And we’re back with another OSINT tool – this time we’re looking at a new way of integrating OSINT into your work setup. Spiderfoot is a tool which automates the integration of open source intelligence into your threat intelligence and security assessment workflows, basically acting as a collection of tools in one easy package.
For small scale operations, it might be a bit expensive – that’s why the _secpro ranking for Spiderfoot is a little lower than you might find it in other lists. But it’s still an impressive tool and offers plenty of utility for people who want to have flexible functionality in one easy package. If you’re not sure, there’s also a free Hobby level tier that you can access for free. Who doesn’t love a try before you buy scheme?
Because Spiderfoot has multiple utilities, it can be a little daunting to begin with. However, as with most open-source intelligence tools, it quickly becomes apparent how to navigate it. Here’s a breakdown of how you can use Spiderfoot to take advantage of its open source intelligence reserve.
The best place to start is actually using Spiderfoot, so here’s a quick breakdown of the different ways in which you can use it! For a full investigation into how these tools look, see the secpro newsletter.
Asset discovery – preloaded with 200 modules for data analysis and collection, Spiderfoot is excellent for discovering exposed assets online. For the pentester, this is a dream come true – all of those assets instantly downloaded onto your dashboard! But for cybersecurity pros that are running more modest operations, this can be an excellent way to get by the minute updates on exposed assessments should accidents happen.
Attack surface monitoring – whoops! Someone in your organization just leaked their email/password combination over Twitter accidentally, but they didn’t notice. Spiderfoot is constantly updating itself to detect new intelligence, so if that combination ends up in a criminal marketplace before the mistake is found, you will be alerted and can correct the issue quickly.
Cyber threat intelligence – Pretty standard stuff here. If a suspicious IP address appears on your logs or you are noticing strange emails coming from a certain domain, you can run a quick investigation into Spiderfoot’s open source intelligence resources to find out where it is coming from and why they are targeting you. It could just be generic spam.
Security assessments – Red teamers, this one is for you. Claiming to identify the “low hanging fruit, revealing long-forgotten and unmanaged IT assets, exposed credentials, open cloud storage buckets, and more”, this is a little collection of data where you find out how your organization has failed to clean up it’s cyber-footprint. Very useful and instantly accessible when you run the assessment.
Using Spiderfoot in your organization
Spiderfoot is also pretty versatile in terms of installation options, meaning that it can be used by large and small organizations alike.
Installing locally allows you to access the open source version of Spiderfoot, which can be automated to set up and run scans on a local organization. All of the above features can be set up within a walled security perimeter, allowing you to focus on other areas of the job. If you’re working in the ever expanding cloud-oriented world, you might need to use Spiderfoot aitch ex instead, which allows the same functionality over cloud services, as well as including analysis, collaboration, and monitoring features.
Should I use Spiderfoot?
As with all things, getting the most out of Spiderfoot depends on your organization’s needs. The tool has multiple uses and can service the needs of many from one dashboard, but the price tag will almost certainly put some of the smaller organizations – the ones who need it most – off the trail. If you’re feeling brave or flush with cash, it is a great tool to include in your repertoire. Otherwise, try out the Hobby version and think about collecting a group of OSINT tools which can perform the same functionality.