The Spyse cybersecurity search engine promises to bolster the output of security specialists with hard field work. Relatively new to the game, Spyse have caught the eye of many pentesters with their innovative approach to data gathering. Instead of using several services at once, users can benefit from a full-service experience which oversees the process of data gathering entirely.
Spyse is advantageous primarily due to their database approach, which eliminates the problem of long scanning times on data gathering queries. Cybersecurity experts will know how disruptive scanning can be, with multiple services running at the same time, and results taking very long to return. Spyse has entered the game with a solution which guarantees instant access to all kinds of data needed for performing reconnaissance, vulnerability assessments, business analysis, and more.
The guys from Spyse have shared some information on how they managed to create this instant-data experience. In this article, we take a closer look at this new cybersecurity search engine and how one could operate it to the fullest potential.
Collecting and Maintaining Fresh Mass Data
Gathering massive amounts of data is a heavy task, which is why most services require you to wait as they scan the internet to retrieve your results. The great thing about Spyse, is that they do the scanning beforehand. This search engine employs ten self-developed scanners operating regularly and gathering different kinds of technical info from various sources on the internet.
The regular scanning approach allows them to continuously gather the most up-to-date data and have their database undergo daily updates with fresh information. Spyse also uses a global server distribution system, which allows them to scan all over the world, bypassing location scanning restrictions and ISP blocking. The user gains a massive time advantage over specialists who implement ‘old school’ methods of data gathering.
The ten scanners that Spyse employs are each tailored to gather information from specified sources; each scanner has its own scanning range. As different data is gathered from many sources, the algorithms can see if a source is lagging behind or providing false information. Such untrustworthy sources get quickly removed from the scanners’ range, making for consistently fresh and accurate data.
Database Fluidity – New Way of Interacting with Mass Data
Collecting such large amounts of data is one thing, then there is a question of storing it. Spyse has an enormous database dedicated specifically for data storage, which houses everything gathered by their scanners.
The database consists of fifty powerful servers that store hot data of over 7 billion documents. The data is broken up into clusters and shards so it can be easily managed and organized by algorithms and retrieved by users. All of these 7 billion documents can be accessed with a simple search, with results returning fast, as if you’re looking for something on Google. This prime feature makes this cybersecurity search engine an absolute must-have for any cyber specialist looking to boost the efficiency of their toolkit.
Moreover, the Spyse engine analyzes and interconnects all found information. As they are further developing their service, the team strives to create a fluid search experience and allows users to always find more data connected to their main search target. The idea is to open up a larger variety of possibilities in identifying attack vectors, vulnerabilities, and to make all of this as simple and accessible as Clean My Mac. This fluid database interaction makes Spyse accessible not just for pros, but also for startups, independent companies who build their own websites and sell their products on the web.
How to Use Spyse: Web Interface and API
Spyse currently operates via web interface and API. There hasn’t been any information of whether or not they’re developing a CLI client. However, their current platform works well for gathering data, and all data can be downloaded directly from their site.
The data you’ve queried for returns on a new page, where you’ll find it sorted into tables with different kinds of information. It’s an interactive interface and these tables can be manually edited to filter out unnecessary data. By sorting the data, you can mould the results to exclude extra information and then of course download them for offline use.
In addition to the web interface, Spyse has an API which users can easily integrate into their tools and services. The API is very flexible and straightforward to work with, as Spyse have taken the time to make a Swagger documentation for it. All the various methods for using the API are outlined thoroughly on the Spyse website. The API is a great alternative while the team has yet to reveal their command line interface.
Users can also use the Python wrapper which was made by outsourced developer zer0pwn, who is well known amongst pentesters.
Features that Enhance Productivity
The Spyse cybersecurity search engine offers many productivity perks, which make searching easier, and technical data look more accessible for non-IT-geeks.
For example: the Spyse Scoring tool is a feature that displays the overall security/vulnerability levels of the queried target (the target can be a website, a corporation, network, infrastructure, or anything on the web). Scoring which tells you how secure the target is, and whether they have any vulnerabilities which could be exposed. It not only simplifies the lives of infosec specialists (who have to do this manually on the basis of tons of gathered data), but even people with limited technical knowledge (e.g. a new startup with a small team) can quickly assess whether their infrastructures have any entry points, or whether they’re sharing any sensitive data into the open source.
The Scoring tool compares all the gathered information from Spyse’s database with known CVEs and assigns the target a unique vulnerability score of 0-100. Users can then view expanded details on each vulnerability to figure out ways in which they could seal it.
But the magic happens when Scoring works in a sequence with Advanced Search. It creates the opportunity to search using CVE ids or the actual score. For example, search for IPs with a specific vulnerability score which are located on one autonomous system. It helps infosec specialists quickly conduct a list of targets or weed out all unnecessary assets.
Advanced Search is a little button you see on the search engine, which works as an addon to the simple search. Users can implement advanced search to find specific data; shoot for precise results. It works similarly to the google advanced search, allowing users to add different search parameters or filters to narrow down results from mass pools of data. This type of search is particularly useful and can yield interesting results.
For example: exploring autonomous systems with just 3 filters, will show the user all company assets, with the ability to check all their vulnerabilities and the company’s relationships with other organizations that are located in the same AS. For the simple AS investigation users can also use the ASN lookup tool, which is separate from the main search engine.
Who Benefits Most from Spyse
Anyone working in the field of cybersecurity can benefit from Spyse’s extensive toolkit. Security engineers can use all the aforementioned productivity perks to save up time spent on scanning and attaining mass data. Automating processes like vulnerability scans, can enable engineers to keep their infrastructure safe at all times and re-check it in minutes. This is fantastic news for startups, as they wouldn’t have to hire additional personnel in order to do security checkups. With features like Security Scoring, companies can know when they have vulnerabilities in their infrastructures, and when the need for a security expert can arise. Additionally, it’s valuable for startups or even bigger companies to know what kind of information they’re putting out to the open source.
Speaking of open source, Spyse can be a great tool for exploring other companies on the web. For example, exploring subdomains can shed light on new features in development coming from big companies, or reveal old versions of their sites. Subdomains are a frequent reason on why certain products are learned about before they’re made public. This is just a small example of how Spyse can be beneficial when performing analysis of business competitors.
Also, bug bounty hunters with Spyse will have a strong competitive edge. Spyse is an online search engine, which means you’ll avoid rate limits and save up lots of time and money on building your own infrastructures. Bug bounty agreements can sometimes be a little strict on certain methods and procedures, rendering them unavailable during the bounty process. Spyse however features many tools which bounty hunters can use if the agreements ban certain methods.
With this cybersecurity search engine handy, specialists will be operating on entirely new levels of efficiency.