{"id":13580270,"url":"https://github.com/blacklanternsecurity/MANSPIDER","last_synced_at":"2025-04-06T02:31:20.725Z","repository":{"id":43878593,"uuid":"248238912","full_name":"blacklanternsecurity/MANSPIDER","owner":"blacklanternsecurity","description":"Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!","archived":false,"fork":false,"pushed_at":"2024-07-18T06:14:04.000Z","size":161,"stargazers_count":1090,"open_issues_count":15,"forks_count":138,"subscribers_count":20,"default_branch":"master","last_synced_at":"2025-03-08T19:17:14.703Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blacklanternsecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-03-18T13:27:20.000Z","updated_at":"2025-03-06T17:00:00.000Z","dependencies_parsed_at":"2024-08-01T15:42:00.795Z","dependency_job_id":null,"html_url":"https://github.com/blacklanternsecurity/MANSPIDER","commit_stats":{"total_commits":52,"total_committers":5,"mean_commits":10.4,"dds":"0.21153846153846156","last_synced_commit":"e10bb6a5de6ac882d2c3513f3530313b591e77d7"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blacklanternsecurity%2FMANSPIDER","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blacklanternsecurity%2FMANSPIDER/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blacklanternsecurity%2FMANSPIDER/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blacklanternsecurity%2FMANSPIDER/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blacklanternsecurity","download_url":"https://codeload.github.com/blacklanternsecurity/MANSPIDER/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247425892,"owners_count":20937033,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T15:01:49.309Z","updated_at":"2025-04-06T02:31:20.416Z","avatar_url":"https://github.com/blacklanternsecurity.png","language":"Python","funding_links":[],"categories":["Python","Samba Enumerating"],"sub_categories":["Penetration Testing Report Templates"],"readme":"# MANSPIDER\n### Crawl SMB shares for juicy information. File content searching + regex is supported!\n\n### UPDATE 2023-10-15\n**[textract](https://github.com/deanmalmgren/textract), one of manspider's upstream dependencies, is no longer being updated. For this reason, you may run into problems when installing with pip. The recommended installation method is now [Docker](https://hub.docker.com/r/blacklanternsecurity/manspider):**\n\n```bash\ndocker run --rm -v ./manspider:/root/.manspider blacklanternsecurity/manspider --help\n```\n\nNote there is also a helper script `manspider.sh` which will automatically mount volumes for manspider's `loot` and `logs` directories, making it a bit more convenient to run:\n\n```bash\n./manspider.sh --help\n```\n\n![manspider](https://user-images.githubusercontent.com/20261699/74963251-6a08de80-53df-11ea-88f4-60c39665dfa2.gif)\n\n### File types supported:\n- `PDF`\n- `DOCX`\n- `XLSX`\n- `PPTX`\n- any text-based format\n- and many more!!\n\n### MANSPIDER will crawl every share on every target system. If provided creds don't work, it will fall back to \"guest\", then to a null session.\n![manspider](https://user-images.githubusercontent.com/20261699/80316979-f9ab7e80-87ce-11ea-9628-3c22a07e8378.png)\n\n### Installation:\n(Optional) Install these dependencies to add additional file parsing capability:\n~~~\n# for images (png, jpeg)\n$ sudo apt install tesseract-ocr\n\n# for legacy document support (.doc)\n$ sudo apt install antiword\n~~~\nInstall manspider (please be patient, this can take a while):\n~~~\n$ pip install pipx\n$ pipx install git+https://github.com/blacklanternsecurity/MANSPIDER\n~~~\n\n### Example #1: Search the network for filenames that may contain creds\nNOTE: matching files are automatically downloaded into `$HOME/.manspider/loot`! (`-n` to disable)\n~~~\n$ manspider 192.168.0.0/24 -f passw user admin account network login logon cred -d evilcorp -u bob -p Passw0rd\n~~~\n\n### Example #2: Search for spreadsheets with \"password\" in the filename\n~~~\n$ manspider share.evilcorp.local -f passw -e xlsx csv -d evilcorp -u bob -p Passw0rd\n~~~\n\n### Example #3: Search for documents containing passwords\n~~~\n$ manspider share.evilcorp.local -c passw -e xlsx csv docx pdf -d evilcorp -u bob -p Passw0rd\n~~~\n\n### Example #4: Search for interesting file extensions\n~~~\n$ manspider share.evilcorp.local -e bat com vbs ps1 psd1 psm1 pem key rsa pub reg pfx cfg conf config vmdk vhd vdi dit -d evilcorp -u bob -p Passw0rd\n~~~\n\n### Example #5: Search for finance-related files\nThis example searches financy-sounding directories for filenames containing 5 or more consecutive numbers (e.g. `000202006.EFT`)\n~~~\n$ manspider share.evilcorp.local --dirnames bank financ payable payment reconcil remit voucher vendor eft swift -f '[0-9]{5,}' -d evilcorp -u bob -p Passw0rd\n~~~\n\n### Example #6: Search for SSH keys by filename\n~~~\n$ manspider share.evilcorp.local -e ppk rsa pem ssh rsa -o -f id_rsa id_dsa id_ed25519 -d evilcorp -u bob -p Passw0rd\n~~~\n\n### Example #7: Search for SSH keys by content\n~~~\n$ manspider share.evilcorp.local -e '' -c 'BEGIN .