15 New modules for Open Source and SpiderFoot HX | Intel471 Skip to content
blog article

15 New modules for Open Source and SpiderFoot HX

Jun 03, 2020
Rich smith Lz JYC Jf Ce M unsplash 1536x1024

As part of our goal to bring all the relevant OSINT on the Internet to your fingertips, we’ve been hard at work integrating with a bunch of new data sources, as well as developing new modules for extracting interesting data. This takes our module count to 180, and we’re aiming to hit the 200 mark by August. And yes, these are available in both SpiderFoot HX and the open source version.

Check out the list below, and as usual if you have any requests, just contact us!

Bad Packets: Bad Packets provides cyber threat intelligence on emerging threats, DDoS botnets and network abuse by continuously monitoring and detecting malicious activity.

Nmap: You might be aware that SpiderFoot can already run a few security/recon tools, including DNSTwist and CMSeeK, and it can now also run NMap to perform OS fingerprinting of your target.

//grep.app: //grep.app is a tremendous resource for searching code repositories, in this case used for finding host names, URLs and e-mail addresses associated with your target.

GreenSnow: Similar to Spamhaus.org (for which SpiderFoot already has a module), Greensnow.co maintain a malicious IP list.

Botvrij: Botvrij.eu provides different sets of open source IOCs that you can use in your security devices to detect possible malicious activity. The information contains network info (IPs), file hashes, file paths, domain names, URLs.

Emerging Threats: A database of current and historical metadata on IPs, domains, and other related threat intelligence to help research threats and investigate incidents involved with IP addresses associated with your target.

CloudFlare DNS: In addition to, CloudFlare also provide resolvers to block malware and adult content. By querying using this DNS, SpiderFoot can indicate whether your target or associated hosts are potentially malicious.

PhishStats: A real time phishing database. PhishStats gathers phishing URLs from several sources.

Snov: The Snov.io API enables you to get a list of e-mails addresses for your target domain as well as find e-mail addresses by name.

Maltiverse: Checks the Maltiverse IOC database for whether IP addresses associated with your target may be involved in malware campaigns.

Keybase: The Keybase.io module will extract a user’s profile information from Keybase.io, including Bitcoin wallet addresses, accounts on other social media platforms and more.

Spyse: The Spyse cybersecurity search engine is a rich data source for passive DNS data, open ports, historic web banners and more.

IBANs: A module that analyzes all received web content for IBANs, indicating bank accounts used and publicly announced by your target.

Credit Cards: Just as with IBANs, this module searches for credit card numbers and performs a LUN check on the card number found to reduce false positives.

Country names: This module analyzes IBANs, TLDs of domains and much more to determine the potential country relationships/presence of your target.

Want to see the code for all of these modules? Check it out here and stay tuned for the next 20 modules that take us to the 200 module mark!

You can also follow us on Twitter to learn about each new module as it’s released.