Working with BlackWidow
Example 1: Full URL to spider
In this example, we will be performing Full URL Spider. We have provided the target Full URL using the -u tag (https://w3wiki.org)
sudo python3 blackwidow -u https://w3wiki.org
In the below Screenshot, we are getting our scan results, Subdomains of w3wiki.org are displayed in the below Screenshot.
In the below Screenshot, dynamic URLs found on w3wiki.org are mentioned below in the screenshot, Basically, these are parameterized URLs that can be tested for XSS and many more vulnerabilities.
In the below screenshot, the files created by the tool while scanning is shown. Each file has its own results like subdomains, emails, URLs, etc.
In the below Screenshot, You can see that Emails of w3wiki.org are saved in the emails.txt file, this makes the task easier.
Example 2: Domain name to spider
In this example, rather than providing a full URL (like Example 1), we are specifying only domain names to scan. -d tag is used along with the target domain name.
sudo python3 blackwidow -d w3wiki.org
Domain name to spider
In the below Screenshot, we have got the results of our Domain name Spider.
Example 3: Level of depth to traverse
In this example, we will scan the domain to a certain depth. 5 levels of depth will be scanned as we have specified a depth of 5 using the -l tag.
sudo python3 blackwidow -d w3wiki.org -l 5
In the below Screenshot, the results of the depth of 5 are displayed.
Example 4: Scan all dynamic URL’s found
In this example, We will scan for all the dynamic URLs detected on the w3wiki.org domain. In the below Screenshot, the list of unique_dynaminc URLs list is displayed.
sudo python3 blackwidow -d w3wiki.org -s /usr/share/blackwidow/w3wiki.org_80/w3wiki.org_80-dynamic-unique.txt
In the below Screenshot, we are starting our Scan on dynamic URLs which are provided in the form of list.
In the below screenshot, you can see that the results of the above scan are displayed.
Example 5: Port for the URL
In this example, we will perform a scan on the domain specified with the port number. We have specified Port 80, so only Port 80 URLs will be scanned.
sudo python3 blackwidow -d w3wiki.org -p 80
In the below Screenshot, we have got the results of our above Example Port of the URL.
Example 6: Set verbose mode
In this example, we will be displayed in a more verbose format. -v tag is used along with the confirmation (y/n).
sudo python3 blackwidow -d w3wiki.org -v y
In the below Screenshot, the results of verbose format are displayed.
BlackWidow – Web Application Spider
Gathering Information about the target domain is very important for making the penetration testing or bug bounty hunting process successful. Collecting Subdomains, Unique URLs, URLs with Parameters, Emails of the target domain, etc information is very crucial, so to get this Information we have a tool named BlackWidow.
BlackWidow tool is a python language-based tool used for web-based application spider and gathers lots of information. Inject-X fuzzer is used in this tool for scanning Dynamic URLs for common OWASP vulnerabilities. BlackWidow tool can be used in the initial steps of web-based application vulnerability assessment for the Information Gathering phase. Inject-X fuzzer has the capability to detect XSS, SWL Injection, HTML code injection, etc. vulnerabilities.