{1,10} PRIVATE KEY' -d evilcorp -u bob -p Passw0rd\n~~~\n\n### Example #8: Search for password manager files\n~~~bash\n# .kdbx - KeePass Password Database (KeePass, KeePassXC)\n# .kdb - KeePass Classic Database (KeePass 1.x)\n# .1pif - 1Password Interchange Format (1Password)\n# .agilekeychain - Agile Keychain Format (1Password, deprecated)\n# .opvault - OPVault Format (1Password)\n# .lpd - LastPass Data File (LastPass)\n# .dashlane - Dashlane Data File (Dashlane)\n# .psafe3 - Password Safe Database (Password Safe)\n# .enpass - Enpass Password Manager Data File (Enpass)\n# .bwdb - Bitwarden Database (Bitwarden)\n# .msecure - mSecure Password Manager Data File (mSecure)\n# .stickypass - Sticky Password Data File (Sticky Password)\n# .pwm - Password Memory Data File (Password Memory)\n# .rdb - RoboForm Data File (RoboForm)\n# .safe - SafeInCloud Password Manager Data File (SafeInCloud)\n# .zps - Zoho Vault Encrypted Data File (Zoho Vault)\n# .pmvault - SplashID Safe Data File (SplashID Safe)\n# .mywallet - MyWallet Password Manager Data File (MyWallet)\n# .jpass - JPass Password Manager Data File (JPass)\n# .pwmdb - Universal Password Manager Database (Universal Password Manager)\n$ manspider share.evilcorp.local -e kdbx kdb 1pif agilekeychain opvault lpd dashlane psafe3 enpass bwdb msecure stickypass pwm rdb safe zps pmvault mywallet jpass pwmdb -d evilcorp -u bob -p Passw0rd\n~~~\n\n### Example #9: Search for certificates\n~~~\n$ manspider share.evilcorp.local -e pfx p12 pkcs12 pem key crt cer csr jks keystore key keys der -d evilcorp -u bob -p Passw0rd\n~~~\n\n### Usage Tip #1:\nYou can run multiple instances of manspider at one time. This is useful when one instance is already running, and you want to search what it's downloaded (similar to `grep -R`). To do this, specify the keyword `loot` as the target, which will search the downloaded files in `$HOME/.manspider/loot`.\n\n### Usage Tip #2:\nReasonable defaults help prevent unwanted scenarios like getting stuck on a single target. All of these can be overridden:\n- **default spider depth: 10** (override with `-m`)\n- **default max filesize: 10MB** (override with `-s`)\n- **default threads: 5** (override with `-t`)\n- **shares excluded: `C$`, `IPC$`, `ADMIN$`, `PRINT$`** (override with `--exclude-sharenames`)\n\n### Usage Tip #3:\nManspider accepts any combination of the following as targets:\n- IPs\n- hostnames\n- subnets (CIDR format)\n- files containing any of the above\n- local folders containing files\n\nFor example, you could specify any or all of these:\n- **`192.168.1.250`**\n- **`share.evilcorp.local`**\n- **`192.168.1.0/24`**\n- **`smb_hosts.txt`**\n- **`loot`** (to search already-downloaded files)\n- **`/mnt/share`** (to recursively search a directory)\n - NOTE: when searching local files, you must specify a directory, not an individual file\n\n## Usage:\n~~~\nusage: manspider [-h] [-u USERNAME] [-p PASSWORD] [-d DOMAIN] [-m MAXDEPTH] [-H HASH] [-t THREADS] [-f REGEX [REGEX ...]] [-e EXT [EXT ...]] [--exclude-extensions EXT [EXT ...]]\n [-c REGEX [REGEX ...]] [--sharenames SHARE [SHARE ...]] [--exclude-sharenames [SHARE ...]] [--dirnames DIR [DIR ...]] [--exclude-dirnames DIR [DIR ...]] [-q] [-n]\n [-mfail INT] [-o] [-s SIZE] [-v]\n targets [targets ...]\n\nScan for juicy data on SMB shares. Matching files and logs are stored in $HOME/.manspider. All filters are case-insensitive.\n\npositional arguments:\n targets IPs, Hostnames, CIDR ranges, or files containing targets to spider (NOTE: local searching also supported, specify directory name or keyword \"loot\" to search\n downloaded files)\n\noptional arguments:\n -h, --help show this help message and exit\n -u USERNAME, --username USERNAME\n username for authentication\n -p PASSWORD, --password PASSWORD\n password for authentication\n -d DOMAIN, --domain DOMAIN\n domain for authentication\n -m MAXDEPTH, --maxdepth MAXDEPTH\n maximum depth to spider (default: 10)\n -H HASH, --hash HASH NTLM hash for authentication\n -t THREADS, --threads THREADS\n concurrent threads (default: 5)\n -f REGEX [REGEX ...], --filenames REGEX [REGEX ...]\n filter filenames using regex (space-separated)\n -e EXT [EXT ...], --extensions EXT [EXT ...]\n only show filenames with these extensions (space-separated, e.g. `docx xlsx` for only word \u0026 excel docs)\n --exclude-extensions EXT [EXT ...]\n ignore files with these extensions\n -c REGEX [REGEX ...], --content REGEX [REGEX ...]\n search for file content using regex (multiple supported)\n --sharenames SHARE [SHARE ...]\n only search shares with these names (multiple supported)\n --exclude-sharenames [SHARE ...]\n don't search shares with these names (multiple supported)\n --dirnames DIR [DIR ...]\n only search directories containing these strings (multiple supported)\n --exclude-dirnames DIR [DIR ...]\n don't search directories containing these strings (multiple supported)\n -q, --quiet don't display matching file content\n -n, --no-download don't download matching files\n -mfail INT, --max-failed-logons INT\n limit failed logons\n -o, --or-logic use OR logic instead of AND (files are downloaded if filename OR extension OR content match)\n -s SIZE, --max-filesize SIZE\n don't retrieve files over this size, e.g. \"500K\" or \".5M\" (default: 10M)\n -v, --verbose show debugging messages\n~~~\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblacklanternsecurity%2FMANSPIDER","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblacklanternsecurity%2FMANSPIDER","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblacklanternsecurity%2FMANSPIDER/lists"}