Skip to content

vyrus001/EyeWitness

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

633 Commits

.github

.github

 
 

bin

bin

 
 

modules

modules

 
 

setup

setup

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

CHANGELOG

CHANGELOG

 
 

Dockerfile

Dockerfile

 
 

EyeWitness.py

EyeWitness.py

 
 

LICENSE

LICENSE

 
 

MiktoList.py

MiktoList.py

 
 

OSXInstaller.sh

OSXInstaller.sh

 
 

README.md

README.md

 
 

Recategorize.py

Recategorize.py

 
 

Search.py

Search.py

 
 

categories.txt

categories.txt

 
 

dataFile.txt

dataFile.txt

 
 

signatures.txt

signatures.txt

 
 

Repository files navigation

EyeWitness

EyeWitness is designed to take screenshots of websites, RDP services, and open VNC servers, provide some server header info, and identify default credentials if possible.

EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or nessus xml output. The -t (timeout) flag is completely optional, and lets you provide the max time to wait when trying to render and screenshot a web page.

A complete usage guide which documents EyeWitness features and its typical use cases is available here - https://www.christophertruncer.com/eyewitness-usage-guide/

Supported Linux Distros:
  • Kali Linux
  • Debian 7+ (at least stable, looking into testing) (Thanks to @themightyshiv)

E-Mail: EyeWitness [@] christophertruncer [dot] com

Setup:

  1. Navigate into the setup directory
  2. Run the setup.sh script

Usage:

./EyeWitness.py -f filename -t optionaltimeout --open (Optional)

Examples:

./EyeWitness -f urls.txt --web

./EyeWitness -x urls.xml -t 8 --headless

./EyeWitness -f rdp.txt --rdp

Docker

Now you can execute EyeWitness in a docker container and prevent you from install unnecessary dependencies in your host machine.

Note: execute docker run with the folder path in the host which hold your results (/path/to/results)
Note2: in case you want to scan urls from a file, make sure you put it in the volume folder (if you put urls.txt in /path/to/results, then the argument should be -f /tmp/EyeWitness/urls.txt)

Usage
docker build --build-arg user=$USER --tag eyewitness .
docker run \
    --rm \
    -it \
    -e DISPLAY=$DISPLAY \                   # optional flag in order to use vnc protocol
    -v /tmp/.X11-unix:/tmp/.X11-unix \      # optional flag in order to use vnc protocol
    -v /path/to/results:/tmp/EyeWitness \
    eyewitness \
    EyeWitness_flags_and_input
Example #1 - headless capturing
docker run \
    --rm \
    -it \
    -v ~/EyeWitness:/tmp/EyeWitness \
    eyewitness \
    --single http://www.google.com
    --headless
Example #2 - vnc capturing
docker run \
    --rm \
    -it \
    -e DISPLAY=$DISPLAY \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -v ~/EyeWitness:/tmp/EyeWitness \
    eyewitness \
    -f /tmp/EyeWitness/urls.txt
    --vnc
Call to Action:

I'd love for EyeWitness to identify more default credentials of various web applications.
As you find a device which utilizes default credentials, please e-mail me the source code of the index page and the default creds so I can add it in to EyeWitness!

About

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

www.christophertruncer.com/eyewitness-usage-guide/

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

6 tags

Packages

No packages published

Languages

  • Python 93.9%
  • Shell 6.1%