Passive intelligence gathering in your browser. No install. No account. No configuration. Completely free.
NetSpecter is a free, open source OSINT and passive reconnaissance tool that runs entirely in your browser. Enter any domain name or IP address and run eleven intelligence modules instantly - from DNS record analysis to live TLS grading to Shodan port data.
There is nothing to install. No account to create. No API keys to manage. Everything runs client-side using free public APIs.
It was built for security researchers, IT professionals, journalists, fraud investigators, and anyone who needs to quickly understand the infrastructure behind a domain.
Passive reconnaissance means gathering intelligence without directly interacting with the target's systems. NetSpecter only queries public data sources - DNS servers, certificate transparency logs, WHOIS databases, and third-party intelligence platforms.
This approach has two advantages. First, it leaves no trace on the target's infrastructure. Second, it is legal to perform against any domain, because you are only querying public records that anyone can access.
Active techniques like port scanning or web crawling are outside NetSpecter's scope by design.
example.com) or IP address in the input fieldEnterFor a complete picture of a domain, select FULL SCAN to run all eleven modules in sequence with an automated risk summary at the end.
| Use case | How NetSpecter helps |
|---|---|
| Security researchers | Rapid passive triage of unknown domains |
| IT and sysadmin | Audit your own infrastructure's public exposure |
| Fraud investigators | Identify suspicious domain patterns and fake infrastructure |
| Journalists | Verify the legitimacy of companies and online operations |
| Students | Learn how DNS, TLS, and email security work in practice |
| Bug bounty hunters | Map attack surface before engaging a target |
NetSpecter performs passive reconnaissance only. It queries public data sources on your behalf - DNS servers, certificate transparency logs, WHOIS databases, and third-party intelligence platforms. No credentials or API keys are required from you as a user.
No active exploitation, injection, or unauthorised access is performed at any point.
Only scan domains and IP addresses you own, or that you have explicit written permission to test. The authors accept no responsibility for misuse.
NetSpecter is free and always will be. If it saved you time or helped with an investigation, consider supporting development.
