2021 Annual Petri Reader Survey - We want to know what's important to you! 2021 Annual Petri Reader Survey - We want to know what's important to you!
Windows Server

What are the Sam Spade tools?

What are the Sam Spade Search Tools?

This is a collection of some of the web tools provided by the Sam Spade website.

Click on any item to expand it’s description. Searches will open in a new window.

 

  • The address digger

    • This tool is the original Sam Spade tool that’s been running for nearly five years. It’s been rewritten from scratch four times since it first appeared, but still does the same things. It takes a hostname or an IP address, guesses at the domain name, and then runs some Whois queries to find out who owns the domain and the block of IP addresses it lives in, and traces the route packets take to the host.

      It’s slow, crufty, returns less information and has more bugs than the newer tools, but it’s still handy to have around.

 

  • Obfuscated URLs

    • A lot of spam includes pointers to websites. Often the URL is obfuscated in a variety of ways – by using %-encoded characters, bogus authentication information, IP addresses written in strange ways.

      This tool will decode any legal URL, showing you how it was obfuscated, what the real URL looks like and who hosts the website.

 

  • The safe web browser

    • This is a secure web browser. It doesn’t pass any information about you, it won’t accept cookies, it won’t run any JavaScript, any ActiveX or Java applets. It won’t even reveal the IP address you’re connecting from.

      Enter a URL, such as http://samspade.org/ssw/ into the box and hit Go. You’ll see the raw http response from the server.

      Any links, redirects or frames in the original webpage will be shown as active links. Some interesting constructs in the web page will be highlighted.

      The downsides are that some websites will refuse to show you any content without a cookie – and there’s no way to accept a cookie, the HTML isn’t parsed particularly carefully, so some links may not be active, and authentication isn’t supported yet.

 

  • Traceroute

    • Traceroute shows the route packets take from this host (samspade.org, NOT from YOUR own host, like the regular built-in Traceroute tool does) to the host you’re looking at. Each hop shows the hostname (or the IP address if there’s no reverse DNS), the IP address of the system, the AS number of the system, and the round-trip time from samspade.org to the system.

      The AS number identifies the owner of the network neighborhood the system is in. Following the AS number link will give contact information for the owner of that block of addresses – the system itself may be a customer of the block owner.

 

  • Whois

    at MagicGeekToolsAustralia (whois.aunic.net)Canada (whois.canet.ca)Switzerland (whois.nic.ch)edu,com,net,org,gov (whois.internic.net)Spain (whois.eunet.es)France (whois.nic.fr)Italy (whois.nis.garr.it)Japan (whois.nic.ad.jp)South Korea (whois.nic.nm.kr)Lichtenstein (whois.nic.li)US Military (nic.ddn.mil)Netherlands (domain-registry.nl)Sweden (whois.internic.se)Slovak Republic (whois.uakom.sk)United Kingdom, not .ac.uk or .gov.uk (whois.nic.uk)United States .us (nii-server.edu)Assigned IP addresses (whois.arin.net)Europe(whois.ripe.net)Asia Pacific (whois.apnic.net)

    • The Whois tool asks a question of a Whois server. Typically the question is a domain name or an IP address. You usually need to pick the right Whois server to ask your question (whois.nic.fr only knows about French domains, for instance).

 

  • Whois #2

    at

    • The Whois tool asks a question of a Whois server. Typically the question is a domain name or an IP address. Sometimes you may want to query a server I don’t have listed – this tool will let you query any server.

 

  • Rwhois

    at Exodus CommunicationsDigex/IntermediaCogent Communications

    • This is a very simple rwhois tool. It asks a single question of an rwhois server. Typically the question is an IP address. You usually need to pick the right rwhois server to ask your question (rwhois.exodus.net only handles Exodus suballocation, for instance).

 

  • Dejanews author search

    • This is just a canned search of the Dejanews database of the past several years of Usenet posts. All Dejanews disclaimers apply (specifically the Dejanews search engine sometimes has a bad day, and finds posts by an author in groups they’ve never posted too – if the post itself doesn’t show up, it didn’t really happen. Also anything posted with an X-No-Archive: yes header will not be listed at Dejanews, nor will cancels, most Usenet spam and some binaries. Posts are sometimes forged, either as random vandalism or targeted harassment. Treat the results from this search with some caution.)

 

  • Blackhole list check

    • This queries several Blackhole lists to see if the server is listed in any of them.

 

  • DNS

    • The DNS tool asks basic questions of the domain name system. Typically the question is a domain name or an IP address. It will provide the address and mail server for a hostname, and the reverse DNS for an IP address.

 

  • Routing Explorer

    • The Routing Explorer allows you to explore a static copy of part of the internet routing databases mirrored by RADB

      It can give you some idea of who is provides connectivity to an address and how much of the internet a company provides connectivity to.

 

  • RFC

    • A cross-referenced archive of RFCs.

 

  • IP Whois

    • Query ARIN, RIPE or APNIC to find who owns an IP address.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (5)

5 responses to “What are the Sam Spade tools?”

  1. Information Gathering « Aggressive Virus Defense

    [...] The Sam Spade utilities look up DNS and domain information. Frequently under revision, but one stable source is petri.com. [...]
  2. Web Application Testing « Aggressive Virus Defense

    [...] Sam Spade tools can tell you what others can easily learn about you [...]
  3. Same spade | Selenenet

    [...] Sam Spade toolsNov 24, 2001 … First of all, the spade in the expression isn’t the same spade as in the slang term. The first is undoubtedly the digging implement. The second is … [...]
  4. Metawebsites « Aggressive Virus Defense

    [...] TechnicalInfo.net is a collection of passive information gathering tools, many of which fail by redirecting to swisscom. Includes some of the Sam Spade tools, which can tell you what others can easily learn about you. The Sam Spade tools look up DNS and domain information. The Sam Spade tools are frequently under revision, but one stable source is petri.com. [...]
  5. Tools | Pearltrees

    [...] Sam Spade tools ENISA Blog Seasoned malware analysts/reversers/crackers move along – you already know this stuff Analyzing malware is always challenging as there are a few dozen if not hundreds different ways to detect the virtual environment plus other tools used by reversers during dynamic or in-depth analysis – most of these can be easily picked up by malware looking for process names, registry keys, or using one of the undocumented, or semi-documented bugs/features of VMs (usually snippets of code producing different results when executed on a real CPU vs. on a virtual CPU). This short post describes a few ways how to hide VM (main focus on VMWare) and tools – by hiding their files, processes, services + associated with them registry keys/values. SHODAN - Computer Search Engine [...]

Leave a Reply

Register for the Hybrid Identity Protection (HIP) Europe Conference!

Hybrid Identity Protection (HIP) Europe 2021 - Virtual Conference

Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. And with radical transformation come new business risks. Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric practitioners. At the inaugural HIP Europe, join your local IAM experts and Microsoft MVPs to learn all the latest from the Hybrid Identity world.