What kind of data does Spyse provide?

Spyse provides cybersecurity data including information on domains, IP addresses, SSL certificates, open ports, WHOIS records, DNS records, and associated vulnerabilities (CVEs) collected through internet scanning.

Is there a free version of Spyse?

Yes, Spyse offers a free tier with limited daily requests, primarily for personal use and basic exploration of its features. Paid plans are available for higher usage limits and advanced capabilities.

What are the primary use cases for Spyse?

Spyse is primarily used for attack surface management, vulnerability research, threat hunting, and general cybersecurity investigations, helping users identify and monitor internet-facing assets and potential exposures.

Does Spyse offer an API?

Yes, Spyse provides a comprehensive API that allows developers to programmatically access its cybersecurity datasets, enabling integration with other security tools and custom applications.

What programming languages are supported by Spyse SDKs?

Spyse officially supports a Python SDK, which simplifies interaction with its API for Python developers by handling HTTP requests and data parsing.

How does Spyse compare to Shodan or Censys?

Spyse, Shodan, and Censys all provide internet intelligence by scanning and indexing internet-connected devices and assets. They differ in their specific data focus, query capabilities, and pricing models. Spyse aims for a broad dataset covering various asset types for comprehensive threat intelligence.

Is Spyse GDPR compliant?

Yes, Spyse states that it adheres to GDPR (General Data Protection Regulation) compliance standards in its data processing practices.

Spyse — Threat Intelligence and Attack Surface Management API

Overview

Spyse offers a cybersecurity intelligence platform and API that collects, processes, and indexes internet data for security analysis. Established in 2018, its core utility lies in providing comprehensive information about internet-facing assets, including domains, IP addresses, SSL/TLS certificates, open ports, and associated vulnerabilities. This data supports various cybersecurity operations, from proactive attack surface management to reactive threat hunting and incident response. The platform is designed for security researchers, penetration testers, and organizations seeking to monitor their digital footprint and identify potential exposures.

The Spyse API provides programmatic access to its extensive dataset, enabling developers to integrate threat intelligence directly into their security tools, SIEM systems, and custom applications. For instance, a security team can automate the discovery of newly exposed assets belonging to their organization or continuously scan for known vulnerabilities across their infrastructure. The data collected by Spyse is categorized and made searchable, allowing users to query for specific attributes such as DNS records, WHOIS information, and associated technologies. This granular access facilitates detailed investigations into potential threats and vulnerabilities.

Use cases for Spyse include:

Attack Surface Management: Organizations can identify and monitor all their internet-facing assets, including forgotten subdomains or misconfigured servers, to reduce their exposure to attacks.
Vulnerability Research: Security researchers can use Spyse to discover systems susceptible to specific CVEs or analyze the prevalence of certain software versions across the internet, similar to how platforms like Shodan index internet-connected devices for security intelligence.
Threat Hunting: Security analysts can proactively search for indicators of compromise (IOCs) or patterns associated with known threat actors across the Spyse dataset.
Cybersecurity Investigations: During incident response, Spyse can provide contextual information about suspicious IPs, domains, or certificates to aid in understanding attack vectors and scope.

The platform's data collection methodology involves continuous scanning and indexing of internet resources, similar to search engines but focused on security-relevant metadata. This approach aims to provide a near real-time view of the global internet's attack surface, helping users stay informed about changes that could impact their security posture. Spyse also offers a Python SDK to streamline API integration for developers, providing a structured way to interact with its data endpoints and retrieve information efficiently, as detailed in the Spyse API reference.

Key features

Cybersecurity Data API: Programmatic access to Spyse's extensive database of internet assets, including domains, IPs, SSL certificates, ASNs, and open ports, supporting automated data retrieval for security tools.
Threat Intelligence Platform: A web-based interface for interactive searching and analysis of cybersecurity data, enabling manual investigations and threat research.
Vulnerability Database: Integrated access to known vulnerabilities (CVEs) associated with discovered assets, helping users identify potential exposures within their infrastructure.
Asset Search Engine: Advanced search capabilities to query vast datasets by various parameters, such as technologies used, open ports, geographical location, or domain registration details.
Domain Data: Comprehensive information on domains, including WHOIS records, DNS records, subdomains, and associated IP addresses.
IP Data: Details on IP addresses, including geolocation, associated domains, open ports, and historical records.
SSL/TLS Certificate Data: Information extracted from SSL/TLS certificates, such as common names, organizational details, and certificate authority, useful for identifying legitimate or suspicious assets.
Python SDK: A software development kit designed to simplify interaction with the Spyse API for Python developers, abstracting HTTP requests and JSON parsing.

Pricing

Spyse offers a free tier with limited daily requests for personal use, allowing users to explore basic functionalities. Paid plans are structured to accommodate varying levels of query volume and feature access, starting with a 'Starter' plan and scaling up for professional and enterprise needs. Pricing is typically based on the number of API credits or queries permitted per month, with higher tiers offering increased limits and additional features such as historical data access or faster query processing.

Spyse Pricing Tiers (as of 2026-05-28)
Plan Name	Monthly Cost	Key Features
Free	$0	Limited daily requests, basic search access.
Starter	$29	Increased daily requests, full search capabilities, data export.
Professional	Custom	Higher request limits, advanced filters, historical data, priority support.
Enterprise	Custom	Highest request limits, custom integrations, dedicated account management.

For detailed and up-to-date pricing information, including specific credit allocations and feature breakdowns for each tier, users should consult the official Spyse pricing page.

Common integrations

The Spyse API is designed to integrate with various security tools and platforms to enrich existing workflows. Common integration patterns include:

SIEM Systems: Integrating Spyse data into Security Information and Event Management (SIEM) platforms to enhance threat detection and incident response capabilities by providing context for alerts.
Vulnerability Scanners: Feeding Spyse's asset and vulnerability data into vulnerability management solutions to ensure comprehensive coverage and prioritization of scanning efforts.
Security Orchestration, Automation, and Response (SOAR) Platforms: Automating data collection from Spyse as part of playbooks for incident investigation and threat intelligence gathering.
Custom Security Applications: Developers build custom tools to monitor specific assets, track changes in their digital footprint, or perform specialized security research using the Spyse API documentation.
Cloud Security Posture Management (CSPM) Tools: Augmenting CSPM solutions with external reconnaissance data to identify misconfigurations or exposures not visible from internal cloud scans.

Alternatives

For organizations evaluating cybersecurity data and threat intelligence platforms, several alternatives offer similar or complementary functionalities:

Shodan: Focuses on indexing internet-connected devices and services, providing insights into exposed ports, banners, and vulnerabilities.
Censys: Offers continuous internet-wide scanning for asset discovery and attack surface management, providing detailed host and certificate data.
ZoomEye: A cyberspace search engine that identifies devices, components, and websites, similar to Shodan and Censys, with a focus on global internet mapping.

Getting started

To begin using the Spyse API, you generally need to obtain an API key from your Spyse account. The primary method for interaction is through HTTP requests, or by utilizing the provided Python SDK. The following example demonstrates how to use the Python SDK to query for information about a domain, assuming you have the SDK installed and your API key configured.

First, install the Spyse Python SDK:

pip install spyse.py

Then, you can make a simple API call to retrieve domain details:

from spyse import API

# Replace 'YOUR_API_KEY' with your actual Spyse API key
api = API(api_key='YOUR_API_KEY')

# Query for domain information
domain_name = 'example.com'
try:
    domain_data = api.domains.get_domain(domain_name)
    print(f"Domain: {domain_data.name}")
    print(f"Registrar: {domain_data.registrar}")
    print(f"Creation Date: {domain_data.created_at}")
    print(f"Associated IPs: {[ip.ip for ip in domain_data.dns_records.a]}")
except Exception as e:
    print(f"An error occurred: {e}")

# Example of searching for subdomains
print(f"\nSubdomains for {domain_name}:")
subdomains_iterator = api.domains.get_subdomains(domain_name)
for subdomain in subdomains_iterator:
    print(subdomain.name)
    # To get details for each subdomain, you might call get_domain again
    # subdomain_details = api.domains.get_domain(subdomain.name)
    # print(subdomain_details.registrar)

# You can also search for IPs related to a domain
print(f"\nIPs associated with {domain_name}:")
ip_iterator = api.domains.get_ips(domain_name)
for ip in ip_iterator:
    print(ip.ip)

This Python code snippet initializes the Spyse API client with your API key and then demonstrates how to fetch basic details for a specified domain, list its associated subdomains, and identify related IP addresses. The Spyse API documentation provides further examples and details on other available endpoints, such as searching for SSL certificates, open ports, or querying specific vulnerability data.

Spyse

Overview

Key features

Pricing

Common integrations

Alternatives

Getting started

# frequently asked questions

## reviews

## comments

Overview

Key features

Pricing

Common integrations

Alternatives

Getting started

# frequently asked questions

# see also

## reviews

## comments