Cyber Security & Ethical Hacking

EyeWitness is an open-source tool that is used to take screenshots of the website RDP services, and open VNC servers, provide some server header info and identify default credentials if known.

This tool can analyze different types of files, such as:

text files.
.nessus files.
XML outputs from NMAP scans.
It can generate HTML reports with screenshots of URLs.

EyeWitness is designed to run on Kali Linux.

Setup:

Navigate into the Python/setup directory
Run the setup.sh script

Usage:

./EyeWitness.py -f filename --timeout optionaltimeout

Examples:

./EyeWitness -f urls.txt --web

./EyeWitness -x urls.xml --timeout 8 

./EyeWitness.py -f urls.txt --web --proxy-ip 127.0.0.1 --proxy-port 8080 --proxy-type socks5 --timeout 120

Protocols:

–web	HTTP Screenshot using Selenium
–headless	HTTP Screenshot using PhantomJS Headless
–rdp	Screenshot RDP Services
–vnc	Screenshot Authless VNC services
–all-protocols	Screenshot all supported protocols, using Selenium for HTTP

Input Options:

-f Filename	Line seperated file containing URLs to capture
-x Filename.xml	Nmap XML or .Nessus file
–single Single URL	Single URL/Host to capture
–createtargets	targetfilename.txt Parses a .nessus or Nmap XML file into a line- seperated list of URLs
–no-dns	Skip DNS resolution when connecting to websites

Timing Options:

–timeout Timeout	Maximum number of seconds to wait while requesting a web page (Default: 7)
–jitter # of Seconds	Randomize URLs and add a random delay between requests
–threads # of Threads	Number of threads to use while using file based input

Report Output Options:

-d Directory Name	Directory name for report output
–results Hosts Per Page	Number of Hosts per page of the report
–no-prompt	Don’t prompt to open the report

Web Options:

–user-agent User Agent	User Agent to use for all requests
–cycle User Agent Type	User Agent Type (Browser, Mobile, Crawler, Scanner, Misc, All
–difference Difference Threshold	Difference threshold when determining if user agent requests are close “enough” (Default: 50)
–proxy-ip 127.0.0.1	IP of web proxy to go through
–proxy-port 8080	Port of web proxy to go through
–show-selenium	Show display for selenium
–resolve	Resolve IP/Hostname for targets
–add-http-ports ADD_HTTP_PORTS	Comma-seperated additional port(s) to assume are http (e.g. ‘8018,8028’)
–add-https-ports ADD_HTTPS_PORTS	Comma-seperated additional port(s) to assume are https (e.g. ‘8018,8028’)
–prepend-https	Prepend http:\\ and https:\\ to URLs without either
–vhost-name hostname	Hostname to use in Host header (headless + single mode only)
–active-scan	Perform live login attempts to identify credentials or login pages.

Resume Options:

–resume ew.db

Path to db file if you want to resume

EyeWitness is designed to take screenshots of websites, RDP services, and open VNC servers, provide some server header info, and identify default credentials if possible.

EyeWitness is a tool used to capture screenshots from a list of URLs

usage:

EyeWitness.py

Protocols:

–web	HTTP Screenshot using Selenium
–headless	HTTP Screenshot using PhantomJS Headless
–rdp	Screenshot RDP Services
–vnc	Screenshot Authless VNC services
–all-protocols	Screenshot all supported protocols, using Selenium for HTTP

Input Options:

-f Filename	Line seperated file containing URLs to capture
-x Filename.xml	Nmap XML or .Nessus file
–single Single URL	Single URL/Host to capture
–createtargets	targetfilename.txt Parses a .nessus or Nmap XML file into a line- seperated list of URLs
–no-dns	Skip DNS resolution when connecting to websites

Timing Options:

–timeout Timeout	Maximum number of seconds to wait while requesting a web page (Default: 7)
–jitter # of Seconds	Randomize URLs and add a random delay between requests
–threads # of Threads	Number of threads to use while using file based input

Report Output Options:

-d Directory Name	Directory name for report output
–results Hosts Per Page	Number of Hosts per page of the report
–no-prompt	Don’t prompt to open the report

Web Options:

–user-agent User Agent	User Agent to use for all requests
–cycle User Agent Type	User Agent Type (Browser, Mobile, Crawler, Scanner, Misc, All
–difference Difference Threshold	Difference threshold when determining if user agent requests are close “enough” (Default: 50)
–proxy-ip 127.0.0.1	IP of web proxy to go through
–proxy-port 8080	Port of web proxy to go through
–show-selenium	Show display for selenium
–resolve	Resolve IP/Hostname for targets
–add-http-ports ADD_HTTP_PORTS	Comma-seperated additional port(s) to assume are http (e.g. ‘8018,8028’)
–add-https-ports ADD_HTTPS_PORTS	Comma-seperated additional port(s) to assume are https (e.g. ‘8018,8028’)
–prepend-https	Prepend http:\\ and https:\\ to URLs without either
–vhost-name hostname	Hostname to use in Host header (headless + single mode only)
–active-scan	Perform live login attempts to identify credentials or login pages.