如何使用 SpiderFoot CLI 从网站提取比特币钱包地址和余额 - iYouPort
如何使用 SpiderFoot CLI 从网站提取比特币钱包地址和余额
- 使用一个强大的开源情报工具
【按】我们有一个专门板块 “监视区块链和返现金之战” 在 列表-2 中。加密货币追踪是近年来的热门议题,尤其是全球最厉害的间谍机构,往往投入最大的资源以追踪各种加密货币,由此催生了一大群监视技术公司进入开发相关工具的轨道。
众所周知, 追踪金钱 是挖掘腐败和有组织犯罪的最有效战术, 于是对加密货币的追踪也是直接行动活动家所关注的热门技能 。可惜 这不是一个公平的游戏 ,政府间谍的 “优势” 在最后一步:他们可以威胁加密货币服务提供商交出用户的身份。而活动家往往无法做到。
但活动家依旧可以在此进行足够深入的调查,并结合其他渠道获得的情报,以得出有效的见解。本文就是一个很好的用例。
我们去年推荐过一本书,见下图,您可以在这里下载《 追踪加密货币交易 》:
在本文中,null-byte尝试使用我们曾经介绍过的工具 “蜘蛛脚” 进行加密货币追踪调查,关于蜘蛛脚,见《 如何自动执行情报搜集?蜘蛛脚入门指南 》、《 揭露加密货币投资骗局:蜘蛛脚演示自动化开源情报调查 》。
SpiderFoot 总体上是一个很好的自动化 开源情报工具 ,它有两个不同的版本:免费的开源项目和一个付费服务 SpiderFoot HX,一年的费用差不多是800美元。对于本文的使用来说,免费版本足以调查比特币钱包和余额,而且不需要运行一个网络服务器来进行调查,如果您在命令行界面之外使用 SpiderFoot,这一点是必要的。
比方说,一个组织正在使用比特币筹集资金。不管是合法的还是非法的组织募捐,您都可以先通过刮取网站来定位任何与该组织的域名相关联的比特币钱包地址来监控它的表现。然后,您可以将这些数据传递到一个查询中,找出每个面向公众的钱包中的确切余额。
需要什么
要使用 SpiderFoot 的CLI,您需要安装Python 3,新的 Linux、macOS 和 Windows 系统都预装了Python 3。如果没有,或者您有一个旧版本的 Python,Python 3 很容易 下载和安装 。
步骤1:安装 SpiderFoot
我们不打算去 SpiderFoot 的网站 上获取这个工具。相反,我们将从 它的 GitHub 库 中获取。除了本文要做的事之外,SpiderFoot 还有很多好用的地方,所以一定要去它的 GitHub 看看它还能做什么。
它还有一个 SpiderFoot 可以使用的模块列表,这些模块可以组合在一起,以执行非常具体的搜索查询。
我们稍后将使用两个模块:一个是搜索网站上的比特币地址,另一个是将这些地址传递给余额查询。但首先,要通过 git 下载 SpiderFoot,在终端发出以下命令:
~$ git clone https://github.com/smicallef/spiderfoot.git
Cloning into 'spiderfoot'...
remote: Enumerating objects: 43, done.
remote: Counting objects: 100% (43/43), done.
remote: Compressing objects: 100% (36/36), done.
remote: Total 20781 (delta 17), reused 18 (delta 7), pack-reused 20738
Receiving objects: 100% (20781/20781), 13.89 MiB | 9.34 MiB/s, done.
Resolving deltas: 100% (16727/16727), done.
然后,转到其目录和执行列表 ( ls ).
