Skip to content
Command line Search Engines Framework but without API key
Branch: master
Clone or download


Command line Search Engines Framework but without API key

python Software License tested Demo

What is Metabigor?

Metabigor allows you to do query from command line to awesome Search Engines (like Shodan, Censys, Fofa, ZoomEye, etc) without any API key.

But Why Metabigor?*

  • Don't use your API key so you don't have to worry about litmit of API quotation.

  • Do query from command line without Premium account.

  • Get more result without Premium account.

  • But I have an Premium account why do I need this shit?

    • Again Metabigor will not lose your API quotation.
    • Your query will optimized so you gonna get more result than using it by hand or API key.
    • Never get duplicate result.

How it works?

Metabigor gonna use your cookie or not to simulate search from browser and automatic optimize the query to get more result.

Search Engine currently supported

  • Shodan.
  • Fofa Pro.
  • ZoomEye.
  • Censys.


git clone
cd Metabigor
pip3 install -r requirements.txt



How to use

Basic Usage

./ -s <source> -q '<your_query>' [options]

Check out the Advanced Usage to explore some awesome options

Example commands

Note: Fill your credentials or your sessions on config.conf if you want to get more results.

./ -s fofa -q 'title="Dashboard - Confluence" && body=".org"' 
./ -s fofa -q 'title="Dashboard - Confluence" && body=".org"' -b --disable_pages
./ -s shodan -q 'port:"3389" os:"Windows"' --debug


[*] Setup session
Do command below or direct modify config.conf file
./ -s shodan --cookies=<content of polito cookie>
./ -s censys --cookies=<content of auth_tkt cookie>
./ -s fofa --cookies=<content of _fofapro_ars_session cookie>
./ -s zoomeye --cookies=<content of Cube-Authorization header>

[*] Basic Usage
./ -s <source> -q '<your_query>' [options]
./ -S <json file of multi source> [options]
./ -m <module> -t <target> [options]

[*] More Options
  -d OUTDIR, --outdir OUTDIR
                        Directory output
  -o OUTPUT, --output OUTPUT
                        Output file name
  --raw RAW             Directory to store raw query
  --proxy PROXY         Proxy for doing request to search engine e.g:
  -b                    Auto brute force the country code
  --disable_pages       Don't loop though the pages
  --store_content       Store the raw HTML souce or not
  -M                    Print available module and search engine supported
  --hh                  Print this message
  --debug               Print debug output

[*] Example commands
./ -s fofa -q 'title="Dashboard - Confluence" && body=".org"'
./ -s zoomeye -q 'app:"tomcat"'

./ -s shodan -q 'port:"3389" os:"Windows"' --debug
./ -s shodan -Q list_of_query.txt --debug -o rdp.txt  -b --disable_pages

./ -s censys -q '(scada) AND protocols: "502/modbus"' -o something  --debug --proxy socks4://

./ -m exploit -t 'nginx|1.0'  --debug


  • Auto switch to query using proxy if get blocked.
  • Predine query to do specific task like subdomain scan, portscan.
  • Adding more search engine.
    • ZoomEye
    • Baidu
    • Get free proxy from multiple data sources


If you have some new idea about this project or you have found some valuable tool feel free to open an issue for just DM me via @j3ssiejjj.


Logo from flaticon by Vitaly Gorbachev and ascii logo converted by picascii


* Note: Some features above might not works for all Search Engine.
E.g: Some Search Engines allowed use API key without Premium account and and some of them lose your quotation quotation even when you do not use API key.

This tool is for educational purposes only. You are responsible for your own actions. If you mess something up or break any laws while using this software, it's your fault, and your fault only.



You can’t perform that action at this time.