Website security auditing is always on demand in the cybersecurity field. Web application hacking is the main priority of every penetration testing student. We have learned in our many previous articles how we can gather information about a target. After information gathering the next process in finding the vulnerabilities or loopholes on a target website. Manually doing this requires a lot of experience and time, but some tools make it easier.
Black widow is a website ripper tool, this will help us to mapping or scanning targeted websites and Black widow works automatically.

black widow.jpg

Black Widow is written in Python3. This tool scans on target websites to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. Black Widow also includes Inject-X fuzzer to scan dynamic URLs for common OWASP vulnerabilities.

Key features of Black Widow:
  • Automatically collect all URLs from a target website.
  • Automatically collect all dynamic URLs & parameters from a target website.
  • Automatically collect all subdomains from a target website.
  • Automatically collect all phone numbers from a target website.
  • Automatically collect all email addresses from a target website.
  • Automatically collect all form URLs from a target website.
  • Automatically scan/fuzz for common OWASP TOP vulnerabilities.
  • Automatically saves all data into sorted text files.

Installing Black Widow on Kali Linux
To install Black Widow in our Kali Linux system we need to clone it from it’s GitHub repository by using following command:
git clone https://github.com/1N3/BlackWidow

The screenshot of the command is following:

blackwidow git clone.png

Now we need to navigate in to the BlackWidow directory by applying following command:
cd BlackWidow

We are now inside the blackwidow directory. Here if we want we can check the files using ls command, shown in the following screenshot

blackwidow files.png

Now we can install this tool by using the following command:
sudo ./install.sh

blackwidow installing.png

In the above screenshot we can see that Black Widow started installing, after the installation is complete we can run this tool. We use the following command to crawl our target with 3 levels of depth.
blackwidow -u

As we can see in the following screenshot:


To crawl our target with 5 levels of depth and fuzz all unique parameters for OWASP vulnerabilities we apply the following command.
blackwidow -d https://test.com/uers.php?user=1&admin=true -v y

It automatically saves the output data on usr/share/BlackWidow directory, as we can see in the following screenshot:

blacwidow resulte.png

Not only these there are lots of things we can do for more information we can check the help options of BlackWidow by using following command:
blackwidow -h

black widow help menu.png

We even can use BlackWidow in docker. To install it we need to run following command inside BlackWidow directory:
sudo docker build -t blackwidow

To start BlackWidow on docker we can apply following command:
sudo docker run -it blackwidow

Disclaimer: Using BlackWidow on others without proper mutual agreement is considered as crime. This tool is built for educational purposes and to increase safety. If anyone brakes the federal laws then creators are not responsible.

This is how we can use the BlackWidow tool to scan a target and gain much more information and we also tested for some vulnerabilities using this tool on our Kali Linux. Isn’t it powerful as Marvel's one?

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our iTabCode family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.