spiderfoot-ng 4.4.1

Open-source OSINT automation tool (community-maintained SpiderFoot fork)

spiderfoot-ng

spiderfoot-ng is an open-source intelligence (OSINT) automation tool. It integrates with hundreds of data sources and combines them with analysis modules to make the resulting data easy to navigate.

It has an embedded web server with a clean, intuitive web UI, and can also be driven entirely from the command line. It's written in Python 3 and MIT-licensed.

Jump to Installing and Running

About this fork spiderfoot-ng is a fork of smicallef/spiderfoot, focused on keeping the project alive with up-to-date dependencies and modern container delivery. It deliberately ships a single slim Docker image rather than the bundled "full" image, see A note on the Docker image below. Parts of this fork were built with the help of AI. AI wrote a fair share of the code, and I read all of it. If something breaks, blame AI. If it works, blame AI.

What's New in spiderfoot-ng

Improvements this fork adds on top of upstream SpiderFoot:

• Redesigned New Scan page: a reactive tri-column view (Profiles · Required Data · Modules) that shows exactly which modules will run and what data they'll collect before you start. Selecting a profile or the data you care about checks the right modules live, with inline flags for modules that are invasive, slow, or need an API key. Built-in profiles are starting templates you can fine-tune freely.
• Saved custom scan profiles: save any module selection as a named profile and reuse it, listed right alongside the built-in ones.
• Modern interactive network graph: a live-updating, colour-coded force graph (Cytoscape) that streams in new nodes as a scan runs. Click to highlight a node's connections and copy its value; filter or hide whole event types; hidden connectors stay greyed so the structure is preserved.
• Scan timing: a live elapsed/duration timer on the scan view, plus a sortable Duration column on the scan list.
• Modernized stack: tested on Python 3.10–3.14 with updated dependencies, and ships as a single slim Docker image (no bundled "full" image upsell, also no marketing footer).

Features

• Web-based UI or CLI
• Over 200 modules (see the modules table below)
• YAML-configurable correlation engine with 37 pre-defined rules
• CSV / JSON / GEXF export
• API key export/import
• SQLite back-end for custom querying
• Highly configurable
• TOR integration for dark web searching
• Can call other CLI tools like DNSTwist, WhatWeb, Nmap, and CMSeeK if installed on the host

A Note on the Docker Image

spiderfoot-ng ships a single slim image (ghcr.io/sammothxc/spiderfoot-ng:latest). The original SpiderFoot project shipped a separate "full" image bundling Nuclei, WhatWeb, dnstwist, CMSeeK, TruffleHog and other third-party CLI tools — we don't. The maintenance burden of tracking ~12 unrelated upstream projects was disproportionate to the benefit, and most users only use a small subset of the OSINT modules.

If you need those tools, install them on your host (or in sidecar containers) and configure their binary paths in the SpiderFoot UI under each module's settings. The archived/full-image git tag preserves the last working configuration if you want to adapt it.

Uses

spiderfoot-ng can be used offensively (e.g. in a red team exercise or penetration test) for reconnaissance of a target, or defensively to gather information about what your organisation might have exposed on the Internet.

Scan targets can include:

• IP address
• Domain/sub-domain name
• Hostname
• Network subnet (CIDR)
• ASN
• E-mail address
• Phone number
• Username
• Person's name
• Bitcoin address

The 200+ modules feed each other in a publisher/subscriber model to do things like:

• Host / sub-domain / TLD enumeration
• Email address, phone number, and human name extraction
• Bitcoin and Ethereum address extraction
• Sub-domain hijacking susceptibility checks
• DNS zone transfers
• Threat intelligence and blacklist queries
• API integration with SHODAN, HaveIBeenPwned, GreyNoise, AlienVault, SecurityTrails, etc.
• Social media account enumeration
• S3 / Azure / DigitalOcean bucket enumeration
• IP geo-location
• Web scraping and content analysis
• Image, document, and binary metadata analysis
• Dark web searches
• Port scanning and banner grabbing
• Data breach searches

Installing and Running

Docker (recommended)

docker run -p 5001:5001 -v ./data:/var/lib/spiderfoot ghcr.io/sammothxc/spiderfoot-ng:latest

Then open http://localhost:5001.

