Information gathering with BlackWidow

Jan 10, 2020 by Thibault Debatty | 2632 views

Offensive Security

https://cylab.be/blog/56/information-gathering-with-blackwidow

BlackWidow is a python script that automatically crawls a website to gather information like phone numbers, email addresses, form URL’s etc. Very useful during the reconnaissance phase!

The easiest way to use it is using the available docker image:

docker pull cylab/blackwidow:latest
docker run cylab/blackwidow

By default the docker image simply shows the help menu:

You can spider a full domain using

docker run cylab/blackwidow -d example.com

BlackWidow will display quite a lot of debug information, and at the end (or when you hit ctrl + c) it will display the report containing the found URL’s, email addresses etc.

If you add the option -s y, BlackWidow will also test all dynamic pages against some OWASP vulnerabilities like XSS, SQL injection, directory traversal, local file inclusion etc…

This blog post is licensed under CC BY-SA 4.0

GHOSTS v8.0 Implementation: Orchestrating Realistic Traffic for PoC Attack Simulation and Log Monitoring

Python Windows Docker Network analysis and visualization Virtualization Offensive Security

Mar 10, 2025 | 1053 views
Linux Malware - Challenges & Threats

Linux Offensive Security

Dec 3, 2024 | 1007 views
How to detect filtered (and opened) outgoing ports on a network?

Sysadmin Offensive Security

May 16, 2023 | 5069 views
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept