + data)\n', 'MemoryError\n']

    opened by gianz74 12
  • Unexpected error during long-term scanning

    Unexpected error during long-term scanning

    Hello! Faced with a problem: I ran 2 scans of 2 sites, after a while I noticed that it was completed, although I understood that this could not be the case (not all goals were met). I logged into the linux server and saw this error in the console: image (2022-05-28 01:05:22,064 [ERROR] threadpool : Error in thread worker sharedThreadPool_worker_2: Traceback (most recent call last) File "/root/spiderfoot-4.0/spiderfoot/threadpool.py", line 256, in run' result = callback(×args, ×*kuargs) File "/root/spiderfoot-4.0/modules/sfp_spider.py", line 313, in handleEvent return self.spider from(spider Target) File "/root/spiderfoot-4.0/modules/sfp_spider.py", line 364, insider from freshLinks = self.processUrl(link) File "/root/spiderfoot-4.0/modules/sfp_spider.py", line 112, in process Url if self.opts['use cookies'] and fetch['headers'] is not None: TypeError: 'NoneType' object is not subscriptable 2022-05-28 02:04:46,205 [INFO] sf lib : Running 37 correlation rules. 2022-05-28 02:28:34,125 [INFO] sf lib : Scan [089C2113] completed. 2022-05-28 02:30:13,018 [INFO] sf lib : Scan [0E601609] completed.) Can you tell me what could cause such errors and what are the solutions to the problem? I leave information about my system and software: Python version used: 3.10.4 System used: Debian 11 Spiderfoot version used: 4.0 Free disk space: 100 GB Cores/RAM: 8/12 Thanks!

    opened by 1Suprem3 11
  • How i find others informations in website ?

    How i find others informations in website ?

    I'm really sorry my question is probably stupid, but how i find information from a website? I mean, how can i add a class or id in the search? Thanks in advance

    opened by faust87280 9
  • Wrong requirements.txt

    Wrong requirements.txt

    Just got stable 3.3 from the download tgz. Unzipped on debian 10 and installed requirements.

    networkx is stated as >=2.5 and currently installs 2.6.2. Launching sf fails on

    File "/opt/spiderfoot-3.3/sflib.py", line 42, in <module>
        from networkx import nx
    ImportError: cannot import name 'nx' from 'networkx'
    

    Correcting the requirement to ==2.5 solves the problem.

    Same with secure that installs 0.3.0.

    Traceback (most recent call last):
      File "sf.py", line 32, in <module>
        from sfwebui import SpiderFootWebUi
      File "/opt/spiderfoot-3.3/sfwebui.py", line 27, in <module>
        from secure import SecureHeaders
    ImportError: cannot import name 'SecureHeaders' from 'secure'
    

    Using secure==0.2.1 makes it work again.

    opened by LoZio 9
  • Bitcoin address error

    Bitcoin address error

    First, I've tried to insert an bitcoin adress containing 40 characteres but I got this error: Invalid target type. Could not recognize it as a target SpiderFoot supports.

    Second, there are some plugins not availables like Bicoin Finder who does web scrapping for a specific address. How do I add a module to the tool?

    opened by thiagocaparelli 8
  • Line 356 - syntaxerror

    Line 356 - syntaxerror

    Hello.

    After installing pip and Spiderfoot in Ubuntu, when introducing the command "python sf.py" in the terminal, this is the result:

    File "sf.py", line 356 print ("[", end=' ') ^ SyntaxError: invalid syntax

    And I cannot launch Spiderfoot. Thanks for any help. C.

    opened by citroen510 8
  • SpiderFoots Cloning

    SpiderFoots Cloning

    Please provide a description of the issue and any relevant error messages. Cloning Spiderfoot If you can provide an application stack trace that is even better.

    What version of Python are you using? Python 3 What version of SpiderFoot are you using (stable release or Git master branch)? SpiderFoots CLI You may also wish to check if your issue has been posted previously: Yeah ~$ git clone * https://github.com/smicallef/spiderfoot.git

    opened by Acenation20 3
  • CLI filters not working

    CLI filters not working

    I am evaluating the CLI and finding it ignores the type filters. Dropped back to using the Web UI on a fresh pull from git and it seems to also ignore type filters. Anyone have any ideas what might be going on? Do these work for others? -q -x -f -s domain.com -t IP_ADDRESS,INTERNET_NAME,EMAILADDR for example works well if calling sf.py, but when issued against the CLI scans everything.

    opened by 10GeekJames 2
  • Suggestion for adding another module to your list

    Suggestion for adding another module to your list

    https://www.criminalip.io/ - Criminal IP is a specialized Cyber Threat Intelligence (CTI) search engine that allows users to search for various security-related information such as malicious IP addresses, domains, banners, etc. It has an asset search function which can assess IP usage information and domain search, which works to assess DNS attached to the IP.

    opened by resley-404 2
  • TLD List Fails to Update

    TLD List Fails to Update

    I am using SF 4.0.0 in conjunction with Python 3.10.2.

    While performing a passive search on the target example.com I encountered the following error: [INFO] sfwebui : Waiting for the scan to initialize... [INFO] sflib : Downloading configuration data from: https://publicsuffix.org/list/effective_tld_names.dat [ERROR] sflib : Unable to open option URL, https://publicsuffix.org/list/effective_tld_names.dat: HTTPSConnectionPool(host='publicsuffix.org', port=443): Max retries exceeded with url: /list/effective_tld_names.dat (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)'))) [INFO] sflib : Scan [4DADA4C8] failed: Could not update TLD list Process Process-1: Traceback (most recent call last): File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/multiprocessing/process.py", line 315, in _bootstrap self.run() File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/multiprocessing/process.py", line 108, in run self._target(*self._args, **self._kwargs) File "/Users/myusrename/Documents/myProjectFolder/spiderfoot/sfscan.py", line 28, in startSpiderFootScanner return SpiderFootScanner(*args, **kwargs) File "/Users/myusrename/Documents/myProjectFolder/spiderfoot/sfscan.py", line 206, in init raise ValueError("Could not update TLD list") ValueError: Could not update TLD list

    opened by brassMonkeyz 0
  • Running spiderfoot behind nginx Reverse-Proxy

    Running spiderfoot behind nginx Reverse-Proxy

    It would be great if I could find a sample config for NGINX in the repo on how to run spiderfoot behind a ReverseProxy.

    Attached an working example:

    # /etc/nginx/conf.d/spider.conf
    server {
            server_name spider.example.com;
            listen 443 ssl http2;
            listen [::]:443 http2;
    
            location / {
            # Reverse Proxy
                    proxy_pass http://127.0.0.1:5001;
                    proxy_buffering off;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
    
            # Basic Auth
                    auth_basic_user_file /var/www/.htpasswd;
                    auth_basic "Administrator Area";
            }
    
            # SSL Certificate Path
            ssl_certificate /etc/letsencrypt/live/spider.example.com/fullchain.pem;
            ssl_certificate_key /etc/letsencrypt/live/spider.example.com/privkey.pem;   
    }
    
    opened by Gill-Bates 0
  • excel report not working

    excel report not working

    When a scan is done, and I try to export the data, to csv, it works, but to excel, it just opens a new browser tab. Or do I need to export to excel via the cli?

    I'm using spiderfoot 4.0.0 running on debian 11

    opened by bLackCat-79 0
Releases(v4.0)
Blinder is a tool that will help you simplify the exploitation of blind SQL injection

Blinder Have you found a blind SQL injection? Great! Now you need to export it, but are you too lazy to sort through the values? Most likely,

10 Dec 06, 2022
Northwave Log4j CVE-2021-44228 checker

Northwave Log4j CVE-2021-44228 checker Friday 10 December 2021 a new Proof-of-Concept 1 addressing a Remote code Execution (RCE) vulnerability in the

Northwave 125 Dec 09, 2022
Small python script to look for common vulnerabilities on SMTP server.

BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T

39 Dec 16, 2022
Visibility and Mitigation for Log4J vulnerabilities

Visibility and Mitigation for Log4J vulnerabilities Several scripts for the visibility and mitigation of Log4J vulnerabilities. Static Scanner - Linux

SentinelLabs 15 May 21, 2022
An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.

RonnieColemanYARAParser This script is named after Ronnie Coleman, and peforms bulk lifts on arbitary file features using YARA console logging. Requir

Steve 20 Dec 13, 2022
M.E.A.T. - Mobile Evidence Acquisition Toolkit

M.E.A.T. - Mobile Evidence Acquisition Toolkit Meet M.E.A.T! From Jack Farley - BlackStone Discovery This toolkit aims to help forensicators perform d

1 Nov 11, 2021
Python low-interaction honeyclient

Thug The number of client-side attacks has grown significantly in the past few years shifting focus on poorly protected vulnerable clients. Just as th

Angelo Dell'Aera 896 Dec 19, 2022
一款Web在线自动免杀工具

一款利用加载器以及Python反序列化绕过AV的在线免杀工具 因为打包方式的局限性,不能跨平台,若要生成exe格式的只能在Windows下运行本项目 打包速度有点慢,提交后稍等一会 开发环境及运行 前端使用Bootstrap框架,后端使用Django框架 。

yhy 172 Nov 28, 2022
Small Python library that adds password hashing methods to ORM objects

Password Mixin Mixin that adds some useful methods to ORM objects Compatible with Python 3.5 = 3.9 Install pip install password-mixin Setup first cre

Joe Gasewicz 5 Nov 22, 2022
Phishing-Crack tools to punish friends

Phishing-Crack Phishing Tool Version 1.0.0 Created By temirovazat A Phishing Tool With PHP and Python3 Features Fake Instagram Phishing Page Fake Face

3 Oct 04, 2022
User-friendly reference finder in IDA

IDARefHunter Updated: This project's been introduced on IDA Plugin Contest 2021! Why do we need RefHunter? Getting reference information in one specif

Jiwon 29 Dec 04, 2022
A simple subdomain scanner in python

Subdomain-Scanner A simple subdomain scanner in python ✨ Features scans subdomains of a domain thats it! 💁‍♀️ How to use first download the scanner.p

Portgas D Ace 2 Jan 07, 2022
Make your own huge Wordlist with advanced options

#It's my first tool i hope to be useful for everyone, Make your own huge Wordlist with advanced options, You need python3 to run this tool, If you hav

0.1Arafa 6 Dec 08, 2022
Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.

springcore-0day-en These are all my notes from the alleged confirmed! 0day dropped on 2022-03-29. This vulnerability is commonly referred to as "Sprin

Chris Partridge 105 Nov 26, 2022
Scan Site - Tools For Scanning Any Site and Get Site Information

Site Scanner Tools For Scanning Any Site and Get Site Information Example Require - pip install colorama - pip install requests How To Use Download Th

NumeX 5 Mar 19, 2022
Safe Policy Optimization with Local Features

Safe Policy Optimization with Local Feature (SPO-LF) This is the source-code for implementing the algorithms in the paper "Safe Policy Optimization wi

Akifumi Wachi 6 Jun 05, 2022
Confluence Server Webwork OGNL injection

CVE-2021-26084 - Confluence Server Webwork OGNL injection An OGNL injection vulnerability exists that would allow an authenticated user and in some in

Fellipe Oliveira 295 Jan 06, 2023
Dumps the payload.bin image found in Android update images.

payload dumper Dumps the payload.bin image found in Android update images. Has significant performance gains over other tools due to using multiproces

Rasmus 7 Nov 17, 2022
Agile Threat Modeling Toolkit

Threagile is an open-source toolkit for agile threat modeling:

Threagile 425 Jan 07, 2023
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

sqlmapproject 25.7k Jan 08, 2023