EyeWitness is an open-source tool that is used to take screenshots of the website RDP services, and open VNC servers, provide some server header info and identify default credentials if known.
This tool can analyze different types of files, such as:
text files.
.nessus files.
XML outputs from NMAP scans.
It can generate HTML reports with screenshots of URLs.
EyeWitness is designed to take screenshots of websites, RDP services, and open VNC servers, provide some server header info, and identify default credentials if possible.
EyeWitness is a tool used to capture screenshots from a list of URLs
usage:
EyeWitness.py
Protocols:
–web
HTTP Screenshot using Selenium
–headless
HTTP Screenshot using PhantomJS Headless
–rdp
Screenshot RDP Services
–vnc
Screenshot Authless VNC services
–all-protocols
Screenshot all supported protocols, using Selenium for HTTP
Input Options:
-f Filename
Line seperated file containing URLs to capture
-x Filename.xml
Nmap XML or .Nessus file
–single Single URL
Single URL/Host to capture
–createtargets
targetfilename.txt Parses a .nessus or Nmap XML file into a line- seperated list of URLs
–no-dns
Skip DNS resolution when connecting to websites
Timing Options:
–timeout Timeout
Maximum number of seconds to wait while requesting a web page (Default: 7)
–jitter # of Seconds
Randomize URLs and add a random delay between requests
–threads # of Threads
Number of threads to use while using file based input
Report Output Options:
-d Directory Name
Directory name for report output
–results Hosts Per Page
Number of Hosts per page of the report
–no-prompt
Don’t prompt to open the report
Web Options:
–user-agent User Agent
User Agent to use for all requests
–cycle User Agent Type
User Agent Type (Browser, Mobile, Crawler, Scanner, Misc, All
–difference Difference Threshold
Difference threshold when determining if user agent requests are close “enough” (Default: 50)
–proxy-ip 127.0.0.1
IP of web proxy to go through
–proxy-port 8080
Port of web proxy to go through
–show-selenium
Show display for selenium
–resolve
Resolve IP/Hostname for targets
–add-http-ports ADD_HTTP_PORTS
Comma-seperated additional port(s) to assume are http (e.g. ‘8018,8028’)
–add-https-ports ADD_HTTPS_PORTS
Comma-seperated additional port(s) to assume are https (e.g. ‘8018,8028’)
–prepend-https
Prepend http:\\ and https:\\ to URLs without either
–vhost-name hostname
Hostname to use in Host header (headless + single mode only)
–active-scan
Perform live login attempts to identify credentials or login pages.
Resume Options:
–resume ew.db
Path to db file if you want to resume
Usage Examples
Take a screenshot of each of the websites listed in the provided file using headless mode.