For the past ten years, I’ve been building an Open Source Intelligence (OSINT) tool called SpiderFoot , which is used to automate the collection and analysis of OSINT for attack surface management and threat intelligence. It’s open source, written in Python and is the top ranked project in many of the GitHub categories it’s in, with just short of 7,000 stars at the time of writing. A couple of years ago I also launched a SaaS version of SpiderFoot called SpiderFoot HX, but that’s another blog post (or series of posts!) for another day. This post covers what I’ve learned from that journey so far.
You’d rightly imagine that after ten years, SpiderFoot has become a pretty big part of my life. I spend most early mornings and late evenings “working” on it and I often talk about it with my wife, kids and friends. It’s brought me a lot of joy but also frustration at times.
So now feels like a good point in time to take a step back, reflect and try to draw out the lessons I’ve learned and internalized over these years. I’m writing this in part for my own benefit, but also in the hope it will help others who might be on a similar journey with their own open source project, or may be considering starting one but have been holding themselves back.