SecureFlow Intel is an open-source OSINT threat intelligence platform with an event-driven module system for automated reconnaissance. With 200+ data collection modules, it aggregates intelligence from DNS records, WHOIS data, threat feeds, network infrastructure, and more.
graph LR
A[Target Input] --> B[OSINT Engine]
B --> C[Module Runner]
C --> D[DNS Recon]
C --> E[Threat Feeds]
C --> F[CVE Lookup]
C --> G[Network Discovery]
D --> H[Event Correlator]
E --> H
F --> H
G --> H
H --> I[Data Store]
I --> J[Web Dashboard]
I --> K[REST API]
- Event-driven module system for extensible OSINT collection
- 200+ reconnaissance modules covering DNS, WHOIS, threat feeds, CVE lookup
- Threat intelligence feed integration (VirusTotal, AlienVault, Shodan, etc.)
- CVE and vulnerability lookup with correlation
- Web UI with scan management, reporting, and visualization
- REST API for programmatic access and automation
pip install -r requirements.txt python sf.py -l 127.0.0.1:5001
Then open http://127.0.0.1:5001 in your browser.
from secureflow_intel import SpiderFoot, SpiderFootTarget sf = SpiderFoot({}) target = SpiderFootTarget("example.com", "INTERNET_NAME") result = sf.fetchUrl("https://example.com")
secureflow-intel/ secureflow_intel/ - Core engine (plugin.py, event.py, db.py, target.py, correlation.py) modules/ - 230+ OSINT plugin modules (sfp_*.py) sf.py - Web server entry point sfcli.py - CLI interface sfwebui.py - CherryPy web application requirements.txt Dockerfile
Building SecureFlow Intel deepened my understanding of event-driven OSINT architecture and threat intelligence data correlation: linking IP addresses, domains, certificates, and threat feeds into a coherent graph of relationships is a powerful technique for discovering hidden attack surface.
Built upon SpiderFoot (https://github.com/smicallef/spiderfoot) by Steve Micallef (MIT License). SpiderFoot is the leading open-source OSINT automation platform. All reconnaissance logic and module architecture originate from SpiderFoot.
MIT -- see LICENSE for details.