Orb

a libre, massive footprinting tool

v0.4 (2026) — "Yellow Orb!" Python 3 GPLv3 no browser JS

# What is Orb?

Orb is a massive footprinting tool. It uses passive and active —automated— methods to provide real information about a target. You only need to set a concept to start gathering data. When finished, Orb builds you some fancy reports.

+ Passive

  • Crawl search engines for public records (deep web included)
  • Search for registered domains
  • Extract whois info (owners, dates)
  • Discover subdomains
  • Find machines running services
  • Resolve DNS records (A, NS, MX, TXT)
  • Extract CVE / CVS vulnerability records

+ Active

  • Scan for open ports (TCP/UDP, 1–65535)
  • Fingerprint banners (state, vendor, OS, version, CPE)
  • Correlate services with known vulnerabilities
  • Optional TCP-only or custom port ranges
  • Custom DNS resolvers
  • Results as raw + JSON reports

# Features

One command, a full reconnaissance pipeline — every stage can be toggled on or off.

Multiple search engines

Query one source or all of them at once, and switch engines as they come and go.

Deep web

Onion (Tor) records retrieved through the Ahmia gateway.

Whois

Registrant, creation, expiration and last-update dates for every discovered domain.

Subdomains

Passive subdomain discovery from search-engine results — no bruteforcing.

DNS records

Resolve A, NS, MX and TXT records, with custom resolvers if you want.

Port scanning

Nmap-powered TCP/UDP scanning across the full port range with service detection.

Banner grabbing

Fingerprint services: state, product, version, name, extra info and CPE.

CVE / CVS

Vulnerability lookups powered by the NVD (National Vulnerability Database) API.

Reports

Every run is logged per target as raw text and, optionally, structured JSON.

Web GUI

Optional local web interface to drive Orb from your browser.

Tor aware

Built-in Tor connection check to verify you are routing through the network.

Self-update

Pull the latest stable version straight from the git repository.

# Web GUI

Prefer clicking to typing? Orb ships with a built-in web interface. Launch it with python3 orb --gui, set your target, tune the options and watch the footprinting stream live in your browser.

Orb Web GUI

# Install

Orb runs on many platforms. It requires Python 3 and a few libraries: ddgs, whois, dnspython, python-nmap and requests.

git clone https://github.com/epsylon/orb
cd orb

sudo apt-get install nmap python3-pip
pip3 install -r orb/docs/requeriments.txt

pip3 install ddgs whois dnspython python-nmap requests --user

The Nmap system binary is required for the active port-scanning features.

# Usage

Point Orb at a concept and let it work. A few common invocations:

python3 orb --spell='target'

python3 orb --spell='target' --ext='.com,.net,.org' --sa

python3 orb --spell='target' --passive --se='bing'

python3 orb --spell='target' --active --scan-tcp --scan-ports='1-1024'

python3 orb --spell='target' --resolver='1.1.1.1,8.8.8.8'

python3 orb --spell='target' --show-filtered --json='target.json'

python3 orb --spell='target' --delay='2'

python3 orb --spell='target' --ext-f='core/sources/user-exts.txt'

python3 orb --spell='target' --social-f='core/sources/spain/social.txt' --news-f='core/sources/spain/news.txt'

python3 orb --gui

python3 orb --list-engines

python3 orb --check-tor

python3 orb --update
See all option groups
  • Methods--passive, --active
  • Search engines--se, --se-ext, --sa, --list-engines
  • Public--no-public, --no-deep, --no-social, --social-f, --no-news, --news-f
  • Domains--ext, --ext-f
  • Whois / Subdomains--no-whois, --no-subs
  • DNS--no-dns, --resolver
  • Port scanning--no-scanner, --scan-tcp, --scan-ports, --show-filtered, --no-scan-dns/ns/mx
  • Banner grabbing--no-banner, --no-cve, --no-cvs
  • Reporting--no-log, --json, -v
  • Rate limiting--delay

# Search engines

Gather public records from multiple sources. Pick one with --se, or query them all at once with --sa.

duck bing brave mojeek yahoo startpage ecosia ahmia · deep web

You can also target a location with --se-ext='es' (france=fr, italy=it, ...).