Anti-Spy Advice Page

Sam Spade

Sam Spade Features

Environment

Each tool displays it's output in it's own window, and everything is multi-threaded so you don't need to wait for one query to complete before starting the next one
Some functions are threaded still further to allow lazy reverse DNS lookups (never do a traceroute -n again)
The output from each query is hotlinked, so you can right click on an email address, IP address, hostname or internic tag to run another query on it
Appending the results of a query to the log window is a single button function
There's a lot of online help, in both WinHelp and HTMLHelp formats. This includes tutorials, background information and links to online resources as well as the program manual itself

Tools
ping, nslookup, whois, IP block whois, dig, traceroute, finger, SMTP VRFY
web browser, keep-alive, DNS zone transfer, SMTP relay check
Usenet cancel check, websit download, website search, email header analysis
Email blacklist query, Abuse address query, S-Lang scripting, Time

ping
ping a network host to see if it's alive, and to see how long it takes packets to get there and back

nslookup
Find the IP address from a hostname, or vice-versa

whois
Ask a whois server who owns a domain name. Sam Spade will usually ask the right whois server automatically, or you can query a particular server. Whois queries for .com/.net/.org addresses are directed to the correct registrar automatically.

IP block whois
Ask a whois server who owns a block of IP addresses

dig
A more advanced DNS query tool. Dig asks a DNS server for all the information it has about a host

traceroute
Find the route packets take between you and a remote system. Both a slow, step-by-step mode and a fast parallel query mode are available.

finger
Lookup user information on a remote unix system

SMTP VRFY
Ask a mail-server whether an email address is real and whether it's being forwarded to other addresses. Also attempt partial delivery to a range of addresses to discover whether a given address is valid or not.

web browser
Browse the web, viewing the raw HTTP traffic rather than the rendered HTML. This lets you see the http headers and the raw HTML. Very handy for debugging CGI scripts.

It will not send any identifying information to the webserver, and by not supporting file download, java, javascript, cookies or anything else it has far fewer security holes than real browsers. As it doesn't render the HTML it makes attempts to hide information (such as hidden form fields, white-on-white text, meta fields etc.) obvious. These make it a useful tool for investigating malign websites

keep-alive
Sends http packets to your ISPs webserver every minute or so, to keep a dialup link active

DNS zone transfer
This asks a DNS server for all the information it has about a domain. It automatically finds the authoritative servers for a domain and will query one or all of them.

SMTP relay check
This checks whether a mailserver is secure. It attempts to send email back to yourself via somebody elses email server (one which you're not supposed to have access to). Hopefully it'll fail, but if it doesn't the mailserver is open to all sorts of abuse and the administrator needs to secure it

Usenet cancel check
This asks your local news-server to look for cancelled messages in a set of groups

website download
This will copy a website to disk.

website search
This searches a website for anything matching a list of patterns

email header analysis
This will check the Received lines in an email header for consistency. It can help in tracking down the true source of forged email

Blacklist lookups
This will check the Realtime Blackhole List, Dialup User List and Relayed Spam Source List to see if any of a hosts addresses are listed

abuse.net query
This will identify the email address responsible for abuse issues at a given domain using the database maintained by abuse.net

S-Lang scripting
Many features can be configured and scripted using the embedded S-Lang scripting language.

Time
Query a remote host to see what time it thinks it is, via a range of protocols including SNTP. Optionally set the local systems time via SNTP at each application startup.