-
Notifications
You must be signed in to change notification settings - Fork 62
Execution
This page will describe the command line options available in GraphSpy. For information on how to use the application itself, refer to the GraphSpy Usage section on this wiki.
After installing GraphSpy, running the GraphSpy application with its default configuration is as easy as running it without any arguments.
# Execute GraphSpy with default config
graphspy
________ _________
/ / by RedByte1337 __ / / vX.X.X
/ _____/___________ ______ | |__ / _____/_____ ______
/ \ __\_ __ \__ \ \____ \| | \ \_____ \\____ \ | |
\ \_\ \ | \/ __ \| |_> | \ \/ \ |_> \___ |
\______ /__| |____ | __/|___| /_______ / ___/ ____|
\/ \/|__| \/ \/|__| \/
[*] Utilizing database '/home/redbyte/.gspy/databases/database.db'.
[*] Starting GraphSpy. Open in your browser by going to the url displayed below.
* Serving Flask app 'GraphSpy.GraphSpy'
* Debug mode: off
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
* Running on http://127.0.0.1:5000
Press CTRL+C to quit
From that point, you can access GraphSpy by browsing to http://127.0.0.1:5000.
(The warning message from Flask is normal and can be ignored.)
If you want to run GraphSpy on a custom interface and port, you can use the -i and -p options respectively.
For example, to run GraphSpy on http://192.168.0.10:8080 instead, the following command can be used:
graphspy -i 192.168.0.10 -p 8080If you want to run GrahpSpy on all interfaces, use -i 0.0.0.0. Once GraphSpy is successfully started, the output will show a list of every interface it is listening on.
graphspy -i 0.0.0.0 -p 8080WARNING: GraphSpy is intended to be executed and accessed from your local machine through a localhost interface. It is not safe to expose the application on an untrusted network where other people might be able to access it, since there is no authentication built-in! In any case, never make GraphSpy accessible from the internet without restricting access through other means such as a reverse proxy, or source IP whitelist. Unauthorized access to your GraphSpy instance would not only put your system at risk, but also all sensitive information from your targets (such as access and refresh tokens) stored in the GraphSpy database.
By default, GraphSpy will initialize and connect to the default database.db. While you can easily create and change between databases from the GraphSpy settings page after launching the application, the -d <database_name> allows you to select which database to connect to on launch.
If no database with the provided name exists yet, GraphSpy will automatically create a new database.
All databases are stored at ~/.gspy/databases/. The folder structure is initialized at the first launch.
# Launch GraphSpy and connect to the acme.db database.
# If it does not exist yet, GraphSpy will create it
graphspy -d acme
# OR
graphspy -d acme.dbTo check the other options available in GraphSpy, use the -h flag to display the help message.
graphspy -h
________ _________
/ / by RedByte1337 __ / / vX.X.X
/ _____/___________ ______ | |__ / _____/_____ ______
/ \ __\_ __ \__ \ \____ \| | \ \_____ \\____ \ | |
\ \_\ \ | \/ __ \| |_> | \ \/ \ |_> \___ |
\______ /__| |____ | __/|___| /_______ / ___/ ____|
\/ \/|__| \/ \/|__| \/
usage: GraphSpy [-h] [-i INTERFACE] [-p PORT] [-d DATABASE] [--debug]
Launches the GraphSpy Flask application
options:
-h, --help show this help message and exit
-i INTERFACE, --interface INTERFACE
The interface to bind to. Use 0.0.0.0 for all interfaces. (Default = 127.0.0.1)
-p PORT, --port PORT The port to bind to. (Default = 5000)
-d DATABASE, --database DATABASE
Database file to utilize. (Default = database.db)
--debug Enable flask debug mode. Will show detailed stack traces when an error occurs.
For more information, see https://github.com/RedByte1337/GraphSpy
To proxy all HTTP(S) traffic made by the GraphSpy application (i.e. the server-side traffic from GraphSpy to the Internet), you can use the https_proxy environment variable.
On Linux systems, this can be achieved as follows:
https_proxy=http://127.0.0.1:8080 graphspyOn Windows devices, the following syntax can be used from PowerShell:
$env:HTTPS_PROXY = "http://127.0.0.1:8080"
grahpspyThis can be useful for debugging purposes by routing the traffic to Burp Suite for example, or for OPSEC reasons (e.g. if you want to route the traffic through a compromised device inside of the client's network). You can also proxy the traffic through Burp Suite, and then configure Burp Suite to use a SOCKS proxy for example (Bupr Suite > Settings > Network > Connections > SOCKS proxy).
To view the API calls sent between the browser and the GraphSpy server, configure a proxy in your browser itself as usual. (Refer to the architecture section for more information on the traffic flow from GraphSpy.
If you want GraphSpy to run as a background process on a Linux system, you can use setsid to achieve this.
For example:
# Switch to the root user
sudo su
# Run GraphSpy with any command line arguments, and save its command line output to a log file
setsid /home/kali/.local/bin/graphspy -i 0.0.0.0 > /opt/gspy_log.txt 2>&1 < /dev/null &