top of page
Search

Black Widow - Web Ripper Tool

Black widow is a website ripper tool, this will help us to map or scan targeted websites and Black widow works automatically.



Black Widow is written in Python3. This tool scans target websites to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. Black Widow also includes an Inject-X fuzzer to scan dynamic URLs for common OWASP vulnerabilities.

Key features of Black Widow:

  • Automatically collect all URLs from a target website.

  • Automatically collect all dynamic URLs & parameters from a target website.

  • Automatically collect all subdomains from a target website.

  • Automatically collect all phone numbers from a target website.

  • Automatically collect all email addresses from a target website.

  • Automatically collect all form URLs from a target website.

  • Automatically scan/fuzz for common OWASP TOP vulnerabilities.

  • Automatically saves all data into sorted text files.


Installing Black Widow on Kali Linux


To install Black Widow in our Kali Linux system we need to clone it from its GitHub repository by using the following command:

git clone https://github.com/1N3/BlackWidow The screenshot of the command is following:

Now we need to navigate into the BlackWidow directory by applying the following command:

cd BlackWidow

We are now inside the blackwidow directory. Here if we want we can check the files using the ls command, shown in the following screenshot,

Now we can install this tool by using the following command:

sudo ./install.sh

In the above screenshot we can see that Black Widow started installing, after the installation is complete we can run this tool. We use the following command to crawl our target with 3 levels of depth.

blackwidow -u http://192.168.122.244

As we can see in the following screenshot:


To crawl our target with 5 levels of depth and fuzz all unique parameters for OWASP vulnerabilities we apply the following command. blackwidow -d https://test.com/uers.php?user=1&admin=true -v y It automatically saves the output data on usr/share/BlackWidow directory, as we can see in the following screenshot:

Not only these there are lots of things we can do for more information we can check the help options of BlackWidow by using the following command:

blackwidow -h

We even can use BlackWidow in docker. To install it we need to run the following command inside the BlackWidow directory:

sudo docker build -t Blackwidow

To start BlackWidow on docker we can apply the following command:

sudo docker run -it blackwidow

This is how we can use the BlackWidow tool to scan a target and gain much more information and we also tested for some vulnerabilities using this tool on our Kali Linux. Isn’t it powerful as Marvel's one?

Comments

©2022 www.theblackthreat.in All right reserved.
bottom of page