DEV Community

ValezBGP
ValezBGP

Posted on

Spyse - Cyberspace Search Engine

Spyse History

Spyse is a cyberspace search engine that consists of a few well known services, such as FindSubdomains, ASlookup and a few others.
Some while ago Spyse team has decided to move everything in one platform and greatly expand the reconnaissance opportunities.

The core feature of Spyse is their massive database that collects all needed information for the information gathering process. Experts who are tasked with data gathering on a daily basis can reap its benefits, as the time factor is a big reason why many cybersecurity hiccups happen. I would say that Spyse search engine is a powerful cybersecurity tool for both attacking, and defending tasks.

Spyse database size

Data Gathering

Spyse gathers technical data from all over the internet uninterruptedly in order to host up to date data. They use a smart global server distribution system, which enables them to collect data with more precision, bypassing location scanning restrictions, and ISP blocking.
Spyse servers distribution

Gathering data in advance and pre-storing it in a database, also gives the search engine to validate each source for authenticity and weed out the untrustworthy sources.

Spyse Database

The database is composed of fifty highly functioning and reliable servers storing hot data allowing users to get instant access to any information. This approach significantly hastens the process of reconnaissance, allowing the user to analyze any amounts of stored data quicker than ever before.

Spyse search engine implements algorithms to interlink data before storing it, which helps users browse related info and analyze relationships between found data/organizations/companies. The result is a unique data-surfing experience which always yields additional results in regards to the users’ query: more access points, more possible attack vectors.

Web Interface and API

Users can access Spyse data by using their web interface and API.

Web interface

The web interface displays aggregated and structured information organized into tables. These tables can be edited for data and all data can then be downloaded and accessed offline in CSV or JSON formats.

API

The API is flexible and easy to use, thanks to its documentation on Swagger. The API lends itself to many methods for use, which are detailed on the API docs of the website. The API is a great alternative while Spyse team has yet to reveal their CLI.

Another alternative is their Python wrapper which was made by outsourced developer zer0pwn.

Productivity Features

Spyse doesn’t come without productivity perks to increase the speed and workflow for users who perform regular field work, like bug bounty hunters and pentesters.

Spyse Scoring

The Spyse Scoring quickly analyzes all found information for various vulnerabilities with connection to the target using CVE trusted databases like NVD.
The Scoring assigns each target a vulnerability score of 0-100 and offers expanded details to further investigate vulnerabilities if found and presents them in order of most to least dangerous. Scoring is a great tool to use when you need to create a target list or filter our all unnecessary targets/assets.

Spyse vulnerabilities count

Advanced Search

Advanced Search is another tool which helps narrow down found information. It acts like a live filter where you can add up to 5 search parameters to help find more concrete, detailed data.

For example: using just 2 parameters users can find all expired certificates of a company, sorted and structured by type, subject DN, updated date, and more. It’s all available without the need of analyzing each certificate and performing a bunch of searches, but still, they have even a separate SSL Lookup tool.

Spyse advanced search filters

Specialists that Benefit Most

Security engineers and system administrators will find the Spyse Search Engine a formidable tool for their jobs. As vulnerabilities keep arising in infrastructures, specialists can use Spyse to quickly seal all potential vectors of attack before they are exposed by hackers. By automating tasks which used to take large quantities of time, specialists can focus their resources on strengthening their infrastructures rather than waiting for scans to return.

Bug bounty hunters and pentesters can also reap the benefits of the Spyse Search Engine. It lets save time and money on developing their own scanning infrastructures. It lets users remain invisible when collecting data, and helps avoid rate limits. Bug bounty hunters can quickly make target lists and find unique ways of obtaining data about the main target, when certain methods are restricted by bug bounty agreement or contract.

Overall, Spyse is a powerful cyberspace search engine that greatly increases the speed of information gathering.

Discussion (0)