SpiderFoot — Most Complete OSINT Reconnaissance Tool
During a penetration testing or bug bounty hunting, the most crucial aspects of engaging a target is information gathering. The more information we collected, the more likely the attack is to succeed. In this tutorial we look at SpiderFoot.
SpiderFoot is a reconnaissance tool that automatically queries over 100 public data sources to gather intelligence on IP address, domain names, email address, names and more.
We just simply specify the target we want to investigate and pick which modules to enable, then SpiderFoot will collect data to build up an understanding of all the entities and shows the relation between each.
SpiderFoot is an OSINT tool. Open-source intelligence (OSINT) is data that can be gathered from public sources. This isn’t just limited to the internet. This also can gather through print media, government records, academic publications and many more.
SpiderFoot is written in Python3 and it has an interactive web-based interface or a powerful command-line interface.
SpiderFoot is highly configurable and supports cross platform. It’s available for Windows, Linux and MacOS.
Kali Linux doesn’t comes with SpiderFoot installed by default yet, so it comes in custom tools category. First we open our Kali Linux terminal window and type following command to download SpiderFoot from its GitHub repository:
git clone https://github.com/smicallef/spiderfoot
pip3 install -r requirements.txt
python3 ./sf.py -l 127.0.0.1:5001
Now we can use SpiderFoot by starting our web browser and navigate to 127.0.0.1:5001 . The screenshot is following:
Here we can see the web-based interface of SpiderFoot. To start a scan we simply click on «New Scan» and the screenshot as following:
We can enter name of the scan, we can put any name here. Then we can set our target. The target will be a domain name, IP address, host name/sub-domain, sub-net,even we can enter e-mail address or phone number or a name of someone.
Then we need to select the scanning method. We can use the scan as foot-printing or investigation or passive scan, even we can choose first option to choose all the options.
Here we can choose a scan by our required data from another menu.
We can choose modules to do a better scan. Some modules are locked, these modules will work if we add the API keys. To do that we need to go to the official website of modules and register to get API key. Then we paste the API key in the modules setting in the settings menu. Adding API keys will make our scan batter. Then we can scan a target. Here is a scan result of an IP address.
This is how we can install SpiderFoot on our Kali Linux system and use it.
Love our super easy articles ? Don’t wanna miss new articles? follow our Email Subscription for free to get updates on E-mail. We also post articles on GitHub and Twitter. Make sure to follow us there.
For anything problem please let us know in the comment section. We always be there to help everyone. We read each and every comment and we always reply.