Performing OSINT with SpiderFoot
Overview
SpiderFoot is an open-source OSINT automation tool with 200+ modules that integrates with data sources for threat intelligence and attack surface mapping. This skill uses the SpiderFoot REST API and CLI (sf.py/spiderfoot-cli) to create and manage scans, select modules by use case (footprint, investigate, passive), parse structured results for domains, IPs, email addresses, leaked credentials, and DNS records, and generate target intelligence profiles.
When to Use
- When conducting security assessments that involve performing osint with spiderfoot
- When following incident response procedures for related security events
- When performing scheduled security testing or auditing activities
- When validating security controls through hands-on testing
Prerequisites
- SpiderFoot 4.0+ installed or SpiderFoot HX cloud account
- Python 3.8+ with requests library
- SpiderFoot server running on default port 5001
- Optional: API keys for VirusTotal, Shodan, HaveIBeenPwned modules
Steps
- Connect to SpiderFoot REST API or use CLI interface
- Create a new scan with target specification (domain, IP, email, name)
- Select scan modules by use case (all, footprint, investigate, passive)
- Monitor scan progress via API polling
- Retrieve and parse scan results by data element type
- Extract key findings: subdomains, IPs, emails, leaked credentials
- Generate structured OSINT intelligence report
Expected Output
JSON report containing OSINT findings organized by data type (domains, IPs, emails, credentials, DNS records), module source attribution, and target profile summary with risk indicators.
