DEV.co
Open-Source Security · j3ssie

metabigor

Metabigor is an OSINT reconnaissance tool written in Go that performs network discovery, IP enrichment, certificate transparency searches, and related domain discovery without requiring API keys. It leverages free public data sources like Shodan InternetDB, crt.sh, and GitHub code search to support security research and bug bounty workflows.

Source: GitHub — github.com/j3ssie/metabigor
1.6k
GitHub stars
185
Forks
Go
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryj3ssie/metabigor
Ownerj3ssie
Primary languageGo
LicenseMIT — OSI-approved
Stars1.6k
Forks185
Open issues7
Latest releasev2.1.0 (2026-02-15)
Last updated2026-07-03
Sourcehttps://github.com/j3ssie/metabigor

What metabigor is

Go-based CLI tool providing network reconnaissance capabilities via local ASN/IP databases (2M+ entries), certificate transparency queries, Shodan free API integration, GitHub code search via grep.app, and CDN/WAF detection using the projectdiscovery/cdncheck library. Supports batch processing, multiple output formats (JSON, CSV, flat), and pipeline-friendly stdin/stdout workflows.

Quickstart

Get the metabigor source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/j3ssie/metabigor.gitcd metabigor# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Bug Bounty & Penetration Testing Reconnaissance

Quickly enumerate ASN ranges, discover subdomains via certificate logs, and identify open ports on target infrastructure without API key overhead. Batch processing supports large-scale recon workflows.

Infrastructure Mapping & Network Discovery

Group IPs by ASN, find CIDR ranges associated with organizations/domains, and detect CDN/WAF providers to identify origin servers and understand target infrastructure.

Secret & Credential Scanning in Public Code

Search GitHub repositories for exposed credentials, API keys, and subdomains related to target domains using the integrated grep.app search without managing separate API credentials.

Implementation considerations

  • Go binary is self-contained with no external runtime dependencies; pre-built binaries available or build from source with `make build`. Quick installation via PATH.
  • Local ASN database (2M+ entries) needs periodic refresh with `metabigor update`; plan for offline-first queries or live data via `--dynamic` flag.
  • Pipeline-friendly design: stdin/stdout, multiple output formats (JSON, CSV, flat). Integrates into shell workflows and can be chained with tools like `dnsx`, `grep`, and other recon tools.
  • Concurrency configurable per command (`-c` flag); tune based on target rate limits and network capacity. Default likely conservative to avoid blocking from external services.
  • No authentication required for core features; relies on free tier access to external APIs. Monitor for service changes or blocking; consider caching results for repeated queries.

When to avoid it — and what to weigh

  • Requires Real-Time Threat Intelligence Updates — Local ASN/IP database requires manual updates via `metabigor update` command. Data freshness depends on user maintenance; not suitable for live, continuously-updated threat feeds.
  • Needs Authenticated/Premium Data Sources — Tool deliberately uses only free, unauthenticated sources. If your workflow requires paid APIs (Shodan premium, custom threat feeds, commercial WHOIS), this tool will not meet those needs.
  • Integrating into Closed/Airgapped Environments — Most commands require live internet access to query external services (crt.sh, grep.app, viewdns.info, builtwith.com). Offline or restricted network deployments will be severely limited.
  • High-Volume, Real-Time Processing Requirements — Concurrency tuning via `-c` flag mitigates but tool is designed for interactive/batch recon, not sustained high-throughput stream processing. Rate limits from external services apply.

License & commercial use

Released under the MIT License, a permissive OSI-compliant license permitting unrestricted use, modification, and distribution in commercial and private projects.

MIT License permits commercial use. However, tool depends on third-party free data sources (Shodan InternetDB, crt.sh, grep.app, viewdns.info, builtwith.com) whose terms of service must be independently reviewed. Ensure compliance with each external service's acceptable use policy before deploying in commercial security workflows.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Tool itself is open-source (MIT license) and auditable. Security posture depends on: (1) third-party data sources (crt.sh, Shodan, grep.app) and their data integrity; (2) user's adherence to legal/ethical bounds (tool includes disclaimer for educational use only); (3) network exposure when querying external services (no encryption layer mentioned). No built-in output sanitization or injection protection documented; user responsible for safe downstream handling of results. Shodan InternetDB queries may reveal exposed services; results should be handled with appropriate access controls.

Alternatives to consider

Nuclei (ProjectDiscovery)

Focused on vulnerability scanning and template-based testing rather than open-source intelligence; premium integrations available. Better for active exploitation workflows; weaker on passive OSINT.

Shodan CLI (shodan-python)

Official Shodan command-line interface; requires API key (paid). More comprehensive Shodan data access; steeper cost and authentication overhead compared to Metabigor's free InternetDB approach.

Recon-ng

Modular Python-based OSINT framework with larger module ecosystem and interactive console. Steeper learning curve; supports more data sources but requires manual API key management.

Software development agency

Build on metabigor with DEV.co software developers

Metabigor is powerful for passive reconnaissance, but integrating it reliably into production security pipelines requires planning around external API dependencies and data freshness. Devco can help architect robust reconnaissance automation, handle API fallbacks, and ensure compliance with third-party service terms.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

metabigor FAQ

Do I need API keys to use Metabigor?
No. Metabigor deliberately uses free, unauthenticated data sources (crt.sh, Shodan InternetDB, grep.app, viewdns.info, builtwith.com). This is a core design principle.
How often should I update the local ASN database?
Not documented in README. Run `metabigor update` periodically; frequency depends on how current your ASN/IP mappings need to be. Use `--dynamic` flag to query live sources instead of local DB if freshness is critical.
Can Metabigor be integrated into larger reconnaissance automation?
Yes. JSON/CSV output, stdin/stdout pipeline support, and modular commands make it suitable for chaining with other tools. It was originally part of the Osmedeus Engine framework.
What happens if external services (crt.sh, grep.app) are down or rate-limit requests?
Tool will fail or return partial results. No fallback or retry logic is documented. Tune concurrency with `-c` flag to mitigate rate limiting; consider caching results for repeated queries.

Work with a software development agency

Need help beyond evaluating metabigor? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source security integrations — and maintain them long-term.

Need Help Integrating Metabigor Into Your Security Workflow?

Metabigor is powerful for passive reconnaissance, but integrating it reliably into production security pipelines requires planning around external API dependencies and data freshness. Devco can help architect robust reconnaissance automation, handle API fallbacks, and ensure compliance with third-party service terms.