SpiderFoot. A footprinting pentesting tool

For All Things IT Security Conference Related

Join Our Newsletter [Over 50K Subscribers]

Let us send you information on ticket discounts, speaking opportunities and a ton more!

Home / Blog / SpiderFoot. A footprinting pentesting tool

SpiderFoot. A footprinting pentesting tool

Tagged Under:

At Concise Courses we are big fans of any tool that can make penetration testers or security professionals life easier, or perhaps better said – more efficient. There are hundreds of tools out there – all which are mostly bundled with Pentesting Distros, but we’d like to bring this to your attention: SpiderFoot.

From our understand SpiderFoot has been around since 2005 and remains free and open-sourced. SpiderFoot is a footprinting tool which will allow you to execute different types of scans against a target domain. By doing so, the user will obtain a plethora of information such as as sub-domain presence, e-mail addresses, web server versions etc. Invariably – having such vital information allows the researcher (pentester) to test for known vulnerabilities, flaws and holes. Having a one-stop shop to do all of this is a great thing. In the words of the creator:

“The main objective of SpiderFoot is to automate the footprinting process to the greatest extent possible, freeing up a penetration tester’s time to focus their efforts on the security testing itself.”

No one can argue with that or be appreciative of cutting down research time that is often deemed repetitive. Repetitive tasks is a bane to us all.

Here’s a quick overview of the key features of SpiderFoot:

  • The security tool works on Windows, Linux, Solaris and BSD (essentially if you have Python then you should be good to go)
  • The scanning is highly configurable
  • Rather like Metasploit, all scan data can be stored locally in an SQLite database. Vital for being able to query, report, parse and analysis the data
  • Scan also include GeoIP, URL linkage, web technology, port scans etc
  • SpiderFoot also allows for your own modules to be included
  • The GUI is web-based for convenience and the configuration state is stored between runs
  • Also, any scans can be remotely controlled

All in all, this looks like a really great project. The creator is very responsive and helpful so hit up his site and let us know how you get on!

If your interested in security tools we have a bunch more here.

Leave a comment or reply below...thanks!