macOS
brew install wtfislocal Homebrew formula metadata
brew
Passive hostname, domain, and IP lookup tool. Version 0.15.0 via Homebrew; verified 2026-05-15.
install
brew install wtfislocal Homebrew formula metadata
nix profile install nixpkgs#wtfisnixpkgs package indexes · pkgs/by-name/wt/wtfis/package.nix · source: api.github.com
overview
Passive hostname, domain, and IP lookup tool
history
wtfis is a Python command-line OSINT lookup tool for hostnames, domains, FQDNs, and IP addresses. Its niche is human-readable passive enrichment: it gathers reputation, resolution, WHOIS, geolocation, ASN, scanner-noise, and malware-distribution context from several services while trying to minimize API calls against free-tier accounts.
The author introduced wtfis publicly in a 2022-08-13 blog post, explaining that it was written to replace repeated manual website lookups for FQDN and domain information with one terminal command. The README keeps the same design framing: the tool is for non-robots, organized into readable panels, and named as a play on `whois`.
The earliest PyPI release with files is version 0.0.3 on 2022-08-12, one day before the author's announcement post. By 2026-04-06, PyPI listed 0.15.0 as the current release, showing that the project continued beyond the initial personal utility into a maintained OSINT CLI.
wtfis was adopted in the security-tooling niche because it wraps several common reputation and enrichment services behind one readable terminal output. The README documents VirusTotal, AbuseIPDB, GreyNoise, IP2Location, IP2Whois, IPinfo, IPWhois, Shodan, and URLhaus, with many optional so users can stay within quotas or add richer context when they have keys.
A Hacker News submission in May 2025 described it as a passive hostname, domain, and IP lookup tool for non-robots and drew visible discussion, which is a useful secondary signal that the project had moved beyond the author's personal workflow into the broader security-operations audience.
The basic workflow is `wtfis FQDN_OR_DOMAIN_OR_IP`, with optional flags to enable all enrichments or specific services such as Shodan, GreyNoise, AbuseIPDB, and URLhaus. It accepts defanged input, can limit displayed resolutions, can turn off color, and can present one-column output for terminals where layout matters.
Credentials are optional and are loaded from environment variables or `~/.env.wtfis`. That design matches its free-tier posture: useful defaults work without every service configured, while analysts can add API keys for more complete enrichment.
wtfis is significant as a compact example of modern security CLI ergonomics: it does not try to be a full SIEM or threat-intelligence platform, but it packages the first few minutes of domain/IP triage into a readable terminal command.
security posture
No matching local secret-handling manifest was found for wtfis. Nucleus package metadata is still published here so future coverage has a stable package URL.
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
~/.env.wtfisCredential-bearing paths to review before unattended agent runs.
~/.env.wtfisexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
wtfis | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/pirxthepilot/wtfis
install metadata
| Package key | brew:wtfis |
|---|---|
| Version | 0.15.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/wtfis |
| Homepage | https://github.com/pirxthepilot/wtfis |
| Repository | https://github.com/pirxthepilot/wtfis |
| Upstream docs | https://github.com/pirxthepilot/wtfis#readme |
| License | MIT |
| Source archive | https://files.pythonhosted.org/packages/de/32/9b20625e41f00c13706b03774790f31e4bcc26f3e5f39f7fce09f2d60729/wtfis-0.15.0.tar.gz |
| Last updated | 2026-05-15T11:13:24Z |
| Pulse | updated |
| Dependencies | certifi, pydantic, python@3.14 |
| Bottle | available (on all) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | wtfis |
| Version Scheme | 0 |
| Revision | 1 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
wtfis
nix profile install nixpkgs#wtfissource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.