Information gathering with BlackWidow

Jan 10, 2020 by Thibault Debatty | 2483 views

Offensive Security

https://cylab.be/blog/56/information-gathering-with-blackwidow

BlackWidow is a python script that automatically crawls a website to gather information like phone numbers, email addresses, form URL’s etc. Very useful during the reconnaissance phase!

The easiest way to use it is using the available docker image:

docker pull cylab/blackwidow:latest
docker run cylab/blackwidow

By default the docker image simply shows the help menu:

You can spider a full domain using

docker run cylab/blackwidow -d example.com

BlackWidow will display quite a lot of debug information, and at the end (or when you hit ctrl + c) it will display the report containing the found URL’s, email addresses etc.

If you add the option -s y, BlackWidow will also test all dynamic pages against some OWASP vulnerabilities like XSS, SQL injection, directory traversal, local file inclusion etc…

This blog post is licensed under CC BY-SA 4.0

Linux Malware - Challenges & Threats

Linux Offensive Security

Dec 3, 2024 | 623 views
How to detect filtered (and opened) outgoing ports on a network?

Sysadmin Offensive Security

May 16, 2023 | 2603 views
Adv-Bot: Realistic Adversarial Botnet Attacks against Network Intrusion Detection Systems

Publication Offensive Security

Mar 28, 2023 | 1267 views
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept