Check if a host/domain or IP is malicious according to TotalHash.com.
Check if a host/domain, IP or netblock is malicious according to malwaredomainlist.com.
Determine if an IP Address is malicious
Amazon S3 Bucket Finder
Search for potential Amazon S3 buckets associated with the target and attempt to list their contents.
Identify associated public code repositories on Github.
AlienVault IP Reputation
Check if an IP or netblock is malicious according to the AlienVault IP Reputation database.
Check if a host/domain, IP or netblock is malicious according to abuse.ch.
Search URLScan.io cache for domain information.
Check if a netblock or IP is malicious according to emergingthreats.net.
Check if a host would be blocked by OpenDNS DNS
Open Passive DNS Database
Obtain passive DNS information from pdns.daloo.de Open passive DNS database.
Query BuiltWith.com's Domain API for information about your target's web technology stack, e-mail addresses and more.
Check if a host/domain is malicious according to PhishTank.
Gather user information from Venmo API.
CleanTalk Spam List
Check if a netblock or IP address is on CleanTalk.org's spam IP list.
Check whether an email is disposable
Search JsonWHOIS.com for WHOIS records associated with a domain.
Obtain information from SHODAN about identified IP addresses.
Check if a netblock or IP is malicious according to blocklist.de.
Check external vulnerability scanning/reporting service h1.nobbd.de to see if the target is listed.
Bambenek C&C List
Check if a host/domain or IP appears on Bambenek Consulting's C&C tracker lists.
Obtain information from Pulsedive's API.
Search Hybrid Analysis for domains and URLs related to the target.
Query DuckDuckGo's API for descriptive information about your target.
Check HaveIBeenPwned.com for hacked e-mail addresses identified in breaches.
Determine if target is malicious using IPQualityScore API
Query the Zetalytics database for hosts on your target domain(s).
Check if a host/domain or IP appears on CoinBlocker lists.
Azure Blob Finder
Search for potential Azure blobs associated with the target and attempt to list their contents.
Lookup US phone number location and reputation information.
Queries ARIN registry for contact information.
Search EmailRep.io for email address reputation.
Google Object Storage Finder
Search for potential Google Object Storage buckets associated with the target and attempt to list their contents.
Obtain information about any malicious activities involving IP addresses found
Check if a host would be blocked by Yandex DNS
Obtain information from IntelligenceX about identified IP addresses, domains, e-mail addresses and phone numbers.
Identifies the physical location of IP addresses identified using ipstack.com.
Check Bitcoin addresses against the bitcoinabuse.com database of suspect/malicious addresses.
Lookup phone number location and carrier information from numverify.com.
Check whether an email is disposable
Obtain information from Censys.io
Obtain Passive DNS and other information from SecurityTrails
Search Wikileaks for mentions of domain names and e-mail addresses.
VoIPBL OpenPBX IPs
Check if an IP or netblock is an open PBX according to VoIPBL OpenPBX IPs.
Search Tor 'Onion City' search engine for mentions of the target domain.
Search grep.app API for links and emails related to the specified domain.
Reverse Whois lookups using ViewDNS.info.
Gather breach data from Scylla API.
Query various spamcop databases for open relays, open proxies, vulnerable servers, etc.
Check if a host would be blocked by Quad9
Obtain IP reputation and passive DNS information from IBM X-Force Exchange
multiproxy.org Open Proxies
Check if an IP is an open proxy according to multiproxy.org' open proxy list.
Search Apility API for IP address and domain reputation.
Reverse Whois lookups using Whoisology.com.
Project Discovery Chaos
Search for hosts/subdomains using chaos.projectdiscovery.io
Obtain information from bing to identify sub-domains and links.
Obtain Passive DNS information from Rapid7 Sonar Project using DNSGrep API.
Check if an IP address is malicious according to BadIPs.com.
Search MetaDefender API for IP address and domain IP reputation.
Query the projecthoneypot.org database for entries.
Check psbdmp.cc (PasteBin Dump) for potentially hacked e-mails and domains.
Search Flickr for domains, URLs and emails related to the specified domain.
Check for names, addresses, domains and more based on lookups of e-mail addresses on clearbit.com.
Check if a netblock or IP is malicious according to talosintelligence.com.
Searches botscout.com's database of spam-bot IPs and e-mail addresses.
Check for e-mail addresses and names on hunter.io.
Zone-H Defacement Check
Check if a hostname/domain appears on the zone-h.org 'special defacements' RSS feed.
Check whether an email is disposable
Digital Ocean Space Finder
Search for potential Digital Ocean Spaces associated with the target and attempt to list their contents.
Check if a domain or IP is malicious according to VXVault.net.
Check if a host would be blocked by Comodo DNS
Check if the URL is included on any of the Safe Browsing lists.
Check if linked pages would be blocked by AdBlock Plus.
Searches Leak-Lookup.com's database of breaches.
Look up e-mail addresses on Skymem.
Obtain network information from Fringe Project API.
Check if an IP address is malicious according to AbuseIPDB.com blacklist.
Obtain information from BinaryEdge.io Internet scanning systems, including breaches, vulnerabilities, torrents and passive DNS.
Obtain information about domain names from host.io.
Obtain threat information from Fraudguard.io
Gather hostnames from historical certificates in crt.sh.
Searches malwarepatrol.net's database of malicious URLs/IPs.
Queries the C99 API which offers various data (geo location, proxy detection, phone lookup, etc).
Check if a netblock or IP address is malicious according to greensnow.co.
CloudFlare Malware DNS
Check if a host would be blocked by CloudFlare Malware-blocking DNS
Search EmailCrawlr for email addresses and phone numbers associated with a domain.
Obtain information from AlienVault Open Threat Exchange (OTX)
Obtain information from RiskIQ's (formerly PassiveTotal) Passive DNS and Passive SSL databases.
Check if an IP is malicious according to Fortiguard.com.
Search NeutrinoAPI for IP address info and check IP reputation.
Check if a host/domain is malicious according to malwaredomains.com.
Search the Darksearch.io Tor search engine for mentions of the target domain.
Search Tor 'Ahmia' search engine for mentions of the target domain.
Query the ipregistry.co database for reputation and geo-location.
Gather username and location from MySpace.com profiles.
Search Koodous for mobile apps.
Look up e-mail addresses on email-format.com.
Searches for URLs found through CommonCrawl.org.
Search SpyOnWeb for hosts sharing the same IP address, Google Analytics code, or Google Adsense code.
Gather information from Instagram profiles.
Search HackerTarget.com for hosts sharing the same IP.
Check Onyphe data (threat list, geo-location, pastries, vulnerabilities) about a given IP.
Queries blockchain.info to find the balance of identified bitcoin wallet addresses.
Search LeakIX for host data leaks, open ports, software and geoip.
Gather name and location from SlideShare profiles.
Identifies potential physical addresses and latitude/longitude coordinates.
Obtain phone number type from TextMagic API
Check if an IP is malicious according to Watchguard's reputationauthority.org.
Query the Spamhaus databases for open relays, open proxies, vulnerable servers, etc.
Identify edits to Wikipedia articles made from a given IP address or username.
Obtain information from Twilio about phone numbers. Ensure you have the Caller Name add-on installed in Twilio.
Queries the RIPE registry (includes ARIN data) to identify netblocks and other info.
Check if a host/domain or IP is malicious according to cybercrime-tracker.net.
Reverse Whois lookups using Whoxy.com
Retrieves latitude/longitude coordinates for physical addresses from OpenStreetMap API.
SpiderFoot plug-in to search Spyse API for IP address and domain information.
Social Media Profile Finder
Tries to discover the social media profiles for human names identified.
Obtain network information from BGPView API.
Bing (Shared IPs)
Search Bing for hosts sharing the same IP.
Bitcoin Who's Who
Check for Bitcoin addresses against the Bitcoin Who's Who database of suspect/malicious addresses.
Gather domain and e-mail information from FullContact.com API.
Internet Storm Center
Check if an IP is malicious according to SANS ISC.
Obtain information from the Google Custom Search API to identify sub-domains and links.
Check if a host would be blocked by CleanBrowsing.org DNS
Check if a host/domain is malicious according to OpenPhish.com.
Obtain Passive DNS information from PassiveDNS.mnemonic.no.
Open Bug Bounty
Check external vulnerability scanning/reporting service openbugbounty.org to see if the target is listed.
PasteBin search (via Google Search API) to identify related content.
Obtain information from VirusTotal about identified IP addresses.
Check web technology using WhatCMS.org API.
Look up company information from OpenCorporates.
Obtain information from Greynoise.io's Enterprise API.
Search Tor onionsearchengine.com for mentions of the target domain.
Obtain information from ThreatCrowd about identified IP addresses, domains and e-mail addresses.
Identifies the physical location of IP addresses identified using ipinfo.io.
Query the UCEPROTECT databases for open relays, open proxies, vulnerable servers, etc.
Gather available email IDs from identified domains
Gather name and location from Twitter profiles.
Query the DroneBL database for open relays, open proxies, vulnerable servers, etc.
Search NetworksDB.io API for IP address and domain information.
Obtain additional information about target username
Obtain information from CIRCL.LU's Passive DNS and Passive SSL databases.
Query WiGLE to identify nearby WiFi access points.
Obtain network information from F-Secure Riddler.io API.
Check iknowwhatyoudownload.com for IP addresses that have been using BitTorrent.
Retrieve user information from Gravatar API.
Obtain information about any malicious activities involving IP addresses
Identifies historic versions of interesting files/pages from the Wayback Machine.
Query FarSight's DNSDB for historical and passive DNS data.
Search Robtex.com for hosts sharing the same IP.
Obtain information from ThreatMiner's database for passive DNS and threat intelligence.
Query the SORBS database for open relays, open proxies, vulnerable servers, etc.
Queries mtg-bi.com (Social Links) to gather intelligence from social media platforms and dark web.