{"id":3678,"date":"2014-03-04T22:31:35","date_gmt":"2014-03-04T14:31:35","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3678"},"modified":"2015-01-06T06:58:12","modified_gmt":"2015-01-05T22:58:12","slug":"eyewitness-rapid-web-application-triage-tool","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2014\/03\/eyewitness-rapid-web-application-triage-tool\/","title":{"rendered":"EyeWitness \u2013 A Rapid Web Application Triage Tool"},"content":{"rendered":"
EyeWitness is a rapid web application triage tool designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.<\/p>\n
<\/p>\n
The author would love for EyeWitness to identify more default credentials of various web applications. So as you find devices which utilizes default credentials, please e-mail him the source code of the index page and the default credentials so he can add it in to EyeWitness. You can e-mail to EyeWitness [@] christophertruncer [dot] com.<\/p>\n
Inspiration came from Tim Tomes’s PeepingTom Script. The author just wanted to change some things, and then it became a thought exercise to write it again himself.<\/p>\n
EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or nessus xml output. The -t (timeout) flag is completely optional, and lets you provice the max time to wait when trying to render and screenshot a web page. The –open flag, which is optional, will open the URL in a new tab within iceweasel.<\/p>\n
Setup<\/strong><\/p>\n Navigate into the setup directory and run the setup.sh<\/em> script.<\/p>\n Usage<\/strong><\/p>\n Examples<\/strong><\/p>\n You can download EyeWitness here (Or clone the Github repo):<\/p>\n.\/EyeWitness.py -f filename -t optionaltimeout --open (Optional)<\/pre>\n
.\/EyeWitness -f urls.txt<\/pre>\n
.\/EyeWitness -f urls.xml -t 8 --open<\/pre>\n