Hey Folks, , in this tutorial we are going to introduce an OSINT tool called “Spiderfoot” which is capable of doing almost all the work as per your need. SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate. SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but we can also control it through the command line.
Let’s take a look 😛 !!
Installation
We will use the wget command to download this tool. After the download is complete we will unzip it using the “tar” utility.
1 2 | wget https://github.com/smicallef/spiderfoot/archive/v3.3.tar.gz tar zxvf v3.3.tar.gz |
Install Python
Now we need to install python tools in our system with some other dependencies.
1 2 | apt install python python3 apt install python3-pip |
Right 😛 !! After that we need to go into the directory of this tool and install the remaining dependencies using the pip command.
1 2 | cd spiderfoot* pip3 install -r requirements.txt |
It is time to boot the server using the following command.
1 | python3 ./sf.py -l 127.0.0.1:5001 |
Good 😛 !! Everything is done and now you need to open the following URL on your browser. Once you open this URL, you will get the interface of this tool as shown in the image below.
By default, it already has lots of sources to get information but if you want to do footprinting on other sites too, you can add their API keys.
In the scans section of this tool, you can see all the previous and running scans.
Domain Footprinting
Just enter any scan name according to you and then enter the name of website whose details you want to get.
We want to get anything and everything about the target, so we will select the first option and click “Run Scan Now“.
Nice 😛 !! It is truly one of the best OSINT tools as it provides the details that no any other tool can provide us. After executing the scan you can get the details by going inside it one by one.
Account on External Site
Usually sometimes people or company’s create their account on other social media websites with the same username which it easily dumps.
Domains
Also if any sub domains is available then it will show you.
DNS Records
There are many online services available from where we can get DNS records of any website but you can also see it through this tool.
Good 😛 !! Not only that because it gives us many more information about the target.
Number OSINT
If you want to get anything about a particular mobile number then you can use this tool. All you have to do is enter the mobile number.
BOOM 😛 !! As you can see it extracts details such as country name, telecommunication provider etc.
Email OSINT
Similarly, if you want to do footprinting against an email address then you can do it through this tool.
IP OSINT
You can also scan any host available in the network through this tool.
Bitcoin Address
In addition, one of the most excited features is to extract the details of his bitcoin wallet through a bitcoin address.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.