Spiderfoot

The collecting-open-source-intelligence skill helps analysts gather and synthesize passive OSINT for Threat Intelligence, including hostile infrastructure, phishing support systems, exposed services, and public indicators. It is designed for structured enrichment, cross-source correlation, and report-ready output using Shodan, crt.sh, WHOIS/RDAP, and GitHub exposure checks.

building-threat-actor-profile-from-osint helps threat intelligence teams turn OSINT into structured threat actor profiles. It supports profiling named groups or campaigns, with ATT&CK mapping, infrastructure correlation, source traceability, and confidence notes for defensible analysis.