SpiderFoot v2.7 – OSINT

SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname or network subnet.

SpiderFoot can be used offensively, i.e. as part of a black-box penetration test to gather information about the target or defensively to identify what information your organisation is freely providing for attackers to use against you.

But before we get to that stuff we need to install it. I will beĀ installing this in a Ubuntu box I have on my ESXi Server. Firstly you’ll want to install pip and git.

sudo apt-get install pip git

and some dependencies that SpiderFoot needs.

sudo pip install netaddr
sudo pip install M2Crypto
sudo pip install cherrypy
sudo pip install mako
sudo pip install dnspython

Once you have that done, you’ll want to download SpiderFoot from Github

git clone https://github.com/smicallef/spiderfoot.git

go to the folder you just downloaded it to and simply run ./sf.py

If you are accessing from the same system that’s all you need to do, if you want to access from another system, use nano and edit sf.py and change the server ip.

Now we have the system up and running we can do some information gathering.

SpiderFoot

I have chosen a domain that I own. I chose to do a full scan and let me tell you, this take hours to complete. So set it to run go and watch Game Of Thrones of something and come back later.

Here is what it looks like from the backend making query after query to the domain and all sorts of OSINT sources.
Selection_004

You can sort the results by number of Data Elements or you can use an interactive graph.

Selection_005

Menu_006

 

There is too much information discovered to list it all here, but this tool will find loads of stuff about your target and can be used later on. Have fun. Hope this helps you out.

Now I have to remind you, to scan only what you are allowed to scan, be responsible. If you can do that, then don’t get caught otherwise it’s your own fault šŸ™‚