CLI-Based Recon and Threat Intelligence Framework
FARSIGHT is a powerful, Python-based reconnaissance and threat intelligence framework designed for security professionals. It provides comprehensive domain intelligence, asset discovery, and threat monitoring capabilities in a fast, modular CLI-first tool.
- Pure Python Implementation: Entirely built in Python for maximum portability
- API-Optional Architecture: Functions with or without API keys, with enhanced fallback mechanisms
- Fast & Modular: Async-first design for optimal performance with parallel processing
- CLI-First Approach: Intuitive command-line interface using Typer
- Comprehensive Reporting: Generates detailed Markdown and PDF reports with visual risk indicators
- Graceful Degradation: Recovers smoothly from API failures with smart alternative methods
- No External Binary Dependencies: Optional integration with external tools
- Organizational Domain Discovery: WHOIS analysis, certificate transparency data, passive DNS, related domain discovery
- Recon / Asset Discovery: Advanced DNS enumeration, comprehensive port scanning on all discovered subdomains
- Threat Intelligence: Leak detection, credential exposure, dark web mentions, email reputation analysis
- Typosquatting Detection: Optimized domain permutation and analysis with content similarity assessment
- News Monitoring: Comprehensive news tracking with multiple source support and relevance scoring
- Report Generation: Structured output in Markdown/PDF formats with visual risk indicators
FARSIGHT requires Python 3.7+ and several dependencies. You can install it directly from the GitHub repository:
# Clone the repository
git clone https://github.com/seedon198/Farsight.git
cd Farsight
# Install dependencies
pip install -r requirements.txt
# Optional: Install development dependencies
pip install -r requirements-dev.txtFARSIGHT can function without API keys, but some features will be limited. For the best experience, consider setting up the following API keys as environment variables:
export FARSIGHT_SHODAN_API_KEY="your-api-key"
export FARSIGHT_CENSYS_API_KEY="your-api-key"
export FARSIGHT_SECURITYTRAILS_API_KEY="your-api-key"
export FARSIGHT_VIRUSTOTAL_API_KEY="your-api-key"
export FARSIGHT_INTELX_API_KEY="your-api-key"
export FARSIGHT_LEAKPEEK_API_KEY="your-api-key"FARSIGHT is designed to be simple to use while providing powerful reconnaissance capabilities. Here are some examples of how to use it:
# Display help information
python -m farsight --help
# Display version information
python -m farsight version
# Basic scan with organization discovery and reconnaissance modules
python -m farsight scan example.com --output report.md
# Comprehensive scan with all modules at depth 2
python -m farsight scan example.com --output report.md --depth 2 --all
# Custom scan with specific modules
python -m farsight scan example.com --output report.md --modules org,recon,threat
# Generate a PDF report
python -m farsight scan example.com --output report.pdf --allFARSIGHT supports different scan depth levels that control how thorough the scanning process is:
- Depth 1: Basic reconnaissance (default) - Fast, non-intrusive scanning
- Depth 2: Enhanced reconnaissance - More thorough scanning with additional checks
- Depth 3: Comprehensive analysis - Most thorough scanning with all available techniques
# Run a quick scan (depth 1)
python -m farsight scan example.com --depth 1
# Run a thorough scan (depth 3)
python -m farsight scan example.com --depth 3 --allFARSIGHT is designed with a modular architecture, allowing you to use specific modules independently or together. Here's an overview of each module:
This module discovers domains related to an organization through various techniques:
- WHOIS data analysis for organization information
- Certificate Transparency logs from crt.sh
- Passive DNS data from public sources
- Optional API-based lookups (SecurityTrails, Censys)
This module identifies assets and network infrastructure:
- DNS enumeration (A, AAAA, MX, TXT, NS records)
- Advanced subdomain discovery using multiple techniques:
- Certificate Transparency logs
- DNS brute forcing
- Passive DNS sources
- Comprehensive port scanning on all discovered subdomains using asyncio
- Email security assessment (SPF, DMARC, DKIM)
- Optional API-based services (Shodan, Censys)
This module identifies potential security threats:
- Data leak detection from public sources
- Credential exposure monitoring with breach correlation
- Advanced dark web mentions tracking with risk categorization
- Email reputation analysis with risk scoring
- Alternative monitoring methods when APIs are unavailable
- Visual risk indicators in reports (π’, π΅, π΄,
β οΈ )
