EyeWitness

EyeWitness is an open-source tool that is used to take screenshots of the website RDP services, and open VNC servers, provide some server header info and identify default credentials if known.

This tool can analyze different types of files, such as:

  • text files. 
  • .nessus files.
  • XML outputs from NMAP scans. 
  • It can generate HTML reports with screenshots of URLs.

EyeWitness is designed to run on Kali Linux.

Setup:

  1. Navigate into the Python/setup directory
  2. Run the setup.sh script

Usage:

./EyeWitness.py -f filename --timeout optionaltimeout

Examples:

./EyeWitness -f urls.txt --web

./EyeWitness -x urls.xml --timeout 8 

./EyeWitness.py -f urls.txt --web --proxy-ip 127.0.0.1 --proxy-port 8080 --proxy-type socks5 --timeout 120

Protocols:

  –web                HTTP Screenshot using Selenium
  –headless        HTTP Screenshot using PhantomJS Headless
  –rdp                 Screenshot RDP Services
  –vnc                  Screenshot Authless VNC services
  –all-protocols   Screenshot all supported protocols, using Selenium for HTTP

Input Options:

-f FilenameLine seperated file containing URLs to capture
  -x Filename.xmlNmap XML or .Nessus file
  –single Single URL  Single URL/Host to capture
  –createtargetstargetfilename.txt Parses a .nessus or Nmap XML file into a line- seperated list of URLs
  –no-dnsSkip DNS resolution when connecting to websites

Timing Options: 

–timeout TimeoutMaximum number of seconds to wait while requesting a web page (Default: 7)
  –jitter # of SecondsRandomize URLs and add a random delay between requests
  –threads # of ThreadsNumber of threads to use while using file based input

Report Output Options:

-d Directory NameDirectory name for report output
–results Hosts Per PageNumber of Hosts per page of the report
 –no-promptDon’t prompt to open the report

Web Options:

–user-agent User AgentUser Agent to use for all requests
–cycle User Agent TypeUser Agent Type (Browser, Mobile, Crawler, Scanner, Misc, All
–difference Difference ThresholdDifference threshold when determining if user agent requests are close “enough” (Default: 50)
–proxy-ip 127.0.0.1 IP of web proxy to go through
–proxy-port 8080     Port of web proxy to go through
–show-selenium      Show display for selenium
–resolve                   Resolve IP/Hostname for targets
–add-http-ports ADD_HTTP_PORTSComma-seperated additional port(s) to assume are http (e.g. ‘8018,8028’)
–add-https-ports ADD_HTTPS_PORTSComma-seperated additional port(s) to assume are https (e.g. ‘8018,8028’)
–prepend-https      Prepend http:\\ and https:\\ to URLs without either
–vhost-name hostnameHostname to use in Host header (headless + single mode only)
–active-scan    Perform live login attempts to identify credentials or login pages.

Resume Options:

–resume ew.db       Path to db file if you want to resume
Tags:

Leave a Reply

EyeWitness

EyeWitness is designed to take screenshots of websites, RDP services, and open VNC servers, provide some server header info, and identify default credentials if possible.

EyeWitness is a tool used to capture screenshots from a list of URLs

usage:

EyeWitness.py

Protocols:

  –web                HTTP Screenshot using Selenium
  –headless        HTTP Screenshot using PhantomJS Headless
  –rdp                 Screenshot RDP Services
  –vnc                  Screenshot Authless VNC services
  –all-protocols   Screenshot all supported protocols, using Selenium for HTTP

Input Options:

-f FilenameLine seperated file containing URLs to capture
  -x Filename.xmlNmap XML or .Nessus file
  –single Single URL  Single URL/Host to capture
  –createtargetstargetfilename.txt Parses a .nessus or Nmap XML file into a line- seperated list of URLs
  –no-dnsSkip DNS resolution when connecting to websites

Timing Options: 

–timeout TimeoutMaximum number of seconds to wait while requesting a web page (Default: 7)
  –jitter # of SecondsRandomize URLs and add a random delay between requests
  –threads # of ThreadsNumber of threads to use while using file based input

Report Output Options:

-d Directory NameDirectory name for report output
–results Hosts Per PageNumber of Hosts per page of the report
 –no-promptDon’t prompt to open the report

Web Options:

–user-agent User AgentUser Agent to use for all requests
–cycle User Agent TypeUser Agent Type (Browser, Mobile, Crawler, Scanner, Misc, All
–difference Difference ThresholdDifference threshold when determining if user agent requests are close “enough” (Default: 50)
–proxy-ip 127.0.0.1 IP of web proxy to go through
–proxy-port 8080     Port of web proxy to go through
–show-selenium      Show display for selenium
–resolve                   Resolve IP/Hostname for targets
–add-http-ports ADD_HTTP_PORTSComma-seperated additional port(s) to assume are http (e.g. ‘8018,8028’)
–add-https-ports ADD_HTTPS_PORTSComma-seperated additional port(s) to assume are https (e.g. ‘8018,8028’)
–prepend-https      Prepend http:\\ and https:\\ to URLs without either
–vhost-name hostnameHostname to use in Host header (headless + single mode only)
–active-scan    Perform live login attempts to identify credentials or login pages.

Resume Options:

–resume ew.db       Path to db file if you want to resume

Usage Examples

Take a screenshot of each of the websites listed in the provided file using headless mode.

root@kali:~# cat urls.txt

https://www.kali.org

http://docs.kali.org

https://tools.kali.org/

https://www.exploit-db.com

https://www.offensive-security.com

root@kali:~# eyewitness -f /root/urls.txt -d screens –headless

##########################

                       EyeWitness                                

##########################

Starting Web Requests (5 Hosts)

Attempting to screenshot https://www.kali.org

Attempting to screenshot http://docs.kali.org

Attempting to screenshot https://tools.kali.org/

Attempting to screenshot https://www.exploit-db.com

Attempting to screenshot https://www.offensive-security.com

Finished in 14.1417660713 seconds

[*] Done! Report written in the /usr/share/eyewitness/screens folder!

Would you like to open the report now? [Y/n] Y