Skip to main content

SpiderFoot HX

spiderfoot

Version: 1.1
Updated: Jul 07, 2023

SpiderFoot is an open source intelligence automation tool. SpiderFoot can be used offensively (e.g. in a red team exercise or penetration test) for reconnaissance of your target or defensively to gather information about what you or your organisation might have exposed over the Internet. You can target the following entities in a SpiderFoot scan: IP address, domain/sub-domain name, hostname, network subnet (CIDR), ASN, e-mail address, phone number, username, person's name, bitcoin address.

SpiderFoot's 200+ modules feed each other in a publisher/subscriber model to ensure maximum data extraction to do things like:

  • Host/sub-domain/TLD enumeration/extraction
  • Email address, phone number and human name extraction
  • Bitcoin and Ethereum address extraction
  • Bitcoin and Ethereum address extraction
  • Threat intelligence and Blacklist queries
  • API integration with SHODAN, HaveIBeenPwned, GreyNoise, AlienVault, SecurityTrails, etc.
  • Social media account enumeration
  • S3/Azure/Digitalocean bucket enumeration/scraping
  • IP geo-location
  • Web scraping
  • Web content analysis
  • Image, document and binary file meta data analysis
  • Dark web searches
  • Port scanning and banner grabbing
  • Data breach searches, etc.

Actions

  • Add Notes To Data Element (Containment) - Add notes to a data element.
  • Delete Scan (Containment) - Delete a scan.
  • Get Scan Results Summary (Enrichment) - Retrieve a summary of the results for a scan.
  • Get Scan Status (Enrichment) - Retrieve status information about a given scan.
  • List Data Element Discovery Path (Enrichment) - Retrieve a data structure on how the provided data element was discovered during a scan.
  • List Data Element Types (Enrichment) - Retrieve a list of all data element types in SpiderFoot.
  • List Data Elements From Scan Correlation (Enrichment) - Retrieve all elements associated with a given correlation from a scan.
  • List Modules (Enrichment) - Retrieve a list of modules available in SpiderFoot.
  • List Scan Correlations (Enrichment) - Retrieve all correlations generated in a scan.
  • List Scan Logs (Enrichment) - Retrieve the log messages generated during a scan.
  • List Scan Results (Enrichment) - Retrieve results for a given scan.
  • List Scanner IP Addresses (Enrichment) - Retrieve a list of IP addresses SpiderFoot uses for scanning.
  • List Scans (Enrichment) - Retrieve a list of scans that have been run.
  • List Users (Enrichment) - Retrieve a list of users configured in the SpiderFoot account.
  • Run New Scan (Containment) - Run a SpiderFoot scan against a provided target or set of targets.
  • Scan Status Finished (Scheduled) - Schedule action that periodically checks if the scan status is finished.
  • Search Scan Results (Enrichment) - Retrieve results from a scan filtered by search criteria.
  • Star A Data Element (Containment) - Star or unstar a data element.
  • Terminate Scan (Enrichment) - Stop a running scan.

SpiderFoot HX configuration

Log in to SpiderFoot, select your username from the menu, choose API Key and copy your API Key.
spiderfoot

Configure SpiderFoot HX in Automation Service and Cloud SOAR

Before you can use the integration, you must configure it so that the vendor can communicate with Sumo Logic. For general guidance, see Configure Authentication for Integrations.

  1. Access App Central and install the integration.
  2. Select the installed integration in the Integrations page.
    Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
    New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations.
  3. Select the integration.
  4. Hover over the resource name and click the Edit button that appears.
    Edit a resource
  5. In the Add Resource dialog, enter the authentication needed by the resource. When done, click TEST to test the configuration, and click SAVE to save the configuration.
  • Label. The desired name for the resource.
  • URL. Your SpiderFoot URL.
  • API Key. Your SpiderFoot API Key you copied earlier from SpiderFoot.
    spiderfoot

For information about SpiderFoot, see SpiderFoot documentation.

Category

Threat Intelligence-Reputation

Change Log

  • October 21, 2022 - First upload
  • July 7, 2023 (v1.1) - Updated the integration with Environmental Variables
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2025 by Sumo Logic, Inc.