For Docker Compose, Dockge, and other stack managers:

services:
  spiderfoot:
    image: ghcr.io/sammothxc/spiderfoot-ng:latest
    container_name: spiderfoot
    ports:
      - "5001:5001"
    volumes:
      - ./data:/var/lib/spiderfoot
    restart: unless-stopped

If ./data is owned by your host user, you may need to chown -R 1000:1000 ./data so the container's spiderfoot user can write to it.

From source

git clone https://github.com/sammothxc/spiderfoot-ng.git
cd spiderfoot-ng
pip3 install -r requirements.txt
python3 ./sf.py -l 127.0.0.1:5001

Requires Python 3.10 or newer.

Security

By default the web UI has no authentication; anyone who can reach the host/port can run scans and read results.

To require a login, enable HTTP authentication any of these ways:

• Environment variable (recommended for Docker): set SPIDERFOOT_PASSWORD (and optionally SPIDERFOOT_USER, default admin).

  docker run -p 5001:5001 -e SPIDERFOOT_USER=admin -e SPIDERFOOT_PASSWORD=changeme \
    -v ./data:/var/lib/spiderfoot ghcr.io/sammothxc/spiderfoot-ng:latest
  

• Command line: --pass <password> (and optionally --user <username>). Prefer the env var where possible, a CLI password can be visible in the process list.

• Password file: create ~/.spiderfoot/passwd with one or more username:password lines (supports multiple users).

Releasing

The version number lives in spiderfoot/__version__.py (canonical) and is mirrored to the VERSION file. Both are updated automatically — never edit them by hand.

To cut a release, run one command (installs with pip install -r test/requirements.txt):

bump-my-version bump patch   # bug fixes:        4.0.2 -> 4.0.3
bump-my-version bump minor   # new features:     4.0.2 -> 4.1.0
bump-my-version bump major   # breaking changes: 4.0.2 -> 5.0.0

This updates the version files, commits, and creates a vX.Y.Z git tag. Push the tag (git push --follow-tags) to trigger the Docker image publish workflow.

Writing Correlation Rules

There's a comprehensive write-up of the correlation rule-set here.

Also take a look at the template.yaml file for a walk-through. The existing 37 rules are quite readable and good as starting points.

Modules and Integrations

spiderfoot-ng has over 200 modules, most of which don't require API keys, and many of those that do have a free tier.

