Web Application Analysisscreenshotswebtriageseleniumheaderscredentials

EyeWitness

EyeWitness takes screenshots of websites, captures server header information, and identifies default credentials. It automates rapid web application triage from URL lists, Nmap XML, or Nessus files.

Description

EyeWitness is a rapid web application triage tool designed to take screenshots of websites using Selenium, provide server header information, and detect default credentials where possible. It supports input from text files with line-separated URLs, Nmap XML output, or Nessus XML files, making it ideal for reconnaissance and vulnerability assessment workflows.

The tool is particularly useful for security professionals performing large-scale web application scanning, as it automates the process of visually documenting web interfaces and gathering initial server details. All output is compiled into an organized HTML report with screenshots, headers, and metadata for each target.

EyeWitness runs natively on Kali Linux and integrates with Firefox via geckodriver for headless browser operations. It includes options for customizing timeouts, threading, proxy usage, and report generation to fit various operational needs.

How It Works

EyeWitness uses Selenium WebDriver with Firefox (via geckodriver) to load web pages in headless mode and capture screenshots. It auto-detects input formats: text files with one URL per line, Nmap XML, or Nessus XML. Server headers are extracted during requests, and default credential detection is performed where applicable. Multi-threading accelerates processing of large URL lists, with configurable timeouts, jitter, and delays to evade detection. Results are compiled into an HTML report with images, metadata, and navigation.

Installation

bash

sudo apt install eyewitness

Flags

--webHTTP Screenshot using Selenium

-f FilenameLine-separated file containing URLs to capture

-x Filename.xmlNmap XML or .Nessus file

--single Single URLSingle URL/Host to capture

--no-dnsSkip DNS resolution when connecting to websites

--timeout TimeoutMaximum number of seconds to wait while requesting a web page (Default: 7)

--jitter # of SecondsRandomize URLs and add a random delay between requests

--delay # of SecondsDelay between the opening of the navigator and taking the screenshot

--threads # of ThreadsNumber of threads to use while using file based input

-d Directory NameDirectory name for report output

--results Hosts Per PageNumber of Hosts per page of report

--no-promptDon't prompt to open the report

--user-agent User AgentUser Agent to use for all requests

--difference Difference ThresholdDifference threshold when determining if user agent requests are close enough (Default: 50)

--proxy-ip 127.0.0.1IP of web proxy to go through

--proxy-port 8080Port of web proxy to go through

--proxy-type socks5Proxy type (socks5/http)

--resume ew.dbPath to db file if you want to resume

Examples

Take screenshots of each website listed in urls.txt using headless mode and save report to 'screens' directory

eyewitness -f /root/urls.txt -d screens --headless

Process URLs from file with default settings

eyewitness -f /root/urls.txt

Process Nmap or Nessus XML file and output report to 'output' directory

eyewitness -x scan.xml -d output

Capture single URL with 10-second timeout

eyewitness --single https://www.kali.org --timeout 10

Process URL file with 5 threads and 2-second jitter randomization

eyewitness -f urls.txt --threads 5 --jitter 2

Generate report without prompting to open it

eyewitness -f urls.txt -d report --no-prompt

Route traffic through specified proxy

eyewitness -f urls.txt --proxy-ip 127.0.0.1 --proxy-port 8080

Updated 2026-04-16kali.org ↗