Attack surface searchFreemium

FOFA

Cyberspace asset search.

Search engine for internet assets, technologies, services, and exposure patterns across global infrastructure.

OSINTFreemiumOfficial site listedCommunity voting
Visit site

Overview

What FOFA is good for

Search engine for internet assets, technologies, services, and exposure patterns across global infrastructure.

Built for osint and vulnerability management workflows.

Useful when evaluating attack surface search capabilities.

Helpful for assets, recon, exposure investigations and triage.

Evaluation guide

Quick decision notes

Best fit

Investigators collecting public web, domain, URL, identity, and infrastructure evidence.

Check before using

Confirm current pricing, data limits, account requirements, and licensing on the official site before production use.

Typical inputs

#assets · #recon · #exposure

Discovery path

Use the categories, source links, and similar tools below to compare it with nearby options.

Use cases

Where it fits

Investigators collecting public web, domain, URL, identity, and infrastructure evidence.
Security teams prioritising vulnerabilities with exposure and real-world exploitation signals.
Teams finding exposed assets, technologies, services, and externally visible risk.

Classification

Categories and tags

OSINTVulnerability ManagementAttack Surface#assets#recon#exposure

Sources

Official links and checks

Use these links to verify current plans, access requirements, documentation, releases, and support status.

Reviews

Community reviews and comments

Community reviews

Comment provider is not configured yet. This placeholder keeps the review area visible while setup is completed.

Suggest a review

FAQ

Questions about FOFA

What is FOFA used for?

FOFA is used for attack surface search workflows. Search engine for internet assets, technologies, services, and exposure patterns across global infrastructure.

Is FOFA free?

The listed pricing model is Freemium. Check the official site for exact plan limits, usage restrictions, and current commercial terms.

Which teams should evaluate FOFA?

It is most relevant to teams working across osint, vulnerability management, attack surface workflows.

What are alternatives to FOFA?

Start with the similar tools section on this page. It highlights tools with overlapping categories, tags, and operational use cases.