EyeWitness - A Rapid Web Application Triage Tool

EyeWitness is designed to take screenshots of websites, RDP services, and open VNC servers, provide some server header info, and identify default credentials if possible.

Note: It requires Python.


EyeWitness.py [--web] [--headless] [--rdp] [--vnc] [--all-protocols]
              [-f Filename] [-x Filename.xml] [--single Single URL]
              [--createtargets targetfilename.txt] [--no-dns]
              [--timeout Timeout] [--jitter # of Seconds]
              [--threads # of Threads] [-d Directory Name]
              [--results Hosts Per Page] [--no-prompt]
              [--user-agent User Agent] [--cycle User Agent Type]
              [--difference Difference Threshold]
              [--proxy-ip] [--proxy-port 8080]
              [--show-selenium] [--resolve]
              [--add-http-ports ADD_HTTP_PORTS]
              [--add-https-ports ADD_HTTPS_PORTS] [--prepend-https]
              [--vhost-name hostname] [--active-scan] [--resume ew.db]

EyeWitness is a tool used to capture screenshots from a list of URLs

  --web                 HTTP Screenshot using Selenium
  --headless            HTTP Screenshot using PhantomJS Headless
  --rdp                 Screenshot RDP Services
  --vnc                 Screenshot Authless VNC services
  --all-protocols       Screenshot all supported protocols, using Selenium for

Input Options:
  -f Filename           Line seperated file containing URLs to capture
  -x Filename.xml       Nmap XML or .Nessus file
  --single Single URL   Single URL/Host to capture
  --createtargets targetfilename.txt
                        Parses a .nessus or Nmap XML file into a line-
                        seperated list of URLs
  --no-dns              Skip DNS resolution when connecting to websites

Timing Options:
  --timeout Timeout     Maximum number of seconds to wait while requesting a
                        web page (Default: 7)
  --jitter # of Seconds
                        Randomize URLs and add a random delay between requests
  --threads # of Threads
                        Number of threads to use while using file based input

Report Output Options:
  -d Directory Name     Directory name for report output
  --results Hosts Per Page
                        Number of Hosts per page of the report
  --no-prompt           Don't prompt to open the report

Web Options:
  --user-agent User Agent
                        User Agent to use for all requests
  --cycle User Agent Type
                        User Agent Type (Browser, Mobile, Crawler, Scanner,
                        Misc, All
  --difference Difference Threshold
                        Difference threshold when determining if user agent
                        requests are close "enough" (Default: 50)
  --proxy-ip  IP of web proxy to go through
  --proxy-port 8080     Port of web proxy to go through
  --show-selenium       Show display for selenium
  --resolve             Resolve IP/Hostname for targets
  --add-http-ports ADD_HTTP_PORTS
                        Comma-seperated additional port(s) to assume are http
                        (e.g. '8018,8028')
  --add-https-ports ADD_HTTPS_PORTS
                        Comma-seperated additional port(s) to assume are https
                        (e.g. '8018,8028')
  --prepend-https       Prepend http:\\ and https:\\ to URLs without either
  --vhost-name hostname
                        Hostname to use in Host header (headless + single mode
  --active-scan         Perform live login attempts to identify credentials or
                        login pages.

Resume Options:
  --resume ew.db        Path to db file if you want to resume

When using "-web", EyeWitness will call selenium, which uses the actual browser (IceWeasel or Firefox) installed on your system, to take screenshots.  You won't see s browser pop-up, but it's running in the background, and taking screenshots of the URLs that you provided.

You can also use "-headless" to use phantomjs to take screenshots of websites. The nice thing about phantomjs is it's very fast, and can run in a headless environment.

By default, EyeWitness will use 10 threads, but this number can be adjusted by the user with the "-threads #NUMTHREADS" option.  The ability to run threaded scans has significantly cut back on the amount of time required to scan all URLs provided to EyeWitness.

It also has the ability to to take screenshots and generate a report for RDP and VNC, all you need to do is, is use the –rdp or –vnc switch.

No comments

Powered by Blogger.