EyeWitness - A Rapid Web Application Triage Tool
We, at ehacking used to share tools that can make the penetration testing process easy and effective. You might have seen EH Tools shared before and you will witness the tools that we will share later, but today I have an interesting tool to discuss; it’s called EyeWitness. Chris Truncer is the man behind this tool; it has been designed to run on Kali Linux.
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
EyeWitness is designed to take a file, parse out the URLs, take a screenshot of the web pages, and generate a report of the screenshot along with some server header information. EyeWitness is able to parse three different types of files, a general text file with each url on a new line, the xml output from a NMap scan, or a .nessus file. Jason Hill (@jasonhillva) worked on creating the XML parsing code for EyeWitness, and provided a lot of feedback throughout writing it.
In addition to providing the file name, you can also optionally provide a maximum timeout value. The timeout value is the maximum amount of time EyeWitness waits for a web page to render, before moving on to the next URL in the list.
 |
| Image Credit |
Supported Linux Distros:
Debian 7+ (at least stable, looking into testing) (Thanks to @themightyshiv)
CentOS 6.5+ (Thanks to @themightyshiv)
Setup:
1. Navigate into the setup directory
2. Run the setup.sh script
Usage:
./EyeWitness.py -f filename -t optionaltimeout --open (Optional)
Examples:
./EyeWitness -f urls.txt
./EyeWitness -f urls.xml -t 8 --open
