Author: poppopjmp

This guide will help you run your first scan in minutes using either the Docker microservices deployment or the standalone mode. Follow these steps for a fast and successful start with SpiderFoot.

1. Clone and start the stack:

   git clone https://github.com/poppopjmp/spiderfoot.git
   cd spiderfoot
   cp .env.example .env
   # Edit .env — change passwords, uncomment profile sections as needed
   
   # Core only (5 services)
   docker compose -f docker-compose.yml up --build -d
   
   # Or full stack (all services except SSO)
   docker compose -f docker-compose.yml --profile full up --build -d

2. Open the Web UI:

   • Core mode: Navigate to http://localhost:3000
   • With proxy profile: Navigate to https://localhost
   • Log in with the default credentials (admin / admin).

   

3. Create a New Scan:

   • Click New Scan from the sidebar or dashboard.
   • Enter your target (e.g., example.com).
   • Select the target type and choose module categories.
   • Click Run Scan.

   

4. View Results:

   • Results appear in real time. The Dashboard shows active scans and key metrics.

   

   • Click any scan row to open the Scan Detail view with Summary, Browse, Graph, GeoMap, Correlations, and AI Report tabs.

   

5. Browse Data:

   • Use the Browse tab to filter by event type, risk level, and source module.

   

6. Visualize Relationships:

   • The Graph tab shows an interactive force-directed graph of entity relationships.

   

7. View Geographic Data:

   • The GeoMap tab plots discovered IP addresses on a world map with risk coloring.

   

8. Review Correlations:

   • The Correlations tab shows automated findings from the 94-rule YAML correlation engine.

   

9. Generate AI Reports:

   • The AI Report tab produces a comprehensive Cyber Threat Intelligence report using LLM analysis.

   

pip install -r requirements.txt
python sf.py -l 127.0.0.1:5001

Open http://127.0.0.1:5001 in your browser.

Run a scan directly from the CLI:

python sf.py -s example.com -t DOMAIN_NAME -m sfp_dnsresolve,sfp_ssl,sfp_whois

• Use python sf.py -M to list all modules.
• Use python sf.py -M <module> for help on a specific module.

Organize related scans into Workspaces for multi-target campaigns, recurring assessments, or team collaboration. Each workspace groups scans, tracks notes, and provides workspace-level analytics.

• If you have issues, see the Troubleshooting Guide.
• For help with modules, see the Modules Guide.
• For configuration and API keys, see the Configuration Guide.

Next: Configuration for API keys, advanced settings, and more tips.