Automic VaultAutomic Vault

brew

Install wtfis with Homebrew, Nix

Passive hostname, domain, and IP lookup tool. Version 0.15.0 via Homebrew; verified 2026-05-15.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install wtfis

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#wtfis

nixpkgs package indexes · pkgs/by-name/wt/wtfis/package.nix · source: api.github.com

overview

Package summary

Passive hostname, domain, and IP lookup tool

Commands and aliases

  • wtfis

history

Project history and usage

wtfis is a Python command-line OSINT lookup tool for hostnames, domains, FQDNs, and IP addresses. Its niche is human-readable passive enrichment: it gathers reputation, resolution, WHOIS, geolocation, ASN, scanner-noise, and malware-distribution context from several services while trying to minimize API calls against free-tier accounts.

Project history

The author introduced wtfis publicly in a 2022-08-13 blog post, explaining that it was written to replace repeated manual website lookups for FQDN and domain information with one terminal command. The README keeps the same design framing: the tool is for non-robots, organized into readable panels, and named as a play on `whois`.

The earliest PyPI release with files is version 0.0.3 on 2022-08-12, one day before the author's announcement post. By 2026-04-06, PyPI listed 0.15.0 as the current release, showing that the project continued beyond the initial personal utility into a maintained OSINT CLI.

Adoption history

wtfis was adopted in the security-tooling niche because it wraps several common reputation and enrichment services behind one readable terminal output. The README documents VirusTotal, AbuseIPDB, GreyNoise, IP2Location, IP2Whois, IPinfo, IPWhois, Shodan, and URLhaus, with many optional so users can stay within quotas or add richer context when they have keys.

A Hacker News submission in May 2025 described it as a passive hostname, domain, and IP lookup tool for non-robots and drew visible discussion, which is a useful secondary signal that the project had moved beyond the author's personal workflow into the broader security-operations audience.

How it is used

The basic workflow is `wtfis FQDN_OR_DOMAIN_OR_IP`, with optional flags to enable all enrichments or specific services such as Shodan, GreyNoise, AbuseIPDB, and URLhaus. It accepts defanged input, can limit displayed resolutions, can turn off color, and can present one-column output for terminals where layout matters.

Credentials are optional and are loaded from environment variables or `~/.env.wtfis`. That design matches its free-tier posture: useful defaults work without every service configured, while analysts can add API keys for more complete enrichment.

Why package nerds care

wtfis is significant as a compact example of modern security CLI ergonomics: it does not try to be a full SIEM or threat-intelligence platform, but it packages the first few minutes of domain/IP triage into a readable terminal command.

Timeline

  • 2022-08-12: Earliest PyPI file-backed release, 0.0.3.
  • 2022-08-13: The author announced wtfis as a passive FQDN and domain lookup tool.
  • 2023: The README documented GreyNoise support as quota-sensitive and off by default.
  • 2025-05-12: wtfis appeared on Hacker News as a passive lookup tool for non-robots.
  • 2026-04-06: PyPI listed release 0.15.0.

Related projects

  • wtfis aggregates data from VirusTotal, AbuseIPDB, GreyNoise, IP2Location, IP2Whois, IPinfo, IPWhois, Shodan, and URLhaus.
  • The author describes the project name as a play on the traditional `whois` command.

security posture

No protected-tool coverage found yet

No matching local secret-handling manifest was found for wtfis. Nucleus package metadata is still published here so future coverage has a stable package URL.

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 1 platform targets.
  • Installs with 3 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
~/.env.wtfis

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
~/.env.wtfis

executables

Installed executables

CommandKindExposureNote
wtfiscliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-07
manager version0.15.0
manager updated2026-05-15
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/pirxthepilot/wtfis

install metadata

Package metadata

Package keybrew:wtfis
Version0.15.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/wtfis
Homepagehttps://github.com/pirxthepilot/wtfis
Repositoryhttps://github.com/pirxthepilot/wtfis
Upstream docshttps://github.com/pirxthepilot/wtfis#readme
LicenseMIT
Source archivehttps://files.pythonhosted.org/packages/de/32/9b20625e41f00c13706b03774790f31e4bcc26f3e5f39f7fce09f2d60729/wtfis-0.15.0.tar.gz
Last updated2026-05-15T11:13:24Z
Pulseupdated
Dependenciescertifi, pydantic, python@3.14
Bottleavailable (on all)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namewtfis
Version Scheme0
Revision1
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

wtfis

nix profile install nixpkgs#wtfis
  • normalized package name match
  • Matched by: Wtfis
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/wt/wtfis/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment