Automated OSINT Reconnaissance Using SpiderFoot in Kali Linux

Nerd Cafe

What is SpiderFoot?

Open-Source Intelligence (OSINT) automation tool
Automates reconnaissance
Collects:
- Domains
- Subdomains
- IP addresses
- Emails
- Data breaches
- Social media
- WHOIS
- DNS records
Used in:
- Ethical hacking
- Cybersecurity investigations
- Threat intelligence
- Red teaming

Installing SpiderFoot in Kali Linux

Option 1 (Pre-installed Check)

spiderfoot -l 127.0.0.1:5001

If not installed:

Option 2 – Install via APT

sudo apt update
sudo apt install spiderfoot

Option 3 – Install from GitHub (Latest Version)

git clone https://github.com/smicallef/spiderfoot.git
cd spiderfoot
pip3 install -r requirements.txt
python3 sf.py -l 127.0.0.1:5001

Launching the Web Interface

Open browser in Kali
Go to:

http://127.0.0.1:5001

SpiderFoot Dashboard appears

Create a Controlled Passive Scan

Step 1: Create New Scan

Click:

New Scan

Fill in:

Scan Name: Vulnweb Passive Recon
Target: testphp.vulnweb.com
Target Type: DOMAIN_NAME

Step 2: Select Scan Type (IMPORTANT)

Choose:

Use Case → Footprint

Select modules manually and enable only:

DNS resolution
WHOIS
Subdomain enumeration
ASN lookup
SSL certificate info

Do NOT enable aggressive modules for this lab.

Click:

Run Scan

Monitor and Analyze Results

Let the scan run 5–15 minutes.

Step 3: Analyze Web Server

Go to:

Scan Results → Web Server

Identified Technology: The web server is running nginx/1.19.0.
Timestamp: The data was identified on February 20, 2026, at 00:55:24.
Context: This is part of a passive reconnaissance scan, meaning the information was gathered from external sources without directly interacting with the target.

Step 4: Analyze Physical Location

Go to:

Scan Results → Physical Location

Step 5: Analyze Linked URL - Internal

Go to:

Scan Results → Linked URL - Internal

💖 Support Our Work

If you find this post helpful and would like to support my work, you can send a donation via TRC-20 (USDT). Your contributions help us keep creating and sharing more valuable content.

TRC-20 Address: TAAVVf9ZxUpbyvTa6Gd5SGPmctBdy4PQwf

Thank you for your generosity! 🙏

Keywords

SpiderFoot, Kali Linux, OSINT, passive reconnaissance, footprinting, subdomain enumeration, DNS analysis, WHOIS lookup, attack surface mapping, threat intelligence, ASN lookup, IP geolocation, SSL certificate analysis, infrastructure mapping, API integration, Shodan integration, data breach detection, graph visualization, security assessment, cyber reconnaissance , Nerd Cafe , نرد کافه

Channel Overview

🌐 Website: www.nerd-cafe.ir

📺 YouTube: @nerd-cafe

🎥 Aparat: nerd_cafe

📌 Pinterest: nerd_cafe

📱 Telegram: @nerd_cafe

📝 Blog: Nerd Café on Virgool

💻 GitHub: nerd-cafe

PreviousPassive Footprinting Using Windows Command-Line Utilities NextReconnaissance Methodologies for Penetration Testing Using OWASP Amass

Last updated 7 days ago

hashtagWhat is SpiderFoot?

hashtagInstalling SpiderFoot in Kali Linux

hashtagOption 1 (Pre-installed Check)

hashtagOption 2 – Install via APT

hashtagOption 3 – Install from GitHub (Latest Version)

hashtagLaunching the Web Interface

hashtagCreate a Controlled Passive Scan

hashtagStep 1: Create New Scan

hashtagStep 2: Select Scan Type (IMPORTANT)

hashtagMonitor and Analyze Results

hashtagStep 3: Analyze Web Server

hashtagStep 4: Analyze Physical Location

hashtagStep 5: Analyze Linked URL - Internal

hashtag💖 Support Our Work

hashtagKeywords

hashtagChannel Overview

What is SpiderFoot?

Installing SpiderFoot in Kali Linux

Option 1 (Pre-installed Check)

Option 2 – Install via APT

Option 3 – Install from GitHub (Latest Version)

Launching the Web Interface

Create a Controlled Passive Scan

Step 1: Create New Scan

Step 2: Select Scan Type (IMPORTANT)

Monitor and Analyze Results

Step 3: Analyze Web Server

Step 4: Analyze Physical Location

Step 5: Analyze Linked URL - Internal

💖 Support Our Work

Keywords

Channel Overview