SpiderFoot is one of the most powerful OSINT automation tools in Kali Linux. It scans hundreds of public data sources to gather intelligence on IP addresses, domain names, emails, and usernames
While it has a command-line interface (CLI) for quick checks, the "Pro" move is to use its embedded web server, which provides stunning visualization graphs you can put in your reports (and Medium articles!).
Legal Note: OSINT (Open Source Intelligence) involves gathering publicly available data. Never use this to harass individuals or target systems you do not have permission to test.
Step 1: Install and Check the CLI
SpiderFoot is usually pre-installed on Kali Linux. If not, you can grab it easily.
Command:
sudo apt update
sudo apt install spiderfootVerify installation:
spiderfoot -hThis displays the help menu, showing you all the flags like -l (listen) and -M (modules).
Step 2: The "Pro" Way — Launching the GUI
While you can run scans in the terminal, the Web UI is where SpiderFoot shines. It organizes complex data into readable graphs.
Command:
spiderfoot -l 127.0.0.1:5001-l: Tells SpiderFoot to start in "Listen" mode (Web Server).
127.0.0.1:5001: Sets the address to localhost on port 5001.
Step 3: Accessing the Dashboard
Open your web browser (Firefox in Kali) and navigate to:
http://127.0.0.1:5001
You will see the main SpiderFoot dashboard. This is your command center for new scans.
Step 4: Running Your First Scan
Let's scan a test target.
- Click "New Scan".
- Scan Name:
Test Scan 1 - Scan Target:
example.com(Or use a bug bounty program you are authorized to test). - By Use Case: Select "Passive" (this is stealthy and doesn't touch the target server directly).
- Click "Run Scan Now".
