Purpose: Queries Hudson Rock's Cavalier OSINT API for infostealer intelligence. Searches for compromised credentials, infected machines, and stealer malware data associated with domains, emails, usernames, and phone numbers. Hudson Rock aggregates data from millions of computers compromised by infostealer malware worldwide.

Category: Leaks, Dumps and Breaches

• No API key required — uses Hudson Rock's free OSINT endpoint.
• Watches for DOMAIN_NAME, INTERNET_NAME, EMAILADDR, USERNAME, and PHONE_NUMBER events.
• Can be run from the web UI or CLI:

  python sf.py -s example.com -t DOMAIN_NAME -m sfp_hudsonrock
  python sf.py -s [email protected] -t EMAILADDR -m sfp_hudsonrock

Hudson Rock Infostealer Intelligence for example.com
Total compromised credentials: 1247
Employees: 89 | Users: 1102 | Third-parties: 56
Top stealer families: RedLine: 412, Lumma: 298, Raccoon: 187, Vidar: 95
Employee passwords: 89 total, 48.8% weak, 29.2% strong
User passwords: 1102 total, 67.0% weak, 20.7% strong

[email protected] [Hudson Rock - Infostealer]
Hudson Rock [[email protected]]: Date: 2026-01-15T10:00:00.000Z | Host: DESKTOP-ABC | OS: Windows 11 | Stealer: Lumma | Malware: C:\Users\test\malware.exe | IP: 192.168.1.1 | AV: Windows Defender

• None — Hudson Rock's Cavalier OSINT API is free and requires no authentication.

• Combine with sfp_haveibeenpwned and sfp_leakcheck for comprehensive breach/leak coverage.
• Use domain queries to assess organizational exposure to infostealer campaigns.
• Employee credential compromise findings can indicate active risk of account takeover.
• Stealer family data helps identify which malware campaigns targeted an organization.

• Hudson Rock Free Tools
• Cavalier API Documentation
• GitHub Issue #324

Module added in response to Issue #324 — Hudson Rock Infostealer Intelligence Integration.