Tool Documentation:

eyewitness Usage Examples

Take a screenshot of each of the websites listed in the provided file using headless mode:

root@kali:~# cat urls.txt
https://www.kali.org
https://www.kali.org/docs
https://www.kali.org/tools
https://www.exploit-db.com
https://www.offsec.com

root@kali:~# eyewitness -f /root/urls.txt -d screens --headless

################################################################################
#                                  EyeWitness                                  #
################################################################################

Starting Web Requests (5 Hosts)
Attempting to screenshot https://www.kali.org
Attempting to screenshot https://www.kali.org/docs
Attempting to screenshot https://www.kali.org/tools
Attempting to screenshot https://www.exploit-db.com
Attempting to screenshot https://www.offsec.com
Finished in 14.1417660713 seconds

[*] Done! Report written in the /usr/share/eyewitness/screens folder!
Would you like to open the report now? [Y/n] Y


Packages and Binaries:

eyewitness

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

Inspiration came from Tim Tomes’s PeepingTom Script.

EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or nessus xml output. The -t (timeout) flag is completely optional, and lets you provice the max time to wait when trying to render and screenshot a web page. The –open flag, which is optional, will open the URL in a new tab within Firefox.

Installed size: 5.78 MB
How to install: sudo apt install eyewitness

Dependencies:
  • links | www-browser
  • python3
  • python3-distutils
  • python3-fuzzywuzzy
  • python3-netaddr
  • python3-pyvirtualdisplay
  • python3-selenium
  • xvfb
eyewitness
root@kali:~# eyewitness -h
################################################################################
#                                  EyeWitness                                  #
################################################################################
#           Red Siege Information Security - https://www.redsiege.com           #
################################################################################

usage: EyeWitness.py [--web] [-f Filename] [-x Filename.xml]
                     [--single Single URL] [--no-dns] [--timeout Timeout]
                     [--jitter # of Seconds] [--delay # of Seconds]
                     [--threads # of Threads]
                     [--max-retries Max retries on a timeout]
                     [-d Directory Name] [--results Hosts Per Page]
                     [--no-prompt] [--user-agent User Agent]
                     [--difference Difference Threshold]
                     [--proxy-ip 127.0.0.1] [--proxy-port 8080]
                     [--proxy-type socks5] [--show-selenium] [--resolve]
                     [--add-http-ports ADD_HTTP_PORTS]
                     [--add-https-ports ADD_HTTPS_PORTS]
                     [--only-ports ONLY_PORTS] [--prepend-https]
                     [--selenium-log-path SELENIUM_LOG_PATH]
                     [--cookies key1=value1,key2=value2] [--resume ew.db]

EyeWitness is a tool used to capture screenshots from a list of URLs

Protocols:
  --web                 HTTP Screenshot using Selenium

Input Options:
  -f Filename           Line-separated file containing URLs to capture
  -x Filename.xml       Nmap XML or .Nessus file
  --single Single URL   Single URL/Host to capture
  --no-dns              Skip DNS resolution when connecting to websites

Timing Options:
  --timeout Timeout     Maximum number of seconds to wait while requesting a
                        web page (Default: 7)
  --jitter # of Seconds
                        Randomize URLs and add a random delay between requests
  --delay # of Seconds  Delay between the opening of the navigator and taking
                        the screenshot
  --threads # of Threads
                        Number of threads to use while using file based input
  --max-retries Max retries on a timeout
                        Max retries on timeouts

Report Output Options:
  -d Directory Name     Directory name for report output
  --results Hosts Per Page
                        Number of Hosts per page of report
  --no-prompt           Don't prompt to open the report

Web Options:
  --user-agent User Agent
                        User Agent to use for all requests
  --difference Difference Threshold
                        Difference threshold when determining if user agent
                        requests are close "enough" (Default: 50)
  --proxy-ip 127.0.0.1  IP of web proxy to go through
  --proxy-port 8080     Port of web proxy to go through
  --proxy-type socks5   Proxy type (socks5/http)
  --show-selenium       Show display for selenium
  --resolve             Resolve IP/Hostname for targets
  --add-http-ports ADD_HTTP_PORTS
                        Comma-separated additional port(s) to assume are http
                        (e.g. '8018,8028')
  --add-https-ports ADD_HTTPS_PORTS
                        Comma-separated additional port(s) to assume are https
                        (e.g. '8018,8028')
  --only-ports ONLY_PORTS
                        Comma-separated list of exclusive ports to use (e.g.
                        '80,8080')
  --prepend-https       Prepend http:// and https:// to URLs without either
  --selenium-log-path SELENIUM_LOG_PATH
                        Selenium geckodriver log path
  --cookies key1=value1,key2=value2
                        Additional cookies to add to the request

Resume Options:
  --resume ew.db        Path to db file if you want to resume

geckodriver
root@kali:~# geckodriver -h
geckodriver 0.33.0 (a80e5fd61076 2023-04-02 18:31 +0000) 
WebDriver implementation for Firefox

USAGE:
    geckodriver [OPTIONS]

OPTIONS:
        --allow-hosts <ALLOW_HOSTS>...
            List of hostnames to allow. By default the value of --host is allowed, and in addition
            if that's a well known local address, other variations on well known local addresses are
            allowed. If --allow-hosts is provided only exactly those hosts are allowed.

        --allow-origins <ALLOW_ORIGINS>...
            List of request origins to allow. These must be formatted as scheme://host:port. By
            default any request with an origin header is rejected. If --allow-origins is provided
            then only exactly those origins are allowed.

        --android-storage <ANDROID_STORAGE>
            Selects storage location to be used for test data (deprecated). [possible values: auto,
            app, internal, sdcard]

    -b, --binary <BINARY>
            Path to the Firefox binary

        --connect-existing
            Connect to an existing Firefox instance

    -h, --help
            Prints this message

        --host <HOST>
            Host IP to use for WebDriver server [default: 127.0.0.1]

        --jsdebugger
            Attach browser toolbox debugger for Firefox

        --log <LEVEL>
            Set Gecko log level [possible values: fatal, error, warn, info, config, debug, trace]

        --log-no-truncate
            Disable truncation of long log lines

        --marionette-host <HOST>
            Host to use to connect to Gecko [default: 127.0.0.1]

        --marionette-port <PORT>
            Port to use to connect to Gecko [default: system-allocated port]

    -p, --port <PORT>
            Port to use for WebDriver server [default: 4444]

        --profile-root <PROFILE_ROOT>
            Directory in which to create profiles. Defaults to the system temporary directory.

    -v
            Log level verbosity (-v for debug and -vv for trace level)

    -V, --version
            Prints version and copying information

        --websocket-port <PORT>
            Port to use to connect to WebDriver BiDi [default: 9222]


Updated on: 2024-Mar-11