What are the Sam Spade tools?

by Daniel Petri - January 8, 2009

What are the Sam Spade Search Tools?

This is a collection of some of the web tools provided by the Sam Spade website.

Click on any item to expand it's description. Searches will open in a new window.

 

  • The address digger

    • This tool is the original Sam Spade tool that's been running for nearly five years. It's been rewritten from scratch four times since it first appeared, but still does the same things. It takes a hostname or an IP address, guesses at the domain name, and then runs some Whois queries to find out who owns the domain and the block of IP addresses it lives in, and traces the route packets take to the host.

      It's slow, crufty, returns less information and has more bugs than the newer tools, but it's still handy to have around.

 

  • Obfuscated URLs

    • A lot of spam includes pointers to websites. Often the URL is obfuscated in a variety of ways - by using %-encoded characters, bogus authentication information, IP addresses written in strange ways.

      This tool will decode any legal URL, showing you how it was obfuscated, what the real URL looks like and who hosts the website.

 

  • The safe web browser

    • This is a secure web browser. It doesn't pass any information about you, it won't accept cookies, it won't run any JavaScript, any ActiveX or Java applets. It won't even reveal the IP address you're connecting from.

      Enter a URL, such as http://samspade.org/ssw/ into the box and hit Go. You'll see the raw http response from the server.

      Any links, redirects or frames in the original webpage will be shown as active links. Some interesting constructs in the web page will be highlighted.

      The downsides are that some websites will refuse to show you any content without a cookie - and there's no way to accept a cookie, the HTML isn't parsed particularly carefully, so some links may not be active, and authentication isn't supported yet.

 

  • Traceroute

    • Traceroute shows the route packets take from this host (samspade.org, NOT from YOUR own host, like the regular built-in Traceroute tool does) to the host you're looking at. Each hop shows the hostname (or the IP address if there's no reverse DNS), the IP address of the system, the AS number of the system, and the round-trip time from samspade.org to the system.

      The AS number identifies the owner of the network neighborhood the system is in. Following the AS number link will give contact information for the owner of that block of addresses - the system itself may be a customer of the block owner.

 

  • Whois

    at MagicGeekToolsAustralia (whois.aunic.net)Canada (whois.canet.ca)Switzerland (whois.nic.ch)edu,com,net,org,gov (whois.internic.net)Spain (whois.eunet.es)France (whois.nic.fr)Italy (whois.nis.garr.it)Japan (whois.nic.ad.jp)South Korea (whois.nic.nm.kr)Lichtenstein (whois.nic.li)US Military (nic.ddn.mil)Netherlands (domain-registry.nl)Sweden (whois.internic.se)Slovak Republic (whois.uakom.sk)United Kingdom, not .ac.uk or .gov.uk (whois.nic.uk)United States .us (nii-server.edu)Assigned IP addresses (whois.arin.net)Europe(whois.ripe.net)Asia Pacific (whois.apnic.net)

    • The Whois tool asks a question of a Whois server. Typically the question is a domain name or an IP address. You usually need to pick the right Whois server to ask your question (whois.nic.fr only knows about French domains, for instance).

 

  • Whois #2

    at

    • The Whois tool asks a question of a Whois server. Typically the question is a domain name or an IP address. Sometimes you may want to query a server I don't have listed - this tool will let you query any server.

 

  • Rwhois

    at Exodus CommunicationsDigex/IntermediaCogent Communications

    • This is a very simple rwhois tool. It asks a single question of an rwhois server. Typically the question is an IP address. You usually need to pick the right rwhois server to ask your question (rwhois.exodus.net only handles Exodus suballocation, for instance).

 

  • Dejanews author search

    • This is just a canned search of the Dejanews database of the past several years of Usenet posts. All Dejanews disclaimers apply (specifically the Dejanews search engine sometimes has a bad day, and finds posts by an author in groups they've never posted too - if the post itself doesn't show up, it didn't really happen. Also anything posted with an X-No-Archive: yes header will not be listed at Dejanews, nor will cancels, most Usenet spam and some binaries. Posts are sometimes forged, either as random vandalism or targeted harassment. Treat the results from this search with some caution.)

 

  • Blackhole list check

    • This queries several Blackhole lists to see if the server is listed in any of them.

 

  • DNS

    • The DNS tool asks basic questions of the domain name system. Typically the question is a domain name or an IP address. It will provide the address and mail server for a hostname, and the reverse DNS for an IP address.

 

  • Routing Explorer

    • The Routing Explorer allows you to explore a static copy of part of the internet routing databases mirrored by RADB

      It can give you some idea of who is provides connectivity to an address and how much of the internet a company provides connectivity to.

 

  • RFC

    • A cross-referenced archive of RFCs.

 

  • IP Whois

    • Query ARIN, RIPE or APNIC to find who owns an IP address.


Join The Petri Insider - Weekly IT Tutorial and Tips, Whitepaper and Webinars