Skip to main content

SpiderFoot HX

spiderfoot

Version: 1.1
Updated: Jul 07, 2023

SpiderFoot is an open source intelligence automation tool. SpiderFoot can be used offensively (e.g. in a red team exercise or penetration test) for reconnaissance of your target or defensively to gather information about what you or your organisation might have exposed over the Internet. You can target the following entities in a SpiderFoot scan: IP address, domain/sub-domain name, hostname, network subnet (CIDR), ASN, e-mail address, phone number, username, person's name, bitcoin address.

SpiderFoot's 200+ modules feed each other in a publisher/subscriber model to ensure maximum data extraction to do things like:

  • Host/sub-domain/TLD enumeration/extraction
  • Email address, phone number and human name extraction
  • Bitcoin and Ethereum address extraction
  • Bitcoin and Ethereum address extraction
  • Threat intelligence and Blacklist queries
  • API integration with SHODAN, HaveIBeenPwned, GreyNoise, AlienVault, SecurityTrails, etc.
  • Social media account enumeration
  • S3/Azure/Digitalocean bucket enumeration/scraping
  • IP geo-location
  • Web scraping
  • Web content analysis
  • Image, document and binary file meta data analysis
  • Dark web searches
  • Port scanning and banner grabbing
  • Data breach searches, etc.

Actions

  • Add Notes To Data Element (Containment) - Add notes to a data element.
  • Delete Scan (Containment) - Delete a scan.
  • Get Scan Results Summary (Enrichment) - Retrieve a summary of the results for a scan.
  • Get Scan Status (Enrichment) - Retrieve status information about a given scan.
  • List Data Element Discovery Path (Enrichment) - Retrieve a data structure on how the provided data element was discovered during a scan.
  • List Data Element Types (Enrichment) - Retrieve a list of all data element types in SpiderFoot.
  • List Data Elements From Scan Correlation (Enrichment) - Retrieve all elements associated with a given correlation from a scan.
  • List Modules (Enrichment) - Retrieve a list of modules available in SpiderFoot.
  • List Scan Correlations (Enrichment) - Retrieve all correlations generated in a scan.
  • List Scan Logs (Enrichment) - Retrieve the log messages generated during a scan.
  • List Scan Results (Enrichment) - Retrieve results for a given scan.
  • List Scanner IP Addresses (Enrichment) - Retrieve a list of IP addresses SpiderFoot uses for scanning.
  • List Scans (Enrichment) - Retrieve a list of scans that have been run.
  • List Users (Enrichment) - Retrieve a list of users configured in the SpiderFoot account.
  • Run New Scan (Containment) - Run a SpiderFoot scan against a provided target or set of targets.
  • Scan Status Finished (Scheduled) - Schedule action that periodically checks if the scan status is finished.
  • Search Scan Results (Enrichment) - Retrieve results from a scan filtered by search criteria.
  • Star A Data Element (Containment) - Star or unstar a data element.
  • Terminate Scan (Enrichment) - Stop a running scan.

SpiderFoot HX configuration

Log in to SpiderFoot, select your username from the menu, choose API Key and copy your API Key.
spiderfoot

Configure SpiderFoot HX in Automation Service and Cloud SOAR

Before you can use this automation integration, you must configure its authentication settings so that the product you're integrating with can communicate with Sumo Logic. For general guidance, see Configure Authentication for Automation Integrations.

How to open the integration's configuration dialog
  1. Access App Central and install the integration. (You can configure at installation, or after installation with the following steps.)
  2. Go to the Integrations page.
    Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
    New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations.
  3. Select the installed integration.
  4. Hover over the resource name and click the Edit button that appears.
    Edit a resource

In the configuration dialog, enter information from the product you're integrating with. When done, click TEST to test the configuration, and click SAVE to save the configuration.

  • Label. The desired name for the resource.
  • URL. Your SpiderFoot URL.
  • API Key. Your SpiderFoot API Key you copied earlier from SpiderFoot.
    Spiderfoot configuration

For information about SpiderFoot, see SpiderFoot documentation.

Category

Threat Intelligence-Reputation

Change Log

  • October 21, 2022 - First upload
  • July 7, 2023 (v1.1) - Updated the integration with Environmental Variables
Edit this page
Last updated on by John Pipkin (Sumo Logic)
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2025 by Sumo Logic, Inc.