Spyse CLI
The official command-line client for spyse.com.
NOTE: This tool is currently in the early stage beta and shouldn't be used in production.
Your feedback and suggestions are highly appreciated.
Supported Features
Targeted recon:
Gather associated targets:
- Subdomains lookup
- Reverse IP lookup
- Reverse NS lookup
- Reverse MX lookup
- Reverse PTR lookup
- Reverse AdSense ID lookup
- Reverse iTunes ID lookup
- Reverse Google Play ID lookup
- Reverse Google Analytics ID lookup
- Reverse Google Site Verification ID lookup
- Reverse Email lookup
Gather historical records
- Get historical DNS A records
- Get historical DNS AAAA records
- Get historical DNS CNAME records
- Get historical DNS TXT records
- Get historical DNS MX records
- Get historical DNS NS records
- Get historical WHOIS records
Custom Internet-wide assets search:
Installation
NOTE: Spyse API token is required to use this tool.
API tokens are available only for registered users on their account page.
For more information about the API, please check the API Reference.
Using Docker:
docker build -t spysecli .
echo "tesla.com" | docker run --interactive spysecli --api_token=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx subdomains
Using pip
pip3 install spysecli
spysecli --api_token=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -h
# API token also can be read from environment
export SPYSE_API_KEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
spysecli -h
Using as a library
This repository is about CLI only. If you want to integrate spyse.com into your application, you should check out our SDKs.
Official:
Community:
Using the client
Targeted recon:
Get Domain details
Get DNS records, SSL/TLS certificate, structured HTTP response, technologies, potential vulnerabilities, and other details about domain by its name.
# Command example:
echo "tesla.com" | spysecli domain
# Examples of valid input lines:
domain.com
https://example.com
https://example.com/path
Get IPv4 host details
Get Open ports, autonomous system number/organization, ISP, technologies, ip reputation and abuse reports, structured HTTP response, potential vulnerabilities, and other details about IP address.
# Command example:
echo "8.8.8.8" | spysecli ip
# Examples of valid input lines:
8.8.8.8
8.8.8.0/24
Get Autonomous System details
Get associated organization, IPv4 prefixes, IPv6 prefixes, and other details about autonomous system.
# Command example:
echo "AS15169" | spysecli as
# Examples of valid input lines:
AS15169
as15169
15169
Get Email details
Get a list of sources in which an email was seen.
# Command example:
echo "[email protected]" | spysecli email
# Examples of valid input lines:
[email protected]
Gather associated targets:
Subdomains lookup
Find subdomains of a target domain
# Command example:
echo "tesla.com" | spysecli subdomains
# Examples of valid input lines:
domain.com
https://example.com
https://example.com/path
Reverse IP lookup
Find domains hosted on IPv4 host
# Command example:
echo "8.8.8.8" | spysecli reverse-ip
# Examples of valid input lines:
8.8.8.8
8.8.8.0/24
Reverse NS lookup
Shows which domains are using given name server
# Command example:
echo "ns1.google.com" | spysecli reverse-ns
# Examples of valid input lines:
ns1.domain.com
Reverse MX lookup
Shows which domains are using given mail server
# Command example:
echo "mx.google.com" | spysecli reverse-mx
# Examples of valid input lines:
mx.google.com
Reverse PTR lookup
Shows which IPv4 hosts are using given PTR record
# Command example:
echo "google.com" | spysecli reverse-ptr
# Examples of valid input lines:
domain.com
Reverse AdSense ID lookup
Find all domains sharing the same AdSense ID
# Command example:
echo "1234567891234567" | spysecli reverse-adsense
# Examples of valid input lines:
pub-1234567891234567
1234567891234567
Reverse iTunes ID lookup
Find all domains sharing the same iTunes app ID
# Command example:
echo "1188352635" | spysecli reverse-itunes
# Examples of valid input lines:
1188352635
Reverse Google Play ID lookup
Find all domains sharing the same Google Play app ID
# Command example:
echo "google.com" | spysecli reverse-google-play
# Examples of valid input lines:
domain.com
Reverse Google Analytics ID lookup
Find all domains sharing the same Google Analytics ID
# Command example:
echo "UA-12345-12" | spysecli reverse-google-analytics
# Examples of valid input lines:
UA-12345-12
Reverse Google Site Verification ID lookup
Find all domains sharing the same Google site verification code
# Command example:
echo "rXOxyZounnZasA8Z7oaD3c14JdjS9aKSWvsR1EbUSIQ" | spysecli reverse-google-site-verification
# Examples of valid input lines:
rXOxyZounnZasA8Z7oaD3c14JdjS9aKSWvsR1EbUSIQ
Reverse Email lookup
Find all websites mentioning the same email address on the homepage
# Command example:
echo "[email protected]" | spysecli reverse-email
# Examples of valid input lines:
[email protected]
Gather historical records
Get historical DNS A records
Get historical DNS A records
# Command example:
echo "google.com" | spysecli history-dns-a
# Examples of valid input lines:
domain.com
Get historical DNS AAAA records
Get historical DNS AAAA records
# Command example:
echo "google.com" | spysecli history-dns-aaaa
# Examples of valid input lines:
domain.com
Get historical DNS CNAME records
Get historical DNS CNAME records
# Command example:
echo "google.com" | spysecli history-dns-cname
# Examples of valid input lines:
domain.com
Get historical DNS TXT records
Get historical DNS TXT records
# Command example:
echo "google.com" | spysecli history-dns-txt
# Examples of valid input lines:
domain.com
Get historical DNS MX records
Get historical DNS MX records
# Command example:
echo "google.com" | spysecli history-dns-mx
# Examples of valid input lines:
domain.com
Get historical DNS NS records
Get historical DNS NS records
# Command example:
echo "google.com" | spysecli history-dns-ns
# Examples of valid input lines:
domain.com
Get historical WHOIS records
Get historical DNS WHOIS records
# Command example:
echo "google.com" | spysecli history-whois
# Examples of valid input lines:
domain.com
Custom search for domains
Returns a list of domains that matched the search query.
Use API docs and Spyse Advanced Search to craft your own request.
# Command example:
echo '{"search_params":[{"name":{"operator":"ends","value":".spyse.com"}}]}' | spysecli search-domains
Custom search for IPv4 hosts
Returns a list of IPv4 hosts that matched the search query.
Use API docs and Spyse Advanced Search to craft your own request.
# Command example:
echo '{"search_params":[{"open_port":{"operator":"eq","value":"22"}}]}' | spysecli search-ip