SpiderFoot – A Automate OSINT Framework in Kali Linux
Spiderfoot is a free and open-source tool available on Github. This tool is a framework written in the python programming language. You must have python installed in your Kali Linux operating system to use this framework. Spiderfoot is used for reconnaissance. Spiderfoot uses different modules for information gathering. Spiderfoot is capable enough to gather information about the target host through active and passive scanning options available on the Spiderfoot framework. In the Spiderfoot framework different scanning options and modules available to set and scan the target host. Spiderfoot is an Open Source Intelligence and Information Gathering Tool. Spiderfoot is capable of doing everything almost you need for reconnaissance as per your need. Spiderfoot works as an open-source tool intelligence tool. It integrates with just about every data source available and utilizes a range of methods for data analysis, making that data easy to navigate. Spiderfoot has an embedded web server for providing an intuitive web-based interface, but you can also do the same using a command-line interface.
Features of Spiderfoot:
- Spiderfoot is a free and open-source tool available on Github.
- Spiderfoot works as a framework cum tool.
- Spiderfoot framework is written in python language.
- Spiderfoot can be used for reconnaissance.
- Spiderfoot contains many modules. As it’s a framework that uses modules for information gathering.
- Spiderfoot works on the principles of OSINT.
- Spiderfoot is an automated OSINT Framework.
- Spiderfoot automates the reconnaissance processes.
Uses of Spiderfoot:
- Spiderfoot is used for reconnaissance.
- Spiderfoot is used for information gathering.
- Spiderfoot is working as a scanner for active and passive scanning on target.
- Spiderfoot can be used for domain footprinting.
- Spiderfoot can be used to find the phone numbers, email addresses of the target.
- Spiderfoot can be used to find bitcoin addresses.
- Spiderfoot can be used to save all the information gathering summary.
- Spiderfoot can be used to create graphs of scanning done by Spiderfoot.
- Spiderfoot can be used to automateGitHub all the information gathering processes.
Reference of the tool :
You can clone the tool from GitHub using the link. This is a reference to the tool. This tool is available on Github you can download it free of cost.
Installation Spiderfoot Framework :
1. Open your Kali Linux operating system. Move to the desktop using the following command. You have to move to Desktop because on desktop you have to create a directory into which you have to clone the tool. Use the following command to move to Desktop.
2. Now you are on the desktop. Here you have to create a new directory called spiderfoot. In this directory, you have to clone the tool from Github. Use the following command to create a new directory.
3. Now use the following command to move in the directory that you have created.
4. Now you are in spiderfoot directory. In this directory, you have to clone the tool from GitHub. Use the following command to clone the tool from GitHub.
git clone https://github.com/smicallef/spiderfoot
5. The tool has been downloaded and cloned successfully. Now to list out the contents of the tool use the following command.
6. You can see a new directory has been created i.e spiderfoot. You have to install the spiderfoot tool using the following command.
7. Now you are under the directory of the tool. To list out the contents of the directory using the following command.
8. All the files of the tool have been listed here. You can have to install requirements for the tool. Use the following command to install requirements.
pip install –r requirements.txt
9. All the requirements have been downloaded. Now it’s time to run the tool. Use following command to run the tool.
10. The tool is asking to start the web server. Use following command to start the web server and also the tool.
python3 ./sf.py -l 127.0.0.1:5001
11. The server has started on the IP address 127.0.0.1:5001. Search this IP address on any URL bar.
You can see a web page has been opened. This is a tool that is running on port 127.0.0.1:5001. There is a dashboard of the tool. The dashboard contains scan history, new scan, and setting options. For fresh installation, there is no previous scan history. If we click the new scan tab, we see option to start the new scan along with the target seed field. The target seed field can be a target IP address, a domain name, or a sub-domain name. There are 3 types of configuration settings to define the scanning process. These are scan-by-use cases, required data, or modules. Each configuration setting has a number of options to choose from. For example, scan by use cases allows both, active and passive scanning of the target. It also gives the option to scan for all possible information or a range of information about the target.
1. Scan a website and get the details of the website.
2. You can see here Scan Name is Domain Name and Scan Target is scanme.org.
3. You got all the information here. This is how you can use this tool for scanning.
1. Using Spiderfoot tool to get information about an email address.
2. As you can see here email address is set to E-mail address firstname.lastname@example.org
3. You can see in this meta-information we got all the details related to the email address.
This is how you can set the target and can perform reconnaissance using Spiderfoot tool. You can get different pieces of information using this framework. Spiderfoot is open source intelligence tool. Spiderfoot is capable of doing everything almost you need for reconnaissance as per your need. Spiderfoot works as open-source tool intelligence tool. It integrates with just about every data source available and utilizes a range of methods for data analysis, making that data easy to navigate. Spiderfoot has an embedded web server for providing an intuitive web-based interface but you can also do the same using the command-line interface.