top of page
  • Writer's pictureotw

Open Source Intelligence (OSINT), Spyse, Part 1: Finding Critical Information about a Domain

Updated: Dec 28, 2022

Welcome back, my open source intelligence (OSINT) investigators.

In previous tutorials, we have examined numerous web services that compile key information that is useful to pentesters, hackers and bug hunters. These include;

These are all great tools but I'm going to show you a new kid on the block who might be the best! Not only can you use it to find all the information available in those services in one place and it has an easy-to-use, intuitive interface, but the data is maintained to always give you the most current information.

What is Spyse

Spyse is an internet asset registry with over 25GB of data on targets from around the world. It was specifically designed to help bug bounty hunters, pentesters, open source investigators and cybersecurity engineers to:

  1. Find targets for bug bounty hunting

  2. Analyze your own infrastructure and your vendors for potential risks to your company

  3. Investigations

  4. Research of very large datasets

Spyse Data Collection

One of the features that makes Spyse so unique is its data gathering. Spyse uses 60 servers around the world to gather data. By placing these servers in geographically distinct area, it avoids rate, geolocation and ISP blockage. Spyse uses qualitative data gathering with 38 self-developing scanners that unite their data into a single scanning pipeline. This means that Spyse's data avoids the issue of old and outdated data that plague the other global scanners. By scanning the globe continuously, Spyse can update;

  1. IPv4 ranges in less than 4 weeks

  2. Domains in less than 2 months

  3. All other data updates daily

Spyse also has a number of powerful features for finding security vulnerabilities.

Part #1: Using Spyse to Research a Domain

To begin using Spyse, go to the home page From there, I suggest you open a trial account. This is free and gives you all of the privileges of a standard account for a limited number of days.

From the Spyse home page, you can conduct research on your target from 8 different angles;

  1. Domain

  2. IP Address

  3. AS

  4. CIDR

  5. Certificate

  6. Technology

  7. CVE

  8. Organization

In this tutorial, let's begin with a generic search of a domain, specifically Click on the pull down menu and select Domain. Next, enter the name of the domain.

Once you click on ENTER, Spyse takes a few seconds to retrieve all the data it has accumulated on that domain. It begins by providing general information about the domain such as title, description and Alexa rank, followed by the DNS records (similar to those you would receive using the dig command in Linux).

In the next window, Spyse summarizes the security of the site with a comprehensive score in the upper left corner of this screenshot (100 for and the technologies employed in the site (similar to Netcraft and BuiltWith).

If we scroll down the page, we can see the Certificates, Subdomains and WhoIs listing.

Finally, near the bottom of the page you will find information about the Organization and any scraped emails from the site (similar to the results available using theHarvester).

Part 2: Finding Vulnerable Targets

Spyse enables you to do advanced searches where you can do searches for detailed information about sites. For instance, we can search for Microsoft SharePoint servers (CVE-2019-0604) that were actively used in past weeks by ransomware group WickrMe/Hello. This search reveals that nearly 24,000 servers are being actively used by this ransomware group!

We can construct the advanced search like that below...

...and Spyse returns a list of 23.7K sites meeting this criteria with key information .


Spyse is a new internet data collector, aggregator and analysis web site that incorporates the functionality of multiple similar sites into single interface. In addition, the data is always up-to-date, making it especially useful in your security assessments and research. In future Spyse tutorials, I will show you how to use Spyse to find particular vulnerabilities, technologies and advanced searches crucial to your security assessments.

5,586 views2 comments

2 komentarai


i know of a very good hacker that can help you with any type of hacking, either phones or computers. My husband was so smooth at hiding his infidelity so I had no proof for months, I was referred to some hacker and decided to give him a try.. the result was incredible because all my cheating husband’s text messages, emails , facebook and even phone conversations was wired directly to my cellphone. Computerguru helped me put a round-the-clock monitoring on him and I got concrete evidence of his escapades..if you think your spouse is an expert at hiding his cheating adventure, you can contact them too at HENRYCLARKETHICALHACKER@GMAIL.COM on whatsapp12622367526.


Hey everyone , I don’t really know much about this hacking things but I can direct you to a professional hacking company who helped me to track and hack my boyfriend’s iPhone and his Facebook respectively.. If you need to check on your partner’s sincerity, employee’s honesty, recover your email passwords, Social networks (i.e Facebook, Twitter, IG), change your school grades, clear your criminal records, gain access to bank accounts,spy on phone. you can just contact them at … Their charges are minimal and negotiable contact them at Henryclarkethicalhacker @ gmail, com]..tell him you are from me or text him or whatsapp +1 8 1 3 4 2 1 1 3 2 6…. You can thank me later.

bottom of page