A quick tutorial to begin using this Open Source Intelligence tool
This article will provide instructions to install and use the OSINT tool Spiderfoot for the first time. OSINT tools can be used to gather intelligence about IP addresses, domain names, email addresses from many data sources such as Shodan, Whois, “Have I Been Pwned” and many more public data sources. Note that all the results than can be obtained through the use of OSINT tool can also be collected manually
Besides the free version of this tool which is an open-source project written in Python3 available for download, there is also a commercial version Spiderfoot HX that is hosted in the cloud as SaaS. However, this article is restricted to the free version.
Installing SpiderFoot in Ubuntu Linux OS requires the execution of the following commands to set up the environment and download the software:
Open the browser and navigate to localhost on port 7777.
Click New Scan to start a new scan
Give the scan a name and enter the target in the field Seed Target, which defines the target and is described below
There exist 3 categories to choose a scan profile from:
- By Use Case
- By Required Data
- By Module
In the case of ‘By Module’, there are many modules with a lock sign behind the name indicate that the module requires an API key that needs to be entered by the user manually through the Setting menu.
Running a scan
This scan will target the personal website of Steve Micallef (Spiderfoot author), using all the modules that don’t require API keys.
After clicking Run Scan button, the scan results will start to appear while scanning is still going on. Click on Status for the results
Click on Browse to see results categorized by data type
Click on Graph to view the relational overview
Click on Log to see detailed scanning information about the module and data obtained.
This was my beginner’s guide to use Spiderfoot for OSINT. After familiarizing myself with the tool, I plan to write another article about how to use this tool in a real use case scenario.
2do: add password and TLS description in the example.