Windows Server

What are the Sam Spade tools?

What are the Sam Spade Search Tools?

This is a collection of some of the web tools provided by the Sam Spade website.

Click on any item to expand it’s description. Searches will open in a new window.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.


  • The address digger

    • This tool is the original Sam Spade tool that’s been running for nearly five years. It’s been rewritten from scratch four times since it first appeared, but still does the same things. It takes a hostname or an IP address, guesses at the domain name, and then runs some Whois queries to find out who owns the domain and the block of IP addresses it lives in, and traces the route packets take to the host.

      It’s slow, crufty, returns less information and has more bugs than the newer tools, but it’s still handy to have around.


  • Obfuscated URLs

    • A lot of spam includes pointers to websites. Often the URL is obfuscated in a variety of ways – by using %-encoded characters, bogus authentication information, IP addresses written in strange ways.

      This tool will decode any legal URL, showing you how it was obfuscated, what the real URL looks like and who hosts the website.


  • The safe web browser

    • This is a secure web browser. It doesn’t pass any information about you, it won’t accept cookies, it won’t run any JavaScript, any ActiveX or Java applets. It won’t even reveal the IP address you’re connecting from.

      Enter a URL, such as into the box and hit Go. You’ll see the raw http response from the server.

      Any links, redirects or frames in the original webpage will be shown as active links. Some interesting constructs in the web page will be highlighted.

      The downsides are that some websites will refuse to show you any content without a cookie – and there’s no way to accept a cookie, the HTML isn’t parsed particularly carefully, so some links may not be active, and authentication isn’t supported yet.


  • Traceroute

    • Traceroute shows the route packets take from this host (, NOT from YOUR own host, like the regular built-in Traceroute tool does) to the host you’re looking at. Each hop shows the hostname (or the IP address if there’s no reverse DNS), the IP address of the system, the AS number of the system, and the round-trip time from to the system.

      The AS number identifies the owner of the network neighborhood the system is in. Following the AS number link will give contact information for the owner of that block of addresses – the system itself may be a customer of the block owner.


  • Whois

    at MagicGeekToolsAustralia ( ( (,com,net,org,gov ( ( ( ( ( Korea ( ( Military ( ( ( Republic ( Kingdom, not or ( States .us ( IP addresses ( Pacific (

    • The Whois tool asks a question of a Whois server. Typically the question is a domain name or an IP address. You usually need to pick the right Whois server to ask your question ( only knows about French domains, for instance).


  • Whois #2


    • The Whois tool asks a question of a Whois server. Typically the question is a domain name or an IP address. Sometimes you may want to query a server I don’t have listed – this tool will let you query any server.


  • Rwhois

    at Exodus CommunicationsDigex/IntermediaCogent Communications

    • This is a very simple rwhois tool. It asks a single question of an rwhois server. Typically the question is an IP address. You usually need to pick the right rwhois server to ask your question ( only handles Exodus suballocation, for instance).


  • Dejanews author search

    • This is just a canned search of the Dejanews database of the past several years of Usenet posts. All Dejanews disclaimers apply (specifically the Dejanews search engine sometimes has a bad day, and finds posts by an author in groups they’ve never posted too – if the post itself doesn’t show up, it didn’t really happen. Also anything posted with an X-No-Archive: yes header will not be listed at Dejanews, nor will cancels, most Usenet spam and some binaries. Posts are sometimes forged, either as random vandalism or targeted harassment. Treat the results from this search with some caution.)


  • Blackhole list check

    • This queries several Blackhole lists to see if the server is listed in any of them.


  • DNS

    • The DNS tool asks basic questions of the domain name system. Typically the question is a domain name or an IP address. It will provide the address and mail server for a hostname, and the reverse DNS for an IP address.


  • Routing Explorer

    • The Routing Explorer allows you to explore a static copy of part of the internet routing databases mirrored by RADB

      It can give you some idea of who is provides connectivity to an address and how much of the internet a company provides connectivity to.


  • RFC

    • A cross-referenced archive of RFCs.


  • IP Whois

    • Query ARIN, RIPE or APNIC to find who owns an IP address.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (5)

5 responses to “What are the Sam Spade tools?”

  1. […] is a collection of passive information gathering tools, many of which fail by redirecting to swisscom. Includes some of the Sam Spade tools, which can tell you what others can easily learn about you. The Sam Spade tools look up DNS and domain information. The Sam Spade tools are frequently under revision, but one stable source is […]

  2. […] Sam Spade tools ENISA Blog Seasoned malware analysts/reversers/crackers move along – you already know this stuff Analyzing malware is always challenging as there are a few dozen if not hundreds different ways to detect the virtual environment plus other tools used by reversers during dynamic or in-depth analysis – most of these can be easily picked up by malware looking for process names, registry keys, or using one of the undocumented, or semi-documented bugs/features of VMs (usually snippets of code producing different results when executed on a real CPU vs. on a virtual CPU). This short post describes a few ways how to hide VM (main focus on VMWare) and tools – by hiding their files, processes, services + associated with them registry keys/values. SHODAN – Computer Search Engine […]

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: