E-mail address targeting
SpiderFoot 2.8.0 introduces the ability to footprint e-mail addresses, so you can now perform scans of e-mail addresses in the same way as you would currently scan a domain, hostname, IP address or netblock.
New Modules / Data Sources
This release introduces five new modules and an update to sfp_sharedip to include an additional data source:
sfp_threadcrowd: Searches ThreatCrowd for potentially malicious IP addresses, subnets, domains and e-mail addresses.
sfp_psbdmp: Searches Psbdmp.com for e-mail addresses or domain names which may have been mentioned in pastebin credential dumps.
sfp_similar: A re-vamp of the old module that relied upon third party data sources, instead this module relies only on DNS and will look for common misspellings of your target domain, identifying potential domain squatters or phishers. e.g. if your target is binarypool.com, this module will also look to see if b1narypool.com, binarypoool.com, etc. resolve.
sfp_wikileaks: Searches the WikiLeaks archives for mentions of e-mail addresses and domain names.
sfp_binstring: When certain binary file formats are found (e.g. JPEGs), this module will search them for ASCII strings, which may be revealing of software used, author information, etc.
sfp_sharedip: Updated to also use HackerTarget’s API for passive DNS, adding to the current Robtex and Bing sources.
Enhancements / Bug fixes
- XSS vulnerability when stopping a scan resolved (thanks to the kind folks at Netsparker)
- Fixed robtex parsing in sfp_sharedip
- General improvements to sfp_junkfiles to make it less false-positive prone
- Improved logging to see which modules are fetching data
- Dockerfile fix (thanks to imaia)
- Fix of the error many were getting in sfp_hosting
- Minor improvements to reduce memory consumption