Black Widow -- Web Ripper Tool

Website security auditing is always on demand in the cybersecurity field. Web application hacking is the main priority of every penetration testing student. We have learned in our many previous articles how we can gather information about a target. After information gathering the next process in finding the vulnerabilities or loopholes on a target website. Manually doing this requires a lot of experience and time, but some tools make it easier.
Black widow is a website ripper tool, this will help us to mapping or scanning targeted websites and Black widow works automatically.
Black Widow Kali Linux
Black Widow is written in Python3. This tool scans on target websites to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. Black Widow also includes Inject-X fuzzer to scan dynamic URLs for common OWASP vulnerabilities.

Key features of Black Widow:

  • Automatically collect all URLs from a target website.
  • Automatically collect all dynamic URLs & parameters from a target website.
  • Automatically collect all subdomains from a target website.
  • Automatically collect all phone numbers from a target website.
  • Automatically collect all email addresses from a target website.
  • Automatically collect all form URLs from a target website.
  • Automatically scan/fuzz for common OWASP TOP vulnerabilities.
  • Automatically saves all data into sorted text files.

Installing Black Widow on Kali Linux

To install Black Widow in our Kali Linux system we need to clone it from it’s GitHub repository by using following command:
git clone https://github.com/1N3/BlackWidow
The screenshot of the command is following:
clonning blackwidow from github
Now we need to navigate in to the BlackWidow directory by applying following command:
cd BlackWidow
We are now inside the blackwidow directory. Here if we want we can check the files using ls command, shown in the following screenshot,
files blackwidow
Now we can install this tool by using the following command:
sudo ./install.sh
Installing black widow on kali linux
In the above screenshot we can see that Black Widow started installing, after the installation is complete we can run this tool. We use the following command to crawl our target with 3 levels of depth.
blackwidow -u http://192.168.122.244
As we can see in the following screenshot:
Scanning with black widow
To crawl our target with 5 levels of depth and fuzz all unique parameters for OWASP vulnerabilities we apply the following command.
blackwidow -d https://test.com/uers.php?user=1&admin=true -v y
It automatically saves the output data on usr/share/BlackWidow directory, as we can see in the following screenshot:
Blackwidow saved output

Not only these there are lots of things we can do for more information we can check the help options of BlackWidow by using following command:
blackwidow -h
BlackWidow help menu on Kali Linux
BlackWidow help menu
We even can use BlackWidow in docker. To install it we need to run following command inside BlackWidow directory:
sudo docker build -t blackwidow
To start BlackWidow on docker we can apply following command:
sudo docker run -it blackwidow
Disclaimer: Using BlackWidow on others without proper mutual agreement is considered as crime. This tool is built for educational purposes and to increase safety. If anyone brakes the federal laws then creators are not responsible.
This is how we can use the BlackWidow tool to scan a target and gain much more information and we also tested for some vulnerabilities using this tool on our Kali Linux. Isn’t it powerful as Marvel's one?
Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.
author-img
Kali Linux

Comments

No comments
Post a Comment
    google-playkhamsatmostaqltradent