WitnessMe
WitnessMe is a Web Inventory tool inspired by Eyewitness, designed to take screenshots and gather information from web targets. It uses a headless browser backend and is extensible for custom functionality.
Description
WitnessMe serves as a modern alternative to Eyewitness for web inventory tasks in cybersecurity assessments. It automates the process of capturing screenshots and other web data from target hosts, making it valuable for reconnaissance and information gathering phases of penetration testing.
The tool is built to be extensible, allowing users to develop custom modules that leverage its headless browser capabilities. This flexibility supports tailored workflows for specific reconnaissance needs, such as visual verification of web services or automated reporting.
It includes a web API component (wmapi) for serving results and a database tool (wmdb), enhancing its utility in larger-scale operations where data needs to be queried or shared via a service.
How It Works
WitnessMe drives a headless browser (via pyppeteer) in the backend to interact with web targets, capturing screenshots or grabbing content. It supports concurrent operations across multiple browser tabs controlled by thread settings, with configurable timeouts per connection. Results are managed through SQLite (aiosqlite) and can be served via a FastAPI-based web server (wmapi) on a specified host and port.
Installation
sudo apt install witnessmeFlags
Examples
witnessme -hwitnessme screenshotwitnessme grabwitnessme --threads 10 screenshotwitnessme --timeout 30 grabwitnessme -d screenshotwmapiwmapi 0.0.0.0 8080