Welcome back, aspiring hackers! Raspberry Pi is a great starting point for exploring cybersecurity and hacking in particular. You can grab a $50 board, connect it to the TV, and start learning. Otherwise, you can install the OS on the Pi and control it from your phone. There are a lot of opportunities. In this article, […]
The post Getting Started with the Raspberry Pi for Hacking: Using Spiderfoot for OSINT Data Gathering first appeared on Hackers Arise.
Welcome back, aspiring hackers!
Raspberry Pi is a great starting point for exploring cybersecurity and hacking in particular. You can grab a $50 board, connect it to the TV, and start learning. Otherwise, you can install the OS on the Pi and control it from your phone. There are a lot of opportunities.
In this article, I’d like to demonstrate how to use a Raspberry Pi for Open Source Intelligence (OSINT) gathering. This a key reconnaissance step before the attack.
Step #1: Understand Where to Start?
There is a wealth of OSINT tools—some have faded away, while new ones constantly emerge. Spiderfoot, for example, has been quietly serving OSINT investigators since 2012.
This tool serves as a starting point in the investigation. It is capable of gathering information from multiple resources automatically with little or no manual interaction. Once this data has been gathered, you can export the results in CSV/JSON or feed scan data to Splunk/ElasticSearch.
Step #2: Getting Started with Spiderfoot
In the previous article we installed Kali Linux on a Raspberry Pi, which comes with Spiderfoot pre‑installed. Let’s take a look at its help page:
kali> spiderfoot -h
To get started, it is enough to run the following command:kali> spiderfoot -l 0.0.0.0:port
Where
-l – tells it to listen for incoming HTTP connections;
0.0.0.0:4444 – the address + port where the web UI will be bound. 0.0.0.0 means “any reachable IP on this machine,” so you can reach the UI from another host on the same network.
By typing http://:
Step #3: Spiderfoot Modules
By default, Spiderfoot includes more than 200 modules, most of which operate without any API keys. However, adding the appropriate API keys in the settings can significantly boost the effectiveness of your scans.
Step #4: Start Scanning
SpiderFoot offers four primary scan types:
All: Runs every available module. Comprehensive but time-consuming, and may generate excessive queries.
Footprint: Lighter scan focusing on infrastructure and digital footprint.
Investigate: Some basic footprinting will be performed in addition to querying of blacklists and other sources that may have information about your target’s maliciousness.
Passive: Gathering information without touching the target or their affiliates.
Let’s run a “stealth” scan against the Russian oil company Lukoil. Once the scan completes, the Summary tab on the main screen will display an overview of the information that was uncovered.
By clicking the Browse tab, we can review the results.
One of spiderfoot’s standout features is its ability to visualize data graphically.
In the graph, each node represents a distinct piece of information about the target.
Summary
In this simple approach, you can use a Raspberry Pi to conduct OSINT investigations without installing anything on your primary system. Moreover, you can access the Pi’s IP address from your phone and review the results during a coffee break—or whenever you have a spare moment.
As mentioned in the introduction, the Raspberry Pi is a powerful platform for learning cybersecurity.
If you’d like to advance in this field, consider checking out our OSINT training class.
The post Getting Started with the Raspberry Pi for Hacking: Using Spiderfoot for OSINT Data Gathering first appeared on Hackers Arise.
Source: HackersArise
Source Link: https://hackers-arise.com/getting-started-with-the-raspberry-pi-for-hacking-using-spiderfoot-for-osint-data-gathering/