Free APIs

Name	Description
abuse.ch	Check if a host/domain, IP address or netblock is malicious according to Abuse.ch.
AdGuard DNS	Check if a host would be blocked by AdGuard DNS.
Ahmia	Search Tor 'Ahmia' search engine for mentions of the target.
AlienVault IP Reputation	Check if an IP or netblock is malicious according to the AlienVault IP Reputation database.
Amazon S3 Bucket Finder	Search for potential Amazon S3 buckets associated with the target and attempt to list their contents.
Apple iTunes	Search Apple iTunes for mobile apps.
Archive.org	Identifies historic versions of interesting files/pages from the Wayback Machine.
ARIN	Queries ARIN registry for contact information.
Azure Blob Finder	Search for potential Azure blobs associated with the target and attempt to list their contents.
BGPView	Obtain network information from BGPView API.
BitcoinAbuse	Check Bitcoin addresses against the bitcoinabuse.com database of suspect/malicious addresses.
Blockchain	Queries blockchain.info to find the balance of identified bitcoin wallet addresses.
blocklist.de	Check if a netblock or IP is malicious according to blocklist.de.
botvrij.eu	Check if a domain is malicious according to botvrij.eu.
CallerName	Lookup US phone number location and reputation information.
Certificate Transparency	Gather hostnames from historical certificates in crt.sh.
CINS Army List	Check if a netblock or IP address is malicious according to Collective Intelligence Network Security (CINS) Army list.
CIRCL.LU	Obtain information from CIRCL.LU's Passive DNS and Passive SSL databases.
CleanBrowsing.org	Check if a host would be blocked by CleanBrowsing.org DNS content filters.
CleanTalk Spam List	Check if a netblock or IP address is on CleanTalk.org's spam IP list.
CloudFlare DNS	Check if a host would be blocked by CloudFlare DNS.
CoinBlocker Lists	Check if a domain appears on CoinBlocker lists.
CommonCrawl	Searches for URLs found through CommonCrawl.org.
Crobat API	Search Crobat API for subdomains.
CRXcavator	Search CRXcavator for Chrome extensions.
CyberCrime-Tracker.net	Check if a host/domain or IP address is malicious according to CyberCrime-Tracker.net.
Debounce	Check whether an email is disposable
Digital Ocean Space Finder	Search for potential Digital Ocean Spaces associated with the target and attempt to list their contents.
DNS for Family	Check if a host would be blocked by DNS for Family.
DNSDumpster	Passive subdomain enumeration using HackerTarget's DNSDumpster
DNSGrep	Obtain Passive DNS information from Rapid7 Sonar Project using DNSGrep API.
DroneBL	Query the DroneBL database for open relays, open proxies, vulnerable servers, etc.
DuckDuckGo	Query DuckDuckGo's API for descriptive information about your target.
EmailFormat	Look up e-mail addresses on email-format.com.
Emerging Threats	Check if a netblock or IP address is malicious according to EmergingThreats.net.
Etherscan	Queries etherscan.io to find the balance of identified ethereum wallet addresses.
Flickr	Search Flickr for domains, URLs and emails related to the specified domain.
FortiGuard Antispam	Check if an IP address is malicious according to FortiGuard Antispam.
Github	Identify associated public code repositories on Github.
Google Object Storage Finder	Search for potential Google Object Storage buckets associated with the target and attempt to list their contents.
Google SafeBrowsing	Check if the URL is included on any of the Safe Browsing lists.
Gravatar	Retrieve user information from Gravatar API.
Greensnow	Check if a netblock or IP address is malicious according to greensnow.co.
grep.app	Search grep.app API for links and emails related to the specified domain.
HackerOne (Unofficial)	Check external vulnerability scanning/reporting service h1.nobbd.de to see if the target is listed.
HackerTarget	Search HackerTarget.com for hosts sharing the same IP.
Hybrid Analysis	Search Hybrid Analysis for domains and URLs related to the target.
Internet Storm Center	Check if an IP address is malicious according to SANS ISC.
Keybase	Obtain additional information about domain names and identified usernames.
Leak-Lookup	Searches Leak-Lookup.com's database of breaches.
LeakIX	Search LeakIX for host data leaks, open ports, software and geoip.
Maltiverse	Obtain information about any malicious activities involving IP addresses
Mnemonic PassiveDNS	Obtain Passive DNS information from PassiveDNS.mnemonic.no.
multiproxy.org Open Proxies	Check if an IP address is an open proxy according to multiproxy.org open proxy list.
MySpace	Gather username and location from MySpace.com profiles.
Onion.link	Search Tor 'Onion City' search engine for mentions of the target domain using Google Custom Search.
Onionsearchengine.com	Search Tor onionsearchengine.com for mentions of the target domain.
Open Bug Bounty	Check external vulnerability scanning/reporting service openbugbounty.org to see if the target is listed.
OpenDNS	Check if a host would be blocked by OpenDNS.
OpenNIC DNS	Resolves host names in the OpenNIC alternative DNS system.
OpenPhish	Check if a host/domain is malicious according to OpenPhish.com.
OpenStreetMap	Retrieves latitude/longitude coordinates for physical addresses from OpenStreetMap API.
PhishStats	Check if a netblock or IP address is malicious according to PhishStats.
PhishTank	Check if a host/domain is malicious according to PhishTank.
Project Honey Pot	Query the Project Honey Pot database for IP addresses.
Psbdmp	Check psbdmp.cc (PasteBin Dump) for potentially hacked e-mails and domains.
PunkSpider	Check the QOMPLX punkspider.io service to see if the target is listed as vulnerable.
Quad9	Check if a host would be blocked by Quad9 DNS.
ReverseWhois	Reverse Whois lookups using reversewhois.io.
RIPE	Queries the RIPE registry (includes ARIN data) to identify netblocks and other info.
Robtex	Search Robtex.com for hosts sharing the same IP.
searchcode	Search searchcode for code repositories mentioning the target domain.
Skymem	Look up e-mail addresses on Skymem.
SlideShare	Gather name and location from SlideShare profiles.
SORBS	Query the SORBS database for open relays, open proxies, vulnerable servers, etc.
SpamCop	Check if a netblock or IP address is in the SpamCop database.
Spamhaus Zen	Check if a netblock or IP address is in the Spamhaus Zen database.
Steven Black Hosts	Check if a domain is malicious (malware or adware) according to Steven Black Hosts list.
Sublist3r PassiveDNS	Passive subdomain enumeration using Sublist3r's API
SURBL	Check if a netblock, IP address or domain is in the SURBL blacklist.
Talos Intelligence	Check if a netblock or IP address is malicious according to TalosIntelligence.
ThreatCrowd	Obtain information from ThreatCrowd about identified IP addresses, domains and e-mail addresses.
ThreatFox	Check if an IP address is malicious according to ThreatFox.
ThreatMiner	Obtain information from ThreatMiner's database for passive DNS and threat intelligence.
TOR Exit Nodes	Check if an IP adddress or netblock appears on the Tor Metrics exit node list.
TORCH	Search Tor 'TORCH' search engine for mentions of the target domain.
Trumail	Check whether an email is disposable
Twitter	Gather name and location from Twitter profiles.
UCEPROTECT	Check if a netblock or IP address is in the UCEPROTECT database.
URLScan.io	Search URLScan.io cache for domain information.
Venmo	Gather user information from Venmo API.
VoIP Blacklist (VoIPBL)	Check if an IP address or netblock is malicious according to VoIP Blacklist (VoIPBL).
VXVault.net	Check if a domain or IP address is malicious according to VXVault.net.
WiGLE	Query WiGLE to identify nearby WiFi access points.
Wikileaks	Search Wikileaks for mentions of domain names and e-mail addresses.
Wikipedia Edits	Identify edits to Wikipedia articles made from a given IP address or username.
Yandex DNS	Check if a host would be blocked by Yandex DNS.
Zone-H Defacement Check	Check if a hostname/domain appears on the zone-h.org 'special defacements' RSS feed.