~$ cd spiderfoot
~/spiderfoot$ ls
dicts modules sfcli.py static
Dockerfile passwd sflib.py test
dyn README.md sf.py THANKYOU
generate-certificate requirements_test.txt sfscan.py VERSION
LICENSE requirements.txt sfwebui.py
log setup.cfg spiderfoot
您可以看到一个 requirements.txt 文件,所以在继续之前确保用 pip3 安装它。如果不这样做 SpiderFoot 有可能会失败,因为它没有正确运行所需的所有依赖项。
~/spiderfoot$ pip3 install -r requirements.txt
Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: adblockparser>=0.7 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 1)) (0.7)
Requirement already satisfied: dnspython>=1.16.0 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 2)) (2.0.0)
Requirement already satisfied: exifread>=2.1.2 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 3)) (2.3.2)
Requirement already satisfied: CherryPy>=18.0 in /home/kali/.local/lib/python3.8/site-packages (from -r requirements.txt (line 4)) (18.6.0)
Requirement already satisfied: cherrypy-cors>=1.6 in /home/kali/.local/lib/python3.8/site-packages (from -r requirements.txt (line 5)) (1.6)
Requirement already satisfied: Mako>=1.0.4 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 6)) (1.1.3)
Requirement already satisfied: beautifulsoup4>=4.4.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 7)) (4.9.3)
Requirement already satisfied: lxml>=4.6.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 8)) (4.6.1)
Requirement already satisfied: netaddr>=0.7.18 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 9)) (0.7.19)
Requirement already satisfied: pysocks>=1.7.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 10)) (1.7.1)
Requirement already satisfied: requests>=2.20.0 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 11)) (2.24.0)
Requirement already satisfied: ipwhois==1.0.0 in /home/kali/.local/lib/python3.8/site-packages (from -r requirements.txt (line 12)) (1.0.0)
Requirement already satisfied: ipaddr>=2.2.0 in /home/kali/.local/lib/python3.8/site-packages (from -r requirements.txt (line 13)) (2.2.0)
Requirement already satisfied: phonenumbers>=8.12.9 in /home/kali/.local/lib/python3.8/site-packages (from -r requirements.txt (line 14)) (8.12.13)
Requirement already satisfied: pygexf>=0.2.2 in /home/kali/.local/lib/python3.8/site-packages (from -r requirements.txt (line 15)) (0.2.2)
Requirement already satisfied: PyPDF2>=1.26.0 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 16)) (1.26.0)
Requirement already satisfied: stem>=1.7.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 17)) (1.8.0)
Requirement already satisfied: python-whois>=0.7.1 in /home/kali/.local/lib/python3.8/site-packages (from -r requirements.txt (line 18)) (0.7.3)
Requirement already satisfied: secure>=0.2.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 19)) (0.2.1)
Requirement already satisfied: pyOpenSSL>=17.5.0 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 20)) (19.1.0)
Requirement already satisfied: python-docx>=0.8.10 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 21)) (0.8.10)
Requirement already satisfied: python-pptx>=0.6.18 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 22)) (0.6.18)
Requirement already satisfied: networkx>=2.5 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 23)) (2.5)
Requirement already satisfied: cryptography>=3.2.1 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 24)) (3.2.1)
Requirement already satisfied: publicsuffixlist>=0.7.3 in /home/kali/.local/lib/python3.8/site-packages (from -r requirements.txt (line 25)) (0.7.5)
