You can register an iTabCode account to be able to view iTabCode without ads. ( Registration is Free ) Register Now

x32x01

ADMINISTRATOR
Staff Member
During a penetration testing or bug bounty hunting, the most crucial aspects of engaging a target is information gathering. The more information we collected, the more likely the attack is to succeed. In this tutorial we look at SpiderFoot.

SpiderFoot is a reconnaissance tool that automatically queries over 100 public data sources to gather intelligence on IP address, domain names, email address, names and more.

We just simply specify the target we want to investigate and pick which modules to enable, then SpiderFoot will collect data to build up an understanding of all the entities and shows the relation between each.

SpiderFoot is an OSINT tool. Open-source intelligence (OSINT) is data that can be gathered from public sources. This isn't just limited to the internet. This also can gather through print media, government records, academic publications and many more.

spiderfoot thumbnail.jpg

SpiderFoot is written in Python3 and it has an interactive web-based interface or a powerful command-line interface.
SpiderFoot is highly configurable and supports cross platform. It's available for Windows, Linux and MacOS.

Kali Linux doesn't comes with SpiderFoot installed by default yet, so it comes in custom tools category. First we open our Kali Linux terminal window and type following command to download SpiderFoot from its GitHub repository:
Code:
git clone https://github.com/smicallef/spiderfoot

The screenshot is following:

Screenshot from 2019-09-06 07-53-53.png

Then we need to go to the SpiderFoot directory by using cd command :
Code:
cd spiderfoot

Now we install all the requirements by using following command:
Code:
pip3 install -r requirements.txt

The screenshot of the command is following:

Screenshot from 2019-09-06 08-13-21.png

Then we can run this tool by applying following command:
Code:
python3 ./sf.py -l 127.0.0.1:5001

Then SpiderFoot will start it's server for web-based interface as following screenshot:

Screenshot from 2019-09-06 08-14-25.png

Now we can use SpiderFoot by starting our web browser and navigate to 127.0.0.1:5001 . The screenshot is following:

Screenshot from 2019-09-06 08-18-00.png

Here we can see the web-based interface of SpiderFoot. To start a scan we simply click on "New Scan" and the screenshot as following:

Screenshot from 2019-09-06 08-22-12.png

We can enter name of the scan, we can put any name here. Then we can set our target. The target will be a domain name, IP address, host name/sub-domain, sub-net,even we can enter e-mail address or phone number or a name of someone.

Then we need to select the scanning method. We can use the scan as foot-printing or investigation or passive scan, even we can choose first option to choose all the options.

Here we can choose a scan by our required data from another menu.

Screenshot from 2019-09-07 08-10-45.png

We can choose modules to do a better scan. Some modules are locked, these modules will work if we add the API keys. To do that we need to go to the official website of modules and register to get API key. Then we paste the API key in the modules setting in the settings menu. Adding API keys will make our scan batter. Then we can scan a target. Here is a scan result of an IP address.

Screenshot from 2019-09-08 07-32-57.png

This is how we can install SpiderFoot on our Kali Linux system and use it.

Love our super easy articles ? Don't wanna miss new articles? follow our Subscription for free to get updates on E-mail. We also post articles on GitHub and Twitter. Make sure to follow us there.
For anything problem please let us know in the comment section. We always be there to help everyone. We read each and every comment and we always reply.
 
Top