SpiderFoot v2.12: open source footprinting and intelligence-gathering tool
SpiderFoot is an open source intelligence automation tool.
Installation of SpiderFoot:
git clone https://github.com/smicallef/spiderfoot cd spiderfoot pip install -r requirements.txt python sf.py
Read This: GOSINT : Open Source Information gathering Tool
In this release, eight new modules have been introduced:
- SecurityTrails (sfp_securitytrails): One of my favorite recent discoveries, SecurityTrails has truly a shedload of DNS and Whois data that any threat intelligence analyst, security analyst or investigator should look into. An API key is required, however, limited free usage is provided. Check out their blog post about the integration.
- FullContact.com (sfp_fullcontact): FullContact.com has loads of data about people and companies.
- ARIN (sfp_arin): ARIN (American Registry for Internet Numbers) It will also look up any names to identify potentially relevant data.
- Hacked-Emails.com (sfp_hackedemails): Similar to haveibeenpwned.com, hacked-emails.com provides a free service to identify e-mail addresses mentioned in data leaks. This module will query their API for any e-mail address identified during a scan.
- Citadel.pw (sfp_citadel): As above, citadel.pw provides a way to search a large number of leaks for a mention of an e-mail address, which is what this module will do. Thanks to citadel.pw – at – protonmail.com for this contribution and for providing a public API key free of charge!
Some Important Features:
- CIRCL.LU (sfp_circllu): CIRCL.LU (Computer Incident Response Center, Luxembourg) provide a free, however, upon-request API to query their rich database of historical SSL and DNS data.
- Quad9.net (sfp_quad9): Quad9.net aggregate a number of threat intelligence data sources and integrate them into their resolver, which anyone can point to (18.104.22.168). The resolver will not resolve anything malicious according to the data feeds they have integrated.
- RiskIQ / PassiveTotal (sfp_riskiq): RiskIQ provides a threat intelligence platform with an API (API key required) to query their passive DNS and other data.