Requirement already satisfied: portend>=2.1.1 in /home/kali/.local/lib/python3.8/site-packages (from CherryPy>=18.0->-r requirements.txt (line 4)) (2.7.0)
Requirement already satisfied: more-itertools in /usr/lib/python3/dist-packages (from CherryPy>=18.0->-r requirements.txt (line 4)) (4.2.0)
Requirement already satisfied: zc.lockfile in /home/kali/.local/lib/python3.8/site-packages (from CherryPy>=18.0->-r requirements.txt (line 4)) (2.0)
Requirement already satisfied: cheroot>=8.2.1 in /home/kali/.local/lib/python3.8/site-packages (from CherryPy>=18.0->-r requirements.txt (line 4)) (8.4.7)
Requirement already satisfied: jaraco.collections in /home/kali/.local/lib/python3.8/site-packages (from CherryPy>=18.0->-r requirements.txt (line 4)) (3.0.0)
Requirement already satisfied: httpagentparser>=1.5 in /home/kali/.local/lib/python3.8/site-packages (from cherrypy-cors>=1.6->-r requirements.txt (line 5)) (1.9.0)
Requirement already satisfied: soupsieve>1.2 in /usr/lib/python3/dist-packages (from beautifulsoup4>=4.4.1->-r requirements.txt (line 7)) (2.0.1)
Requirement already satisfied: future in /usr/lib/python3/dist-packages (from python-whois>=0.7.1->-r requirements.txt (line 18)) (0.18.2)
Requirement already satisfied: tempora>=1.8 in /home/kali/.local/lib/python3.8/site-packages (from portend>=2.1.1->CherryPy>=18.0->-r requirements.txt (line 4)) (4.0.1)
Requirement already satisfied: setuptools in /usr/lib/python3/dist-packages (from zc.lockfile->CherryPy>=18.0->-r requirements.txt (line 4)) (50.3.0)
Requirement already satisfied: jaraco.functools in /home/kali/.local/lib/python3.8/site-packages (from cheroot>=8.2.1->CherryPy>=18.0->-r requirements.txt (line 4)) (3.0.1)
Requirement already satisfied: six>=1.11.0 in /usr/lib/python3/dist-packages (from cheroot>=8.2.1->CherryPy>=18.0->-r requirements.txt (line 4)) (1.15.0)
Requirement already satisfied: jaraco.text in /home/kali/.local/lib/python3.8/site-packages (from jaraco.collections->CherryPy>=18.0->-r requirements.txt (line 4)) (3.2.0)
Requirement already satisfied: jaraco.classes in /home/kali/.local/lib/python3.8/site-packages (from jaraco.collections->CherryPy>=18.0->-r requirements.txt (line 4)) (3.1.0)
Requirement already satisfied: pytz in /usr/lib/python3/dist-packages (from tempora>=1.8->portend>=2.1.1->CherryPy>=18.0->-r requirements.txt (line 4)) (2020.4)
如果您通过上面的命令安装有问题,可以先用 apt update 试试,然后再继续。如果仍然有问题,请在前面运行 sudo 命令。
步骤2:确保 SpiderFoot 工作正常
现在 SpiderFoot 已经全部准备好了,是时候开始使用它了,用命令行参数传递我们希望返回的信息。从上面执行的列表中,您会看到 sf.py 文件,这就是我们将在这里使用的主要程序。试着运行它一下,看看它是否能正常工作:
~/spiderfoot$ python3 ./sf.py
You must specify a target when running in scan mode. Try --help for guidance.
如果您看到了其他东西,或者如果您现在或在后面的步骤中遇到了错误,可以返回去用 pip3 重新安装 request.txt。如果还不行,就用 sudo 安装,这样应该可以修复任何丢失的模块。
现在,让我们快速浏览一下帮助页面,看看使用说明。
~/spiderfoot$ python3 ./sfcli.py --help
usage: sf.py [-h] [-d] [-l IP:port] [-m mod1,mod2,...] [-M] [-s TARGET]
[-t type1,type2,...] [-T] [-o tab|csv|json] [-n] [-r] [-S LENGTH]
[-D DELIMITER] [-f] [-F FILTER] [-x] [-q]
SpiderFoot 3.0: Open Source Intelligence Automation.
optional arguments:
-h, --help show this help message and exit
-d, --debug Enable debug output.
-l IP:port IP and port to listen on.
-m mod1,mod2,... Modules to enable.
-M, --modules List available modules.
-s TARGET Target for the scan.
-t type1,type2,... Event types to collect.
-T, --types List available event types.
-o tab|csv|json Output format. Tab is default.
-n Strip newlines from data.
-r Include the source data field in tab/csv output.
-S LENGTH Maximum data length to display. By default, all data is
shown.
