SpiderFoot 2.7.0: An open source intelligence automation tool to automate the process of gathering intelligence about a given target: IP address, domain name, hostname or network subnet. SpiderFoot can be used offensively, i.e. as part of a black-box penetration test to gather information about the target or defensively to identify what information your organisation is freely providing for attackers to use against you.
- Six (6) new modules:
- BotScout.com search for malicious e-mail addresses
- MalwarePatrol.net search
- IBM X-Force Threat Exchange search
- Amazon S3 bucket search
- Phone number identification
- Public vulnerability search (PunkSpider and XSSposed)
- Authentication and HTTPS support
- Scan by use case: e.g. use «Passive» for gathering info without touching the target
- SpamCop, bitcash.cz, VXVault, VOIPBL and more added as malicious data sources
- Pastie and Notepad.cc added as data paste sources
- Data can be flagged as false positive in the UI (with trickle-down effect)
- Bunch of bug fixes and minor enhancements
- User manual updated: http://www.spiderfoot.net/documentation/