Tiered APIs (free tier + paid plans)

Name	Description
AbstractAPI	Look up domain, phone and IP address information from AbstractAPI.
AbuseIPDB	Check if an IP address is malicious according to AbuseIPDB.com blacklist.
Abusix Mail Intelligence	Check if a netblock or IP address is in the Abusix Mail Intelligence blacklist.
AdBlock Check	Check if linked pages would be blocked by AdBlock Plus.
AlienVault OTX	Obtain information from AlienVault Open Threat Exchange (OTX)
BinaryEdge	Obtain information from BinaryEdge.io Internet scanning systems, including breaches, vulnerabilities, torrents and passive DNS.
Bing	Obtain information from bing to identify sub-domains and links.
Bing (Shared IPs)	Search Bing for hosts sharing the same IP.
Bitcoin Who's Who	Check for Bitcoin addresses against the Bitcoin Who's Who database of suspect/malicious addresses.
BotScout	Searches BotScout.com's database of spam-bot IP addresses and e-mail addresses.
BuiltWith	Query BuiltWith.com's Domain API for information about your target's web technology stack, e-mail addresses and more.
Censys	Obtain host information from Censys.io.
CertSpotter	Gather information about SSL certificates from SSLMate CertSpotter API.
Clearbit	Check for names, addresses, domains and more based on lookups of e-mail addresses on clearbit.com.
Comodo Secure DNS	Check if a host would be blocked by Comodo Secure DNS.
DNSDB	Query FarSight's DNSDB for historical and passive DNS data.
EmailCrawlr	Search EmailCrawlr for email addresses and phone numbers associated with a domain.
EmailRep	Search EmailRep.io for email address reputation.
Focsec	Look up IP address information from Focsec.
Fraudguard	Obtain threat information from Fraudguard.io
FullContact	Gather domain and e-mail information from FullContact.com API.
FullHunt	Identify domain attack surface using FullHunt API.
GLEIF	Look up company information from Global Legal Entity Identifier Foundation (GLEIF).
Google	Obtain information from the Google Custom Search API to identify sub-domains and links.
Google Maps	Identifies potential physical addresses and latitude/longitude coordinates.
Grayhat Warfare	Find bucket names matching the keyword extracted from a domain from Grayhat API.
GreyNoise	Obtain IP enrichment data from GreyNoise
GreyNoise Community	Obtain IP enrichment data from GreyNoise Community API
Host.io	Obtain information about domain names from host.io.
Hunter.io	Check for e-mail addresses and names on hunter.io.
Iknowwhatyoudownload.com	Check iknowwhatyoudownload.com for IP addresses that have been using torrents.
IntelligenceX	Obtain information from IntelligenceX about identified IP addresses, domains, e-mail addresses and phone numbers.
ipapi.co	Queries ipapi.co to identify geolocation of IP Addresses using ipapi.co API
ipapi.com	Queries ipapi.com to identify geolocation of IP Addresses using ipapi.com API
IPInfo.io	Identifies the physical location of IP addresses identified using ipinfo.io.
IPQualityScore	Determine if target is malicious using IPQualityScore API
ipregistry	Query the ipregistry.co database for reputation and geo-location.
ipstack	Identifies the physical location of IP addresses identified using ipstack.com.
JsonWHOIS.com	Search JsonWHOIS.com for WHOIS records associated with a domain.
Koodous	Search Koodous for mobile apps.
MalwarePatrol	Searches malwarepatrol.net's database of malicious URLs/IPs.
MetaDefender	Search MetaDefender API for IP address and domain IP reputation.
NameAPI	Check whether an email is disposable
NetworksDB	Search NetworksDB.io API for IP address and domain information.
NeutrinoAPI	Search NeutrinoAPI for phone location information, IP address information, and host reputation.
numverify	Lookup phone number location and carrier information from numverify.com.
Onyphe	Check Onyphe data (threat list, geo-location, pastries, vulnerabilities) about a given IP.
OpenCorporates	Look up company information from OpenCorporates.
PasteBin	PasteBin search (via Google Search API) to identify related content.
Pulsedive	Obtain information from Pulsedive's API.
RiskIQ	Obtain information from RiskIQ's (formerly PassiveTotal) Passive DNS and Passive SSL databases.
SecurityTrails	Obtain Passive DNS and other information from SecurityTrails
SHODAN	Obtain information from SHODAN about identified IP addresses.
Snov	Gather available email IDs from identified domains
Social Media Profile Finder	Tries to discover the social media profiles for human names identified.
SpyOnWeb	Search SpyOnWeb for hosts sharing the same IP address, Google Analytics code, or Google Adsense code.
StackOverflow	Search StackOverflow for any mentions of a target domain. Returns potentially related information.
TextMagic	Obtain phone number type from TextMagic API
Threat Jammer	Check if an IP address is malicious according to ThreatJammer.com
Trashpanda	Queries Trashpanda to gather intelligence about mentions of target in pastesites
Twilio	Obtain information from Twilio about phone numbers. Ensure you have the Caller Name add-on installed in Twilio.
ViewDNS.info	Identify co-hosted websites and perform reverse Whois lookups using ViewDNS.info.
VirusTotal	Obtain information from VirusTotal about identified IP addresses.
WhatCMS	Check web technology using WhatCMS.org API.
XForce Exchange	Obtain IP reputation and passive DNS information from IBM X-Force Exchange.
Zetalytics	Query the Zetalytics database for hosts on your target domain(s).
ZoneFile.io	Search ZoneFiles.io Domain query API for domain information.

Commercial APIs (paid only)

Name	Description
C99	Queries the C99 API which offers various data (geo location, proxy detection, phone lookup, etc).
Dehashed	Gather breach data from Dehashed API.
F-Secure Riddler.io	Obtain network information from F-Secure Riddler.io API.
HaveIBeenPwned	Check HaveIBeenPwned.com for hacked e-mail addresses identified in breaches.
ProjectDiscovery Chaos	Search for hosts/subdomains using chaos.projectdiscovery.io
Seon	Queries seon.io to gather intelligence about IP Addresses, email addresses, and phone numbers
Social Links	Queries SocialLinks.io to gather intelligence from social media platforms and dark web.
spur.us	Obtain information about any malicious activities involving IP addresses found
Whoisology	Reverse Whois lookups using Whoisology.com.
Whoxy	Reverse Whois lookups using Whoxy.com.

