top of page
  • Writer's pictureotw

Open Source Intelligence(OSINT): Scraping Cryptocurrency Wallet Addresses and Balances

Updated: Dec 28, 2022

Welcome back, my aspiring OSINT investigators!

With the growth of the cryptocurrency market in recent years, has come the growth of cryptocurrency scams and thefts. As a result, there is tremendous demand for investigators conversant in crypto investigations. This is the first of many posts on how to investigate cryptocurrencies from an OSINT perspective.

In an earlier tutorial, I introduced you to the comprehensive OSINT tool, Spiderfoot. In this tutorial we will use Spiderfoot again to scrape Bitcoin addresses from websites and check their balances. This tool will enable you, as an investigator, to find and extract any bitcoin addresses on a website and check the balances of those wallets. Spiderfoot has special modules for doing just that.

Step #1: Download and install Spiderfoot

First, we need to download and install Spiderfoot, if you have not done so already.

Next, navigate to the new Spiderfoot directory;

kali > cd spiderfoot

Now, use pip3 to install the Spiderfoot requirements;

kali > sudo pip3 install -r requirements.txt

Now you are ready to use Spiderfoot in your crypto investigations!

Step #2: Spiderfoot CLI for Scraping Bitcoin Addresses

Rather than use the browser-based GUI as we did in the initial Spiderfoot tutorial, here we will be using the command-line Spiderfoot. Spiderfoot has specialized modules for doing a variety of OSINT tasks. In this case, we will need a module for;

1. scraping websites,

2. extracting bitcoin addresses from those scrapes, and

3. checking the blockchain for their balances.

We can extract these addresses and balances with Spiderfoot using following command;

kali > sudo ./ -m sfp_spider, sfp_bitcoin, sfp_blockchain -s -F BITCOIN_ADDRESS, BITCOIN_BALANCE -q


sudo gives us root privileges in Kali

./ startes the Spiderfoot python script

-m tells spiderfoot to use the following modules (sfp_spider, et al)

-s precedes the target website

-F format the output into BITCOIN_ADDRESS and BITCOIN_BALANCE

-q tells spiderfoot to be quiet and limit its output

When we run Spiderfoot against the well-known bitcoin information website,, we can see above that Spiderfoot extracts the bitcoin addresses and the balance for each address.


Cryptocurrencies, such as bitcoin, are becoming an increasingly important part of our economic ecosystem. In addition, they have become the center of scams and illegal activity due to the anonymous nature. To effectively investigate such illegal activity, the OSINT investigator must become conversant in techniques of uncovering key information on these currencies. Spiderfoot can be a useful tool to extract wallet addresses and balances from web sites.

For more information on OSINT investigation techniques, click here.

If you have been a victim of hacking or scams and need the help of an experienced and skilled investigator, click here.

6,466 views1 comment

Recent Posts

See All

1 Comment

Jan 03, 2023

Do you suspect your spouse of cheating, are you being overly paranoid or seeing signs of infidelity…Then he sure is cheating: I was in that exact same position when I met Henry through my best friend James who helped me hack into my boyfriend’s phone, it was like a miracle when he helped me clone my boyfriend’s phone and I got first-hand information from his phone. Now I get all his incoming and outgoing text messages, emails, call logs, web browsing history, photos and videos, instant messengers(facebook, whatsapp, bbm, IG etc) , GPS locations, phone taps to get live transmissions on all phone conversations. if you need help contact his gmail on ,, and you can also , whatsap…

bottom of page