EyeWitness – A Rapid Web Application Triage Tool


EyeWitness is a rapid web application triage tool designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

EyeWitness

The author would love for EyeWitness to identify more default credentials of various web applications. So as you find devices which utilizes default credentials, please e-mail him the source code of the index page and the default credentials so he can add it in to EyeWitness. You can e-mail to EyeWitness [@] christophertruncer [dot] com.

Inspiration came from Tim Tomes’s PeepingTom Script. The author just wanted to change some things, and then it became a thought exercise to write it again himself.

EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or nessus xml output. The -t (timeout) flag is completely optional, and lets you provice the max time to wait when trying to render and screenshot a web page. The –open flag, which is optional, will open the URL in a new tab within iceweasel.

Setup

Navigate into the setup directory and run the setup.sh script.

Usage

Examples

You can download EyeWitness here (Or clone the Github repo):

master.zip

Or read more here.

Posted in: Hacking Tools, Privacy, Web Hacking

, , ,


Latest Posts:


SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.
Second Order - Subdomain Takeover Scanner Tool Second Order – Subdomain Takeover Scanner Tool
Second Order Subdomain Takeover Scanner Tool scans web apps for second-order subdomain takeover by crawling the application and collecting URLs (and other data)
Binwalk - Firmware Security Analysis & Extraction Tool Binwalk – Firmware Security Analysis & Extraction Tool
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering & extracting of firmware.


Comments are closed.