Spyse is a search engine which can be used to identify internet assets and perform external reconnaissance easily. Results are delivered fast. Pentestlab has recently performed a review of the product and the results are presented in this article.

Subdomains of a particular domain can be easily discovered to aid in the process of asset discovery. Penetration testers and red teamers should be able to use it during Open Source Intelligence Assessments or while examining the external attack surface of their client. A records, DNS CNAME and version of TLS/SSL are also returned into the results. Since TLS and SSL are affected by a number of vulnerabilities it could be used as an initial step prior to any other tool.

Subdomains List

Spyse also performs web spidering on the target domain therefore information such as the links, robots.txt files and HTTP headers can also retrieved. This can aid towards fingerprinting of the existing technologies in use by the website in scope, identification of sensitive URL’s and mapping the application.

Application Mapping
HTTP Headers

Spyse has also the ability to discover other domains that exist on the same IP address. This is a common finding in penetration test reports since multiple domains on the same host increase the attack surface.

Domains on same IP

All the output can be downloaded in two formats:

  1. CSV (Comma-Separated Values)
  2. ND JSON (Newline Delimited JSON)
Data Formatting


Spyse can also perform vulnerability discovery by identifying open ports and matching the port discovery with a CVE (Common Vulnerabilities & Exposures) number. The search functionality also allows users of the service to search by CVE number:

CVE Number
Search CVE Numbers

During the port discovery banners and versions are also retrieved which could help to retrieve further information for reporting purposes and for correlations of versions with any existing vulnerabilities.

Open Ports


Passive reconnaissance it is the first step on every red team engagement or external security assessment. Spyse has the ability to return data back to the user very fast and with efficiency by performing a semi-automatic information gathering. Internal cyber security teams and penetration testers could benefit from the service especially if they have to perform recon in companies that have big external presence with multiple assets as Spyse can accelerate this kind of activities. Still not convinced? Give it a try!

Spyse Cybersecurity Search Engine

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s