SpiderFoot is an OSINT tool, but first of all, what's OSINT?
OSINT stands for Open Source INTelligence. It refers to any information that can legally be obtained from free, open and/or public sources.
SpiderFoot is a tool that automates the OSINT scan of a given target for us. The data retrieved from the scan is processed by the built-in modules to gain even more informations from the results.
SpiderFoot has different pricing :
- Spider Foot - Free, self-hosted and open-source version - SpiderFoot's developers claim that the free plan only uses 25% of the ability of SpiderFoot HX. It is limited to only one user and can only scan 1 target per scan and it can only run for 3 hours.
- SpiderFoot HX - Paid, web-hosted version - It is not limited to only one user and has no limits regarding a scan's target amount.
If you choose to pay for SpiderFoot, let's have a look at the different offers:
- $79/month or $749/year
- Limited to 15 scans per month
- Limited to 1 user account
- Limited to a 24 hours scan duration
- Limited to 256 targets per scan
- Limited to 6 months of data retention
- Has official support
- Has investigations, investigation is a type of scan that creates a dynamic graph and you can use Maltego-like transforms
- $249/month or $2399/year
- Limited to 50 scans per month
- Limited to 3 user accounts
- Limited to a 72 hours scan duration
- Limited to 1024 targets per scan
- Limited to 12 months of data retention
- Has the same advantages of the Freelancer
- Has Attack Surface Monitoring
- Has Screenshotting
- Has SpiderFoot HX API
- You will need to contact SpiderFoot's developers for your custom price
- You will have custom amounts of scans per month, user accounts, scan duration limit, targets per scan and data retention time.
- Has the same advantages of the Business
- Has an EU option
- Supports ElasticSearch, Splunk and REST feeds
- Supports writing and running custom modules in Python
This guide assumes that you chose the free, open-source and self-hosted version.
Now that you have a background knowledge of what's OSINT and what's SpiderFoot let's dive into the tutorial.
If SpiderFoot is not installed on your machine, simply run "# apt-get install spiderfoot" if you are root else run "$ sudo apt-get install spiderfoot", assuming you are running a Kali Linux or any Debian-based Linux.
Once it is installed, let's determine our local IP address by typing "$ ip a"
As you can see, the IP address of this machine is "192.168.100.21", it will then be used during this tutorial. Don't forget to change it to your own IP address!
Let's now launch SpiderFoot by typing "spiderfoot -l 192.168.100.21:4444" the first part is the IP address the server has to listen on and after the ":" is the port it will need to listen on.
Now, launch Firefox or any other browser that you like and go to http://192.168.100.21:4444
Congrats! You successfully started your SpiderFoot instance. Now let's scan something.
Click on "New Scan"
Fill in the name of the scan and the target, for this tutorial we will use "scanme.nmap.org" and determine the type of the scan, for this tutorial we will use "All".
If you want to, you can customize your scan and activate or deactivate modules by clicking on "By Module", same for Required Data.
Now, click on Run Scan Now.
You will be redirected to the scan, click on "Scans" and you can see our scan is starting. You can pause or stop it by clicking on the associated buttons under "Action".
Let's have an overview of our scan, click on its name.
As you can see, it automatically generated a dynamic vertical bar graph, you can click on any information that you want and it will redirect you to it. Or, you can click on "Browse".
You can now click on any retrieved data and you will see its item, its source, the module that discovered it and the time it was identified.
SpiderFoot also generated a dynamic graph accessible via the "Graph" tab.
The layout can be changed by clicking on the R (Random) or F (Forced), it can then be exported as a PNG image by clicking on the image icon or as an Excel or CSV file by clicking on the Download icon.
SpiderFoot keeps a track of everything that happened during the scan, it is located in the "Log" section, click on it. You'll see the logs.
That concludes this tutorial, if you wish to see more, please refer to the official documentation : https://www.spiderfoot.net/documentation/