-D DELIMITER Delimiter to use for CSV output. Default is ,.
-f Filter out other event types that weren't requested with
-t.
-F FILTER Filter out a set of event types.
-x STRICT MODE. Will only enable modules that can directly
consume your target, and if -t was specified only those
events will be consumed by modules. This overrides -t
and -m options.
-q Disable logging.
步骤3:扫描比特币地址和余额
现在来看一个比特币地址和钱包余额,这是我们从一个网站上搜到的。我们要把几个东西链接在一起才行。这就是模块发挥作用的地方。
~/spiderfoot$ python3 ./sf.py -m sfp_spider,sfp_bitcoin,sfp_blockchain -s websiteurl.com -F -q BITCOIN_ADDRESS,BITCOIN_BALANCE -q
在上面您可以看到我们正在使用的命令。命令的第一部分是用 Python 3 启动 SpiderFoot 工具。 -m 表示您使用的是一个或多个模块,在它后面就是模块,用逗号隔开。
sfp_spider 模块会对我们要扫描的网站网页进行蜘蛛式搜索,找到里面的所有信息。 sfp_bitcoin 模块会将通过 spidering 找到的所有比特币钱包地址隔离出来。而 sfp_blockchain 模块将把比特币地址传递给API,由API来确定钱包中存储的具体金额。
接下来在命令中,使用 -s ,后面是网站URL,这将让我们选择目标网站。然后,用 -F 来过滤出一组事件类型,特别是 BITCOIN_ADDRESS 和 BITCOIN_BALANCE 。这就是我们要找的信息。最后, -q 用来隐藏输出中的所有信息,除了我们想要的东西。
现在以 bitcoinforcharity.com 为例,在一个真实的网站上运行它。
~/spiderfoot$ python3 ./sf.py -m sfp_spider,sfp_bitcoin,sfp_blockchain -s bitcoinforcharity.com -F BITCOIN_ADDRESS,BITCOIN_BALANCE -q
Source Type Data
sfp_bitcoin Bitcoin Address 1HesYJSP1QqcyPEjnQ9vzBL1wujruNGe7R
sfp_blockchain Bitcoin Balance 0.00021 BTC
sfp_bitcoin Bitcoin Address 16Sy8mvjyNgCRYS14m1Rtca3UfrFPzz9eJ
sfp_blockchain Bitcoin Balance 0.24481116 BTC
sfp_bitcoin Bitcoin Address 1M72Sfpbz1BPpXFHz9m3CdqATR44Jvaydd
sfp_blockchain Bitcoin Balance 1.62908644 BTC
sfp_bitcoin Bitcoin Address 1946W6LDsEYF9B5sPYDKfwLw6YBZuHns4L
sfp_blockchain Bitcoin Balance 0.02344126 BTC
sfp_bitcoin Bitcoin Address 1PC9aZC4hNX2rmmrt7uHTfYAS3hRbph4UN
sfp_blockchain Bitcoin Balance 1.89378293 BTC
sfp_bitcoin Bitcoin Address 1PAt5oKQGBRigFDY6fB2WgQTtQJNzFyTDr
sfp_blockchain Bitcoin Balance 0.0 BTC
sfp_bitcoin Bitcoin Address 1NgiUwkhYVYMy3eoMC9dHcvdHejGxcuaWm
sfp_blockchain Bitcoin Balance 0.06070947 BTC
sfp_bitcoin Bitcoin Address 1M87hiTAa49enJKVeT9gzLjYmJoYh9V98
sfp_blockchain Bitcoin Balance 0.0 BTC
sfp_bitcoin Bitcoin Address 1CU5YgjquupDw6UeXEyA9VEBH34R7fZ19b
sfp_blockchain Bitcoin Balance 0.16549195 BTC
sfp_bitcoin Bitcoin Address 16DEzKc9fX4XfgGzEvQUJmoYeUrbRNXqxe
sfp_blockchain Bitcoin Balance 0.18967667 BTC
sfp_bitcoin Bitcoin Address 1AS3TiTqgJZK6CfNfqcbPXSx4PTFvfghvF
sfp_blockchain Bitcoin Balance 0.0 BTC
sfp_bitcoin Bitcoin Address 1Archive1n2C579dMsAu3iC6tWzuQJz8dN
sfp_blockchain Bitcoin Balance 3.17865301 BTC
从上面的输出中可以看到,该慈善机构有多个公开的比特币地址,由此我们看到确切的比特币钱包的金额。该机构并没有真正筹集到任何比特币,3.17865301 BTC 是最多的金额。如果您正在寻找一个通过加密货币转移大量资金的网站,这里的数字会很大。
步骤4:扫描 Ethereum 地址
对于 Ethereum 来说,您可以使用不同的命令结构来获取网站上发现的所有钱包地址,但您将无法像比特币那样获得任何余额。为了快速演示,我们将扫描 etherdonation.com。
~/spiderfoot$ python3 ./sf.py -m sfp_spider,sfp_ethereum -s etherdonation.com -F ETHEREUM_ADDRESS -q
Source Type Data
sfp_ethereum Ethereum Address 0xed6ca7d908f897d0b0d5f9b9e7aa470698e10b1b
sfp_ethereum Ethereum Address 0xed6ca7d908f897d0b0d5f9b9e7aa470698e10b1b
sfp_ethereum Ethereum Address 0xed6ca7d908f897d0b0d5f9b9e7aa470698e10b1b
sfp_ethereum Ethereum Address 0xed6ca7d908f897d0b0d5f9b9e7aa470698e10b1b
sfp_ethereum Ethereum Address 0xed6ca7d908f897d0b0d5f9b9e7aa470698e10b1b
sfp_ethereum Ethereum Address 0xed6ca7d908f897d0b0d5f9b9e7aa470698e10b1b
这里所做的只是使用 sfp_spider 和 Spider-ether 模块、以及以太坊发现模块 sfp_ethereum。而且去掉了余额的过滤器,因为我们找不到 Ethereum 的余额。
简单而强大
如果您想看到一些比特币交易量最大的组织,您可以在 google 上搜索类似 “top 100 bitcoin addresses” 这样的东西,然后选择一个排名靠前的结果进行监测。然后,您可以在命令中使用该网站的URL来查看哪些比特币地址的BTC移动量最大。⚪️
Extract Bitcoin Wallet Addresses & Balances from Websites with SpiderFoot CLI
文章版权归原作者所有。