This new cyberspace search engine superchargers the technical information gathering process. The Spyse team have recently combined all their products into one all-encompassing service which becomes a unique cybersecurity search engine to improve the workflow and efficiency of security engineers, pentesters, and bug bounty hunters.
Spyse fully oversees the process of gathering technical data. This means that no third-party plug-ins or additional services are needed as all the data you’ll ever need can be found on Spyse.
Users will enjoy working with the one of the largest database on the web which many sysadmins, pentesters, and bug bounty hunters will use to a great benefit.
Uninterrupted Data Collection
Mass data gathering is a lengthy process, mainly because of the time required for scans to perform. With Spyse, users get instant access to a ready database where pre-scanned data is stored. This development is huge as it saves time for other important tasks.
Ten scanners are working to collect information about different technologies and internet objects. Each scanner is unique and scans a specific part of the web, gathering data from varied sources for more accuracy. This system has enabled Spyse to build a scan infrastructure which is composed of fifty servers running uninterrupted data scans from different locations.
This multi-resource gathering allows for unique results which will be hard to get anywhere else. Spyse can bypass location-based scanning restrictions and ISP blocking. This suggests that their distribution system of servers is scattered all around the world, which makes for even more useful data.
Data Storage
One of the key features of this service is database access, as opposed to manually scanning and collecting data. Spyse employs 50 fast and reliable servers which store hot data containing over 7 billion documents.The user gets instant access to any information collected by Spyse’s scanners.
Since the information is pre-stored, Spyse analyzers get the chance to process it and establish connections between different internet elements. This helps security engineers find additional data connected to the main target, which opens up even more possibilities when looking for potential attack vectors.
How to Extract Data With Spyse
Spyse offers two ways of finding and extracting data: by using the web interface, and the API.
The web interface gives aggregated and structured information organized into data tables. These tables can be edited to display only the necessary information, and not kilometer long scan results. After having found all the needed data from the Spyse website, it can be downloaded for offline access.
The API is another great way to obtain data on Spyse. The API has an expanded documentation on Swagger, making it flexible and possible to use with different methods. Spyse API can be integrated into users’ services and is a great alternative while the team has yet to present their CLI. For those in trend, they also have a Python wrapper made by the outsourced developer zer0pwn.
Productivity Features
There are two tools on Spyse which significantly speed up the process of gathering information and identifying vulnerabilities: Advanced Search, and Security Scoring.
The Advanced Search tool gives users the ability to use 5 different search parameters in a single query, which removes the tedious work of analyzing thousands of lines of data. By applying just 3 search parameters you can find: all live sites (domains with a server response of 200), what company they belong to, and vulnerabilities present in their web platform or technologies.
While advanced search narrows down data, Security Scoring can filter through a list of targets to find targets with most or least vulnerabilities. The tool’s primary function is to act like a neat scoring device: it takes information from the Spyse scanners, connecting it with the CVE, and providing an overall security rating of 0-100. Users can investigate any found vulnerability in detail, like CVSS 3.x, and CVSS 2.0, impact, exploitability, attack vectors, references, and more.
For Anyone Working in Cybersecurity
System administrators can effectively monitor their cyber-infrastructure, getting information straight from the Spyse database; both manually and by writing just a few scripts. Also Spyse lets you quickly analyze the security level of elements related to the infrastructure to find weak points and potential entry points.
For Pentesters and Bug Bounty Hunters, Spyse fully oversees the process of finding information on a target and helps quickly formulate a target list. Also Spyse helps avoid most problems which stem from the process of finding information, like spending time and resources on creating an own infrastructure for scanning, avoiding rate limits, and the necessity to stay unnoticed when gathering information. Spyse can be a great OSINT resource when other services are forbidden by the contract or bug bounty agreement.
Spyse fully oversees the phase of reconnaissance, saving huge amounts of time and resources for investigation.