Internal modules (no external service)

Name	Description
Account Finder	Look for possible associated accounts on over 500 social and other websites such as Instagram, Reddit, etc.
Base64 Decoder	Identify Base64-encoded strings in URLs, often revealing interesting hidden information.
Binary String Extractor	Attempt to identify strings in binary content.
Bitcoin Finder	Identify bitcoin addresses in scraped webpages.
Company Name Extractor	Identify company names in any obtained data.
Cookie Extractor	Extract Cookies from HTTP headers.
Country Name Extractor	Identify country names in any obtained data.
Credit Card Number Extractor	Identify Credit Card Numbers in any data
Cross-Referencer	Identify whether other domains are associated ('Affiliates') of the target by looking for links back to the target site(s).
Custom Threat Feed	Check if a host/domain, netblock, ASN or IP is malicious according to your custom feed.
DNS Brute-forcer	Attempts to identify hostnames through brute-forcing common names and iterations.
DNS Common SRV	Attempts to identify hostnames through brute-forcing common DNS SRV records.
DNS Look-aside	Attempt to reverse-resolve the IP addresses next to your target to see if they are related.
DNS Raw Records	Retrieves raw DNS records such as MX, TXT and others.
DNS Resolver	Resolves hosts and IP addresses identified, also extracted from raw content.
DNS Zone Transfer	Attempts to perform a full DNS zone transfer.
E-Mail Address Extractor	Identify e-mail addresses in any obtained data.
Error String Extractor	Identify common error messages in content like SQL errors, etc.
Ethereum Address Extractor	Identify ethereum addresses in scraped webpages.
File Metadata Extractor	Extracts meta data from documents and images.
Hash Extractor	Identify MD5 and SHA hashes in web content, files and more.
Hosting Provider Identifier	Find out if any IP addresses identified fall within known 3rd party hosting ranges, e.g. Amazon, Azure, etc.
Human Name Extractor	Attempt to identify human names in fetched content.
IBAN Number Extractor	Identify International Bank Account Numbers (IBANs) in any data.
Interesting File Finder	Identifies potential files of interest, e.g. office documents, zip files.
Junk File Finder	Looks for old/temporary and other similar files.
Page Information	Obtain information about web pages (do they take passwords, do they contain forms, etc.)
PGP Key Servers	Look up domains and e-mail addresses in PGP public key servers.
Phone Number Extractor	Identify phone numbers in scraped webpages.
Port Scanner - TCP	Scans for commonly open TCP ports on Internet-facing systems.
Similar Domain Finder	Search various sources to identify similar looking domain names, for instance squatted domains.
Social Network Identifier	Identify presence on social media networks such as LinkedIn, Twitter and others.
SSL Certificate Analyzer	Gather information about SSL certificates used by the target's HTTPS sites.
Strange Header Identifier	Obtain non-standard HTTP headers returned by web servers.
Subdomain Takeover Checker	Check if affiliated subdomains are vulnerable to takeover.
TLD Searcher	Search all Internet TLDs for domains with the same name as the target (this can be very slow.)
Web Analytics Extractor	Identify web analytics IDs in scraped webpages and DNS TXT records.
Web Framework Identifier	Identify the usage of popular web frameworks like jQuery, YUI and others.
Web Server Identifier	Obtain web server banners to identify versions of web servers being used.
Web Spider	Spidering of web-pages to extract content for searching.
Whois	Perform a WHOIS look-up on domain names and owned netblocks.

External tool integrations

Name	Description
Tool - CMSeeK	Identify what Content Management System (CMS) might be used.
Tool - DNSTwist	Identify bit-squatting, typo and other similar domains to the target using a local DNSTwist installation.
Tool - nbtscan	Scans for open NETBIOS nameservers on your target's network.
Tool - Nmap	Identify what Operating System might be used.
Tool - Nuclei	Fast and customisable vulnerability scanner.
Tool - onesixtyone	Fast scanner to find publicly exposed SNMP services.
Tool - Retire.js	Scanner detecting the use of JavaScript libraries with known vulnerabilities
Tool - snallygaster	Finds file leaks and other security problems on HTTP servers.
Tool - testssl.sh	Identify various TLS/SSL weaknesses, including Heartbleed, CRIME and ROBOT.
Tool - TruffleHog	Searches through git repositories for high entropy strings and secrets, digging deep into commit history.
Tool - WAFW00F	Identify what web application firewall (WAF) is in use on the specified website.
Tool - Wappalyzer	Wappalyzer indentifies technologies on websites.
Tool - WhatWeb	Identify what software is in use on the specified website.

Contributing

Pull requests, issues, and module additions are welcome. If you're fixing a bug or modernizing a dependency, please include a brief explanation of the root cause in the PR description.

License

MIT; see LICENSE. spiderfoot-ng is a fork of smicallef/spiderfoot; the original copyright is preserved per the MIT terms.