Skip to content

Execution

RedByte edited this page Dec 31, 2024 · 4 revisions

This page will describe the command line options available in GraphSpy. For information on how to use the application itself, refer to the GraphSpy Usage section on this wiki.

Quick start

After installing GraphSpy, running the GraphSpy application with its default configuration is as easy as running it without any arguments.

# Execute GraphSpy with default config
graphspy

   ________                             _________
  /       /  by RedByte1337    __      /        /      vX.X.X
 /  _____/___________  ______ |  |__  /   _____/_____ ______ 
/   \  __\_  __ \__  \ \____ \|  |  \ \_____  \\____ \   |  |
\    \_\  \  | \/  __ \|  |_> |   \  \/        \  |_> \___  |
 \______  /__|  |____  |   __/|___|  /_______  /   ___/ ____|
        \/           \/|__|        \/        \/|__|   \/
                
[*] Utilizing database '/home/redbyte/.gspy/databases/database.db'.
[*] Starting GraphSpy. Open in your browser by going to the url displayed below.

 * Serving Flask app 'GraphSpy.GraphSpy'
 * Debug mode: off
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
 * Running on http://127.0.0.1:5000
Press CTRL+C to quit

From that point, you can access GraphSpy by browsing to http://127.0.0.1:5000.

(The warning message from Flask is normal and can be ignored.)

Custom interface

If you want to run GraphSpy on a custom interface and port, you can use the -i and -p options respectively.

For example, to run GraphSpy on http://192.168.0.10:8080 instead, the following command can be used:

graphspy -i 192.168.0.10 -p 8080

If you want to run GrahpSpy on all interfaces, use -i 0.0.0.0. Once GraphSpy is successfully started, the output will show a list of every interface it is listening on.

graphspy -i 0.0.0.0 -p 8080

WARNING: GraphSpy is intended to be executed and accessed from your local machine through a localhost interface. It is not safe to expose the application on an untrusted network where other people might be able to access it, since there is no authentication built-in! In any case, never make GraphSpy accessible from the internet without restricting access through other means such as a reverse proxy, or source IP whitelist. Unauthorized access to your GraphSpy instance would not only put your system at risk, but also all sensitive information from your targets (such as access and refresh tokens) stored in the GraphSpy database.

Custom database

By default, GraphSpy will initialize and connect to the default database.db. While you can easily create and change between databases from the GraphSpy settings page after launching the application, the -d <database_name> allows you to select which database to connect to on launch.

If no database with the provided name exists yet, GraphSpy will automatically create a new database.

All databases are stored at ~/.gspy/databases/. The folder structure is initialized at the first launch.

# Launch GraphSpy and connect to the acme.db database.
# If it does not exist yet, GraphSpy will create it
graphspy -d acme
# OR
graphspy -d acme.db

Other arguments

To check the other options available in GraphSpy, use the -h flag to display the help message.

graphspy -h                                                                                                                                                                                                                                                                                                            

   ________                             _________
  /       /  by RedByte1337    __      /        /      vX.X.X
 /  _____/___________  ______ |  |__  /   _____/_____ ______ 
/   \  __\_  __ \__  \ \____ \|  |  \ \_____  \\____ \   |  |
\    \_\  \  | \/  __ \|  |_> |   \  \/        \  |_> \___  |
 \______  /__|  |____  |   __/|___|  /_______  /   ___/ ____|
        \/           \/|__|        \/        \/|__|   \/
                
usage: GraphSpy [-h] [-i INTERFACE] [-p PORT] [-d DATABASE] [--debug]

Launches the GraphSpy Flask application

options:
  -h, --help            show this help message and exit
  -i INTERFACE, --interface INTERFACE
                        The interface to bind to. Use 0.0.0.0 for all interfaces. (Default = 127.0.0.1)
  -p PORT, --port PORT  The port to bind to. (Default = 5000)
  -d DATABASE, --database DATABASE
                        Database file to utilize. (Default = database.db)
  --debug               Enable flask debug mode. Will show detailed stack traces when an error occurs.

For more information, see https://github.com/RedByte1337/GraphSpy

Using a proxy

To proxy all HTTP(S) traffic made by the GraphSpy application (i.e. the server-side traffic from GraphSpy to the Internet), you can use the https_proxy environment variable.

On Linux systems, this can be achieved as follows:

https_proxy=http://127.0.0.1:8080 graphspy

On Windows devices, the following syntax can be used from PowerShell:

$env:HTTPS_PROXY = "http://127.0.0.1:8080"
grahpspy

This can be useful for debugging purposes by routing the traffic to Burp Suite for example, or for OPSEC reasons (e.g. if you want to route the traffic through a compromised device inside of the client's network). You can also proxy the traffic through Burp Suite, and then configure Burp Suite to use a SOCKS proxy for example (Bupr Suite > Settings > Network > Connections > SOCKS proxy).

To view the API calls sent between the browser and the GraphSpy server, configure a proxy in your browser itself as usual. (Refer to the architecture section for more information on the traffic flow from GraphSpy.

Running as a daemon

If you want GraphSpy to run as a background process on a Linux system, you can use setsid to achieve this.

For example:

# Switch to the root user
sudo su
# Run GraphSpy with any command line arguments, and save its command line output to a log file
setsid /home/kali/.local/bin/graphspy -i 0.0.0.0 > /opt/gspy_log.txt 2>&1 < /dev/null &
Clone this wiki locally