SamSpade and SamSpade.org
In hacking parlance, “SamSpade” can refer to either the SamSpade network scanning and query tool or to the defunct SamSpade.org website that offered various network lookup features.
Although SamSpade.org is offline, you can still download the SamSpade security tool on Softpedia or on PCWorld. Version 1.14 was released in December 1999, making SamSpade one of the oldest network security tools. SamSpade has not been updated since that time.
Like many of the tools described in this blog, SamSpade is basically a graphical program providing a collection of network query commands, each of which is available individually for command line use (for example, nslookup, whois, tracert/traceroute, etc).
As you can see, the SamSpade graphical user interface (GUI) is dated and not entirely intuitive, so each section will be explained.
The address bar in the top left corner is where you type the IP address or domain name to be queried. If you enter an IP address in this field and type ‘Enter’ or click the arrow, SamSpade will attempt to look up the owner of this address. If you enter a domain name, a Whois query on that name will be performed.
The numeric field to the right of the pink arrow lets you specify the quantity of packets to send with each ping.
The drop-down menu to the right of the ping count field lets you choose which server to use for whois queries. If you keep this field as its ‘Magic’ default, SamSpade will try multiple servers if needed to find the owner of the block.
The next field over (top right corner) lets you specify a DNS server to use.
The last section of the top menu lets you configure SamSpade to use one window or multiple windows when you use its Web function (described below).
The buttons on the left side of the GUI are more self-explanatory since they are labeled. Here you will find the options for ping, DNS (forward and reverse lookups), whois, IP block lookup, dig, traceroute, finger, SMTP (for email addresses), time (to check the time on a remote host), Web (to view the HTML source code of a webpage), Awake (to keep a dialup connection alive), RBL (to check if an address is listed in a Mail Abuse Prevention System [MAPS] blacklist), and Abuse (to find the abuse email address for a domain). The functions of these buttons can also be accessed in File -> Tools.
To access SamSpade’s configuration options, select Edit -> Options.
In the Advanced tab you can enable DNS zone transfers, active probing (enables port scanning), and relay checking (a way to tell whether an SMTP server allows anyone to relay email by trying to relay an email through it back to your email address).
To read more on SamSpade, consult the program’s Help file by selecting Help -> Help Topics (to read the SamSpade Help file on Windows Vista or Windows 7, you must install Microsoft’s WinHLP32.exe manually). Additionally, Windows IT Pro offers its own review of SamSpade.
If you found the content of this article helpful and want to expand your knowledge further, please consider buying a relevant book using the links below. Thanks!