~/hackyfeed
> cat /dev/github | grep security-tools
discovered 30 Mar 2026

BlackWidow

Python ★ 1785 via github-topic
→ View on GitHub

AI Summary: BlackWidow is a Python-based web application spider designed for gathering critical information from target websites, including subdomains, URLs, dynamic parameters, email addresses, and phone numbers. It features an integrated fuzzer, Inject-X, which scans dynamic URLs for common OWASP vulnerabilities, and automatically saves collected data into organized text files. Notable functionalities include deep crawling with customizable levels, verbose logging, and support for fuzzing unique parameters for enhanced security testing.

README

alt tag

ABOUT:

BlackWidow is a python based web application spider to gather subdomains, URL’s, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL’s for common OWASP vulnerabilities.

DEMO VIDEO:

BlackWidow Demo

FEATURES:

  • Automatically collect all URL’s from a target website
  • Automatically collect all dynamic URL’s and parameters from a target website
  • Automatically collect all subdomains from a target website
  • Automatically collect all phone numbers from a target website
  • Automatically collect all email addresses from a target website
  • Automatically collect all form URL’s from a target website
  • Automatically scan/fuzz for common OWASP TOP vulnerabilities
  • Automatically saves all data into sorted text files

LINUX INSTALL:

sudo bash install.sh

USAGE:

blackwidow -u https://target.com - crawl target.com with 3 levels of depth.
blackwidow -d target.com -l 5 -v y - crawl the domain: target.com with 5 levels of depth with verbose logging enabled.
blackwidow -d target.com -l 5 -c 'test=test' - crawl the domain: target.com with 5 levels of depth using the cookie 'test=test'
blackwidow -d target.com -l 5 -s y -v y - crawl the domain: target.com with 5 levels of depth and fuzz all unique parameters for OWASP vulnerabilities with verbose logging on.
injectx.py -u https://test.com/uers.php?user=1&admin=true -v y - Fuzz all GET parameters for common OWASP vulnerabilities with verbose logging enabled.

SAMPLE REPORT:

alt tag

DOCKER:

git clone https://github.com/1N3/BlackWidow.git
cd BlackWidow
docker build -t blackwidow .
docker run -it blackwidow # Defaults to --help

LICENSE:

You may modify and re-distribute this software as long as the project name “BlackWidow”, credit to the author “xer0dayz” and website URL “https://sn1persecurity.com” are NOT mofified. Doing so will break the license agreement and a takedown notice will be issued.

DISCLAIMER:

This program is used for educational and ethical purposes only. I take no responsibility for any damages caused from using this program. By downloading and using this software, you agree that you take full responsibility for any damages and liability.

scanner web-security exploit osint python