EyeWitness
EyeWitness takes screenshots of websites, captures server header information, and identifies default credentials. It automates rapid web application triage from URL lists, Nmap XML, or Nessus files.
Description
EyeWitness is a rapid web application triage tool designed to take screenshots of websites using Selenium, provide server header information, and detect default credentials where possible. It supports input from text files with line-separated URLs, Nmap XML output, or Nessus XML files, making it ideal for reconnaissance and vulnerability assessment workflows.
The tool is particularly useful for security professionals performing large-scale web application scanning, as it automates the process of visually documenting web interfaces and gathering initial server details. All output is compiled into an organized HTML report with screenshots, headers, and metadata for each target.
EyeWitness runs natively on Kali Linux and integrates with Firefox via geckodriver for headless browser operations. It includes options for customizing timeouts, threading, proxy usage, and report generation to fit various operational needs.
How It Works
EyeWitness uses Selenium WebDriver with Firefox (via geckodriver) to load web pages in headless mode and capture screenshots. It auto-detects input formats: text files with one URL per line, Nmap XML, or Nessus XML. Server headers are extracted during requests, and default credential detection is performed where applicable. Multi-threading accelerates processing of large URL lists, with configurable timeouts, jitter, and delays to evade detection. Results are compiled into an HTML report with images, metadata, and navigation.
Installation
sudo apt install eyewitnessFlags
Examples
eyewitness -f /root/urls.txt -d screens --headlesseyewitness -f /root/urls.txteyewitness -x scan.xml -d outputeyewitness --single https://www.kali.org --timeout 10eyewitness -f urls.txt --threads 5 --jitter 2eyewitness -f urls.txt -d report --no-prompteyewitness -f urls.txt --proxy-ip 127.0.0.1 --proxy-port 8080