SpiderFoot Remote Footprinting and Reconnaissance Tool

Footprinting your target is one of the first steps you run during a penetration testing. This will help to identify system configuration and applications used. One of the tools that you can use is spiderfoot. spiderfoot is a python based open source tool that will help in the pentest and scan domains and web content. This will be automated and in a simple way. The information that you find with this tool is:

  • Target domain information
  • Email addresses on the target
  • IP addresses for the domain
  • Web server version and the application
  • Crawl the Web content
  • Check if there is a malicious IP /subdomain usually this can harm your website and make it blacklisted by certain ISP’s
  • All linked URL list
  • Open TCP ports
  • Physical locations
  • SSL certificate information (if expired and more)
  • URL that accept passwords
  • Externally hosted javascript
  • Add module to run a bruteforce
  • Social Media Presence etc.

SpiderFoot v2

SpiderFoot usage interface

All scan results are stored within an internal SQLite database, you can export the data to CSV file to prepare the report about your finding. The installation on windows is just by extracting the files and execute the sf.exe. Next you open the on your browser and start to make the settings of your scan. you can also find a Linux version.

You can download/read about spiderfoot over this link: http://www.spiderfoot.net/

Notify of
Inline Feedbacks
View all comments