Data gathering has always been a long process which required multiple services running simultaneously and spending hours scanning alone. With new services like the Spyse search engine, these processes have been simplified drastically.
Spyse is worth discussing because of how they boost productivity with their all-in-one data gathering solutions and a few useful tools.
In this article, I’ll present an overview of how Spyse gathers data, why their database approach is a significant step forward, and why other services should take note.
Data Collection Methods
Spyse implements a system of scanners which are tailored each towards gathering specific types of information. Multiple trusted resources are used, and data is gathered uninterruptedly. Overall, there’s a global fifty-server distribution system which allows Spyse to scan everywhere, bypassing location restrictions and ISP blocking.
This kind of data is hard to obtain using other services, for example, I can definitely say that the CIDR results are way more accurate than in Shodan.
They also walk an extra mile to create an interface where users can visualize relationships between different internet entities using found data. It’s not done yet but I’m waiting for the release in the next few weeks.
The Database Solution
Performing reconnaissance using several services at once can take ages, not to mention that data is not always reliable. Spyse proposes a solution by implementing a database where the mass data you’re looking for is already stored. *Pretty similar to Censys.
As a key feature of this cybersecurity search engine, the database consists of fifty quick and reliable servers which store only hot data. Users enjoy access to seven billion documents which contain all types of data: IP addresses, domain and subdomain data, MX, DNS lookup, explorable information on autonomous systems, and much more.
After pre-gathering this data, Spyse implements algorithms to analyze it, process it, and help the user find connections/relationships between found data. This creates a thorough data surfing experience which can yield impressive results. The advantage of this feature is to identify more possible vectors of attack checking all related assets to the main target.
Convenient Data Presentation
Spyse search provides a few methods accessing the data, through the web service and their API, and both of them worth attention.
The web interface is dynamic and easy to navigate, presenting lots of productivity perks for finding specific data and filtering out everything extra. The data is given in customizable tables, which can be adjusted for only needed information. This removes the need to crawl through heaps of data. All data can be downloaded by having a standard subscription plan for offline access.
If the web interface isn’t your cup of tea, Spyse has an API with many types of requests and documentation on Swagger which makes it a pleasure to work with. The API can be easily integrated into your tools and services and works with many methods which are thoroughly outlined on the website. This is a great alternative for a command line interface, which Spyse team has yet to present.
Another alternative is using Spyse’s Python wrapper which was developed by outsourced developer zer0pwn, who is well-known amongst pentesters.
Productivity Enhancing Tools
One of the standout benefits of the Spyse team is their attention to productivity perks.
Spyse Scoring compares all information gathered by spyse scanners to the most trustworthy CVE databases like NVD. Each target is given a security score of 0-100, with vulnerabilities ranked by their level of threat to get a quick understanding of the potential of each target. Users can click on each found vulnerability to view expanded information for further investigation and analyze many targets(IPs, domains) at once in order to filter out all unnecessary assets and make results much clear.
Another tool is Advanced Search, which acts like a live filter on search results. Adding up to 5 search parameters can help to narrow down found information to precise data. This greatly saves time as it alleviates the need to crawl through the mass of attained data. Advanced search can be used for finding all vulnerable assets(technologies, products, etc...) of the company or discovering the most vulnerable elements of the internet using Spyse Score as a query (but it was returned to the development stage as I know).
A Great Tool for Cyber-Specialists
Spyse search engine proves a formidable tool for anyone working in cybersecurity. Security engineers can focus their time on sealing infrastructure vulnerabilities instead of finding data. Tasks which usually took loads of time can now be automated, giving specialists a competitive edge over hackers.
Bug bounty hunters can also automate many tasks, including quickly finding a list of vulnerable targets using Security Scoring. They can also use Spyse as an OSINT source when other methods are rendered unavailable by bug bounty agreements. Using this service specialists will speed up their workflow, save up on scanning infrastructure, and remain undetected while performing scans.
All in all, Spyse offers unique ways of attaining and exploring mass data from the whole internet. Companies who have their specialists use Spyse, will enjoy the great benefits of improved infrastructure security, and more data gathered on competitors for business analysis.