This module identifies potential typosquatting domains:
- Optimized domain permutation generation
- Enhanced DNS resolution checks with fallback mechanisms
- Registration data analysis with age assessment
- Advanced content similarity checks
- MX record analysis for phishing detection
- Improved similarity threshold (60% default) for better detection
- Analyzes similarity and risk scoring
- Detects domain squatting techniques
This module tracks recent news mentions:
- Recent news articles about the target with multiple source support
- Source credibility assessment and publisher information
- Relevance scoring for each article
- Alternative methods when primary API is unavailable
- Clean output formatting with prioritized articles
This module generates comprehensive reports:
- Markdown reports with detailed findings
- Optional PDF conversion
- Structured data presentation
- Executive summaries and technical details
FARSIGHT's behavior can be configured through environment variables or direct parameters:
Set these environment variables to configure API keys and global settings:
# API Keys
export FARSIGHT_SHODAN_API_KEY="your-api-key"
export FARSIGHT_CENSYS_API_KEY="your-api-key"
export FARSIGHT_SECURITYTRAILS_API_KEY="your-api-key"
export FARSIGHT_VIRUSTOTAL_API_KEY="your-api-key"
export FARSIGHT_INTELX_API_KEY="your-api-key"
export FARSIGHT_LEAKPEEK_API_KEY="your-api-key"
# Global Settings
export FARSIGHT_TIMEOUT=60 # Default timeout in seconds
export FARSIGHT_MAX_CONCURRENT=20 # Max concurrent requestsMany configuration options can be provided directly on the command line:
# Set timeout and concurrency
python -m farsight scan example.com --timeout 60 --concurrency 20
# Force overwrite existing reports
python -m farsight scan example.com --output report.md --force
# Enable verbose output for debugging
python -m farsight scan example.com --verboseFARSIGHT generates comprehensive reports in Markdown format by default, with optional PDF conversion if the required libraries are installed. Reports include:
- Executive summary with key findings
- Detailed technical results from each module
- Visual representations of data where applicable
- Recommendations based on findings
Example report sections:
# FARSIGHT Reconnaissance Report
## Target: example.com
**Scan Date:** 2025-05-17 17:57:11
**Scan Depth:** 2
**Modules Run:** org, recon, threat, typosquat, news
## Executive Summary
This report presents the findings from a reconnaissance scan of **example.com**.
- **12** domains/subdomains discovered
- **5** open ports found
- **Well-protected** email security postureFARSIGHT is built with the following architecture:
farsight/
βββ cli/ # CLI interface using Typer
β βββ scan.py # Main scan command
βββ modules/ # Core functionality modules
β βββ org_discovery.py # Organization domain discovery
β βββ recon.py # DNS enumeration and port scanning
β βββ threat_intel.py # Threat intelligence gathering
β βββ typosquat.py # Typosquatting detection
β βββ news.py # News monitoring
β βββ report_writer.py # Report generation
βββ utils/ # Utility functions
β βββ api_handler.py # API interaction with failover
β βββ common.py # Common utilities
β βββ dns.py # DNS operations
βββ config.py # Configuration management
βββ main.py # Entry point
FARSIGHT requires the following main dependencies:
- typer: CLI interface framework
- python-whois: WHOIS lookups
- aiohttp: Asynchronous HTTP requests
- dnspython: DNS resolution and querying
- beautifulsoup4: Web scraping
- dnstwist (optional): Enhanced typosquatting detection
- markdown and weasyprint (optional): PDF report generation
- gnews (optional): News article retrieval
Full dependencies are specified in the requirements.txt file.
FARSIGHT is an open-source project and welcomes contributions. Here's how you can contribute:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
FARSIGHT is licensed under the MIT License. See the LICENSE file for details.
FARSIGHT leverages the following projects and services:
- Typer - CLI framework
- aiohttp - Asynchronous HTTP client/server
- dnspython - DNS toolkit
- python-whois - WHOIS lookup
- BeautifulSoup - Web scraping
- dnstwist - Domain permutation engine
- markdown - Markdown parsing
- Public data sources including crt.sh, RapidDNS, and DNSDB.io
FARSIGHT is provided as-is, without warranty of any kind, express or implied. The authors and contributors disclaim all liability for any damages arising from its use.
This tool is designed for security professionals conducting authorized security assessments. Always ensure you have proper authorization before scanning any domain or network.
For questions, suggestions, or support, please open an issue on the GitHub repository.