Offensive Security Tool: EyeWitness

by | May 7, 2021 | Tools


Premium Content

Patreon

Subscribe to Patreon to watch this episode.


 

Reading Time: 3 Minutes

Offensive Security Tool: EyeWitness

GitHub Link

 

 

EyeWitness

EyeWitness by Chris Truncer, is designed to take screenshots of websites provide some server header info, and identify default credentials if known.

EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or nessus xml output. The –timeout flag is completely optional, and lets you provide the max time to wait when trying to render and screenshot a web page.

The primary goal of EyeWitness is taking screenshots of websites! When using –web, EyeWitness will call selenium, which uses the actual browser (IceWeasel or Firefox) installed on your system, to take screenshots from the terminal. You won’t see s browser pop-up, but it’s running in the background, and taking screenshots of the URLs that you provided.

A complete usage guide which documents EyeWitness features and its typical use cases is available here – https://www.christophertruncer.com/eyewitness-2-0-release-and-user-guide/

 

 

Windows

FortyNorth Security has created a Windows client (thanks to the massive help of Matt Grandy (@Matt_Grandy_) with the stability fixes). All you need to do is build it locally (or check the releases), and then provide a path to a file containing the URLs you want scanned! EyeWitness will generate the report within your “AppData\Roaming” directory. The latest version of the C# EyeWitness supports parsing and taking screenshots of Internet Explorer and Chrome bookmarks without having to supply a list of URLs. This version is also small enough to be delivered through Cobalt Strike’s execute-assembly.

 

 

Setup:

1. Navigate into the CS directory
2. Load EyeWitness.sln into Visual Studio
3. Go to Build at the top and then Build Solution if no modifications are wanted

 

 

Usage:

EyeWitness.exe --help
EyeWitness.exe --bookmarks
EyeWitness.exe -f C:\Path\to\urls.txt
EyeWitness.exe --file C:\Path\to\urls.txt --delay [timeout in seconds] --compress

 

 

 

See Also: Offensive Security Tool: SSHPry2.0

 

Linux

 

Supported Linux Distros:

  • Kali Linux
  • Debian 7+ (at least stable, looking into testing) (Thanks to @themightyshiv)

E-Mail: EyeWitness [@] christophertruncer [dot] com

 

Setup:

1. Navigate into the Python/setup directory
2. Run the setup.sh script

 

Usage:

./EyeWitness.py -f filename --timeout optionaltimeout

 

Examples:

./EyeWitness -f urls.txt --web

./EyeWitness -x urls.xml --timeout 8 

./EyeWitness.py -f urls.txt --web --proxy-ip 127.0.0.1 --proxy-port 8080 --proxy-type socks5 --timeout 120

 

 

 

Proxy Usage

The best guide for proxying EyeWitness through a socks proxy was made by @raikia and is available here – https://github.com/FortyNorthSecurity/EyeWitness/issues/458

 

Docker

Now you can execute EyeWitness in a docker container and prevent you from install unnecessary dependencies in your host machine.

Note: execute docker run with the folder path in the host which hold your results (/path/to/results)
Note2: in case you want to scan urls from a file, make sure you put it in the volume folder (if you put urls.txt in /path/to/results, then the argument should be -f /tmp/EyeWitness/urls.txt)

 

See Also: Hacking Stories: Xbox Underground

 

 

 

Usage

docker build --build-arg user=$USER --tag eyewitness --file ./Python/Dockerfile .
docker run \
    --rm \
    -it \
    -v /path/to/results:/tmp/EyeWitness \
    eyewitness \
    EyeWitness_flags_and_input

 

Example #1 – headless capturing


docker run \
    --rm \
    -it \
    -v ~/EyeWitness:/tmp/EyeWitness \
    eyewitness \
    --web \
    --single http://www.google.com

 

See Also: Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks

Share This