Information Gathering
Now Reading
SpiderFoot
0
Review

SpiderFoot

SpiderFoot is an open source footprinting tool, available for Windows and Linux. It is written in Python and provides an easy-to-use GUI. SpiderFoot obtains a wide range of information about a target, such as web servers, netblocks, e-mail addresses and more. SpiderFoot’s simple web-based interface enables you to kick off a scan immediately after install – just give your scan a name, the domain name of your target and select which modules to enable.

SpiderFoot is an open source footprinting tool designed to be easy to use, fast and extensible

The main objective of SpiderFoot is to automate this process to the greatest extent possible, freeing up a penetration tester’s time to focus their efforts on the security testing itself.

  • Start with a target of more than just domains (Hostnames, IPs, Netblocks, etc.)
  • Clean-up back-end data model to be more flexible
  • Simultaneous scans
  • More threading for faster performance
  • Search/Filtering
  • Bunch of bug fixes

 

Footprinting

the process of understanding as much as possible about a given target in order to perform a more complete security penetration test. Particularly for large networks, this can be a daunting task.

spiderfoot2

spiderfoot-ss-newscan

spiderfoot-ss-config

SpiderFoot is designed from the ground-up to be modular. This means you can easily add your own modules that consume data from other modules to perform whatever task you desire. As a simple example, you could create a module that automatically attempts to brute-force usernames and passwords any time a password-handling webpage is identified by the spidering module.

Installing and Running on Unix

SpiderFoot is written in Python (2.6-2.7), so to run on Linux/Solaris/etc. you need Python 2.6 or 2.7 installed, in addition to the netaddr, lxml, M2Crypto, CherryPy and Mako modules.

To install the dependencies using PIP:

$ pip install lxml netaddr M2Crypto cherrypy mako

SpiderFoot was developed against lxml 3.3.5, netaddr 0.7.10, M2Crypto 0.20.2, CherryPy 3.2.2 and Mako 0.7.2.

DNSPython is also a dependency but is included in the package under the dns directory, so does not need to be installed.

Depending on your Linux build, you may also need SWIG installed. If your Linux distribution supports APT, you can install it with:

$ sudo apt-get install swig

All other module dependencies, such as SQLite3, are included with Python, so nothing further should be needed.

To run SpiderFoot, simply execute sf.py from the directory you extracted SpiderFoot into:

$ python ./sf.py

Once executed, a web-server will be started, which by default will listen on 127.0.0.1:5001. You can then use the web-browser of your choice by browsing to http://127.0.0.1:5001.

If you wish to make SpiderFoot accessible from another system, for example running it on a server and controlling it remotely, then you can specify an external IP for SpiderFoot to bind to, or use 0.0.0.0 so that it binds to all addresses, including 127.0.0.1:

$ python ./sf.py 0.0.0.0:5001

If port 5001 is used by another application on your system, you can change the port:

$ python ./sf.py 127.0.0.1:9999

spiderfoot wikiA word of CAUTION:

SpiderFoot does not authenticate users connecting to it’s user-interface (feature coming soon..), so avoid running it on a server/workstation that can be accessed from untrusted devices, as they will be able to control SpiderFoot remotely and initiate scans from your devices.

Source && Download

spiderfoot download


Rate IT !
Visitors Rating
Rate Here
Ease Of Use
75%
Features
68%
Value
75%
Overall Rating
75%
73%
Visitors Rating
2 ratings
You have rated this
What's your reaction?
OWND
0%
Cool
0%
Nice
100%
WHAT ?
0%
MEH
0%
zzzZZzz
0%
Rage
0%
About The Author
Profile photo of CyberPunk
CyberPunk