What is SpiderFoot?
SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate.
SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line. It’s written in Python 3 and GPL-licensed.
- Web based UI or CLI
- Over 200 modules (see below)
- Python 3
- CSV/JSON/GEXF export
- API key export/import
- SQLite back-end for custom querying
- Highly configurable
- Fully documented
- TOR integration for dark web searching
- Dockerfile for Docker-based deployments
- Can call other tools like DNSTwist, Whatweb, Nmap and CMSeeK
- Actively developed since 2012!
SpiderFoot can be used offensively (e.g. in a red team exercise or penetration test) for reconnaissance of your target or defensively to gather information about what you or your organisation might have exposed over the Internet.
You can target the following entities in a SpiderFoot scan:
- IP address
- Domain/sub-domain name
- Network subnet (CIDR)
- E-mail address
- Phone number
- Person’s name
- Bitcoin address
HOW TO INSTALL SpiderFoot ?
First lets update our system
Now lets install some required packages
Download the latest version via wget
Extract the archive and install
# Extracting archive tar -xvzf v3.3.tar.gz # Enter in folder cd spiderfoot-3.3 # Install pip3 install -r requirements.txtCode language: CSS (css)
Here is the help options
python3 sf.py --helpCode language: CSS (css)
Now lets set the user and password and start the web server
# Enter SpiderFoot folder cd spiderfoot-3.3 # Enter user and pass echo "admin:password" > passwd # Start web server python3 sf.py -l 127.0.0.1:5001Code language: CSS (css)
Now go to your borwser and type 127.0.0.1:5001 enter user and pass and you are ready to go
For a new scan go to New Scan type IP or Website and after Run Scan Now and be patient… it takes a wile …