Intelspy - Perform Automated Network Reconnaissance Scans


Perform automated network reconnaissance scans to gather network intelligence.

IntelSpy is a multi-threaded network intelligence tool that performs automated network services enumeration. It performs live hosts detection scans, port scans, services enumeration scans, web content scans, brute-forcing, detailed off-line exploits searches, and more.

The tool will also launch further enumeration scans for each detected service using a number of different tools.


  • Scans multiple targets in the form of IP addresses, IP ranges (CIDR notation), and resolvable hostnames.
  • Scans targets concurrently.
  • Detects live hosts in an IP range (CIDR) network.
  • Customizable port scanning profiles and service enumeration commands.
  • Creates a directory structure for results gathering and reporting.
  • Logs every command that was executed.
  • Generates shell scripts containing commands to be run manually.
  • Extracts important information in txt and markdown format for further inspection.
  • Stores data to an SQLite database.
  • Generates an HTML report.


  • Python 3 (sudo apt install python3)
  • Linux (preferably Kali Linux or any other hacking distribution containing the tools below.)
  • toml (
  • seclists (
  • curl (prerequisite) (sudo apt install curl)
  • enum4linux (prerequisite) (sudo apt install enum4linux)
  • gobuster (prerequisite) (sudo apt install gobuster)
  • hydra (optional) (sudo apt install hydra)
  • ldapsearch (optional) (sudo apt install ldap-utils)
  • medusa (optional) (sudo apt install medusa)
  • nbtscan (prerequisite) (sudo apt install nbtscan)
  • nikto (prerequisite) (sudo apt install nikto)
  • nmap (prerequisite) (sudo apt install nmap)
  • onesixtyone (prerequisite) (sudo apt install onesixtyone)
  • oscanner (optional) (sudo apt install oscanner)
  • pandoc (prerequisite) (sudo apt install pandoc)
  • patator (optional) (sudo apt install patator)
  • showmount (prerequisite) ('system tool ')
  • smbclient (prerequisite) (sudo apt install smbclient)
  • smbmap (prerequisite) (sudo apt install smbmap)
  • smtp-user-enum (prerequisite) (sudo apt install smtp-user-enum)
  • snmpwalk (prerequisite) (sudo apt install snmp)
  • sslscan (prerequisite) (sudo apt install sslscan)
  • svwar (prerequisite) (sudo apt install sipvicious)
  • tnscmd10g (prerequisite) (sudo apt install tnscmd10g)
  • whatweb (prerequisite) (sudo apt install whatweb)
  • wkhtmltoimage (prerequisite) (
  • wpscan (optional) (sudo apt install wpscan)
pip3 install -r requirements.txt


$ python3 -h

 ___               __        
  |  ._ _|_  _  | (_  ._     
 _|_ | | |_ (/_ | __) |_) \/ 
                      |   /  
IntelSpy v2.0 - Perform automated network reconnaissance scans to gather network intelligence.
IntelSpy is an open source tool licensed under GPLv3.
Written by: @maldevel | Logisek ICT
Web: |

                   [--exclude <host1[,host2][,host3],...>] [-s SPEED]
                   [-ct <number>] [-cs <number>] [--profile PROFILE_NAME]
                   [--livehost-profile LIVEHOST_PROFILE_NAME]
                   [--heartbeat HEARTBEAT] [-v]
                   [targets [targets ...]]

positional arguments:
  targets               IP addresses (e.g., CIDR notation (e.g.
              , or resolvable hostnames (e.g.
               to scan.

optional arguments:
  -h, --help            show this help message and exit
  -ts TARGET_FILE, --targets TARGET_FILE
                        Read targets from file.
  -p PROJECT_NAME, --project-name PROJECT_NAME
                        project name
  -w WORKING_DIR, --working-dir WORKING_DIR
                        working directory
  --exclude <host1[,host2][,host3],...>
                        exclude hosts/networks
  -s SPEED, --speed SPEED
                        0-5, set timing template (higher is faster) (default:
  -ct <number>, --concurrent-targets <number>
                        The maximum number of target hosts to scan
                        concurrently. Default: 5
  -cs <number>, --concurrent-scans <number>
                        The maximum number of scans to perform per target
                        host. Default: 10
  --profile PROFILE_NAME
                        The port scanning profile to use (defined in port-
                        scan-profiles.toml). Default: default
  --livehost-profile LIVEHOST_PROFILE_NAME
                        The live host scanning profile to use (defined in
                        live-host-scan-profiles.toml). Default: default
  --heartbeat HEARTBEAT
                        Specifies the heartbeat interval (in seconds) for task
                        status messages. Default: 60
  -v, --verbose         Enable verbose output. Repeat for more verbosity (-v,
                        -vv, -vvv).

Usage Examples

Scanning single target

sudo python3 -p MyProjectName -w /home/user/pt/projects/
sudo python3 -p MyProjectName -w /home/user/pt/projects/ -v
sudo python3 -p MyProjectName -w /home/user/pt/projects/ -vv
sudo python3 -p MyProjectName -w /home/user/pt/projects/ -vvv

Scanning a hostname

sudo python3 -p MyProjectName -w /home/user/pt/projects/

Scanning a network range(CIDR)

sudo python3 -p MyProjectName -w /home/user/pt/projects/

Scanning multiple targets (comma separated)

sudo python3 -p MyProjectName -w /home/user/pt/projects/

Scanning targets from file

sudo python3 -p MyProjectName -w /home/user/pt/projects/ -ts /home/user/targets.txt

Excluding one host

sudo python3 -p MyProjectName -w /home/user/pt/projects/ --exclude

Excluding many hosts

sudo python3 -p MyProjectName -w /home/user/pt/projects/ --exclude,


I started working on IntelSpy when I discovered AutoRecon. Instead of reinventing the wheel, IntelSpy is the result of merging IntelSpy with the best features of the AutoRecon to create a network reconnaissance tool suitable for Penetration Testing engagements.


July 29, 2020


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023