How To Install SpiderFoot Security Scanner On Debian 10

How To Install SpiderFoot Security Scanner On Debian 10
installing spyderfoot on debian 10

SpiderFoot is a free and open-source information gathering tool used to automate the process to gather information from a given target, including domain name, hostname, IP address, subnetwork, threat intelligence lists, spam blacklists, and much more.

It automatically crawls 100+ open-source data sources to get information from the target machine. In this post, we will show you how to install SpiderFoot on Debian 10 VPS.

Prerequisites

  • A Debian 10 VPS (we’ll be using our SSD 2 VPS plan)
  • Access to the root user account (or access to an admin account with root privileges)

Step 1: Log in to the Server & Update the Server OS Packages

First, log in to your Debian 10 server via SSH as the root user:

ssh root@IP_Address -p Port_number

Once login, update your system packages with the following command:

apt-get update -y

Step 2: Install Required Dependencies

Before starting, Python3 must be installed in your system. If not installed, you can install it using the following command:

apt-get install python3 python3-pip git unzip -y

Once installed, verify the installed version of Python with the following command:

python3 --version

Output:

Python 3.7.3

Next, you will need to upgrade the PIP package to the latest version. You can upgrade it with the following command:

pip3 install --upgrade pip

Next, verify the PIP version using the following command:

pip3 --version

Output:

pip 21.0.1 from /usr/local/lib/python3.7/dist-packages/pip (python 3.7)

Step 3: Install SpiderFoot

First, download the latest version of SpiderFoot from the Git repository using the following command:

wget https://github.com/smicallef/spiderfoot/archive/refs/tags/v3.3.zip

After downloading, unzip the downloaded file with the following command:

unzip v3.3.zip

Next, change the directory to the extracted directory and install all Python requirements with the following command:

cd spiderfoot-3.3
pip3 install -r requirements.txt

You can list all SpiderFoot commands and options using the following command:

python3 sf.py --help

You should see the following screen:

install spiderfoot security scanner on debian 10

Step 4: Launch SpiderFoot as a Web Application

You can now start the SpiderFoot web application on port 3000 by running the following command:

python3 sf.py -l your-server-ip:3000

Once the SpiderFoot is started, you should get the following output:

2021-04-05 15:38:54,202 [INFO] Starting web server at your-server-ip:3000 ...
2021-04-05 15:38:54,214 [WARNING] 
********************************************************************
Warning: passwd file contains no passwords. Authentication disabled.
Please consider adding authentication to protect this instance!
Refer to https://www.spiderfoot.net/documentation/#security.
********************************************************************


*************************************************************
 Use SpiderFoot by starting your web browser of choice and 
 browse to http://your-server-ip:3000/
*************************************************************

2021-04-05 15:38:54,299 [INFO] [05/Apr/2021:15:38:54] ENGINE Listening for SIGTERM.
2021-04-05 15:38:54,299 [INFO] [05/Apr/2021:15:38:54] ENGINE Listening for SIGHUP.
2021-04-05 15:38:54,299 [INFO] [05/Apr/2021:15:38:54] ENGINE Listening for SIGUSR1.
2021-04-05 15:38:54,299 [INFO] [05/Apr/2021:15:38:54] ENGINE Bus STARTING
2021-04-05 15:38:54,403 [INFO] [05/Apr/2021:15:38:54] ENGINE Serving on http://your-server-ip:3000
2021-04-05 15:38:54,404 [INFO] [05/Apr/2021:15:38:54] ENGINE Bus STARTED

Now, press CTRL+C to stop the SpiderFoot.

Step 5: Enable SpiderFoot Authentication

By default, SpiderFoot can be accessed without authentication. So it is recommended to secure the SpiderFoot with username and password.

To enable the authentication, change the directory to SpiderFoot and create a passwd file with the following command:

cd spiderfoot-3.3
echo "admin:password" > passwd

Now, start the SpiderFoot web application again with the following command:

python3 sf.py -l your-server-ip:3000

You should get the following output:

2021-04-05 15:39:28,037 [INFO] Starting web server at your-server-ip:3000 ...
2021-04-05 15:39:28,050 [INFO] Enabling authentication based on supplied passwd file.

*************************************************************
 Use SpiderFoot by starting your web browser of choice and 
 browse to http://your-server-ip:3000/
*************************************************************

2021-04-05 15:39:28,074 [INFO] [05/Apr/2021:15:39:28] ENGINE Listening for SIGTERM.
2021-04-05 15:39:28,075 [INFO] [05/Apr/2021:15:39:28] ENGINE Listening for SIGHUP.
2021-04-05 15:39:28,075 [INFO] [05/Apr/2021:15:39:28] ENGINE Listening for SIGUSR1.
2021-04-05 15:39:28,075 [INFO] [05/Apr/2021:15:39:28] ENGINE Bus STARTING
2021-04-05 15:39:28,178 [INFO] [05/Apr/2021:15:39:28] ENGINE Serving on http://your-server-ip:3000
2021-04-05 15:39:28,178 [INFO] [05/Apr/2021:15:39:28] ENGINE Bus STARTED

At this point, SpiderFoot is started and listening on port 3000.

Step 6: Access SpiderFoot Web App

Now, open your web browser and access the SpiderFoot web application using the URL http://your-server-ip:3000. You will be asked to provide a username and password:

set up spiderfoot security scanner on debian 10

Provide your admin username, password and click on the Sign In button. You should see the SpiderFoot dashboard:

spiderfoot security scanner on debian 10 installation

Now, click on the New Scan button to create your first scan. You should see the following page:

debian 10 installation of spiderfoot security scanner

Provide your scan name, target IP address and click on the Run Scan Now button. You should see the following page:

You could also learn how to set up an open VPN server on Debian 10, as we’ve got you covered.

Now that you know how to install the SpiderFoot security scanner on a Debian 10 VPS, you can see how RoseHosting’s Linux VPS hosting can be easy and affordable. Our 24/7 customer support with an average response time of just 5 minutes guarantees 99.99% uptime. The free weekly backups are but a bonus.

Leave a Comment