EN
ENNA

EyeWitness

GPL-3.0

๐Ÿ•ธ Web Scanning ยท Python

EyeWitness is designed to take screenshots of websites, provide server header info, and identify default credentials if possible. It is built to run on Kali Linux and supports capturing screenshots from HTTP/HTTPS websites, RDP services, and VNC servers. EyeWitness automatically categorizes captured screenshots into groups like 'High Value Targets' (admin panels, login pages), 'Content Management Systems', 'Network Devices', and '404 Not Found', making it easy to prioritize targets during large-scale assessments. The HTML report includes the screenshot, server headers, and any identified default credentials, with sortable columns and search functionality. EyeWitness uses Selenium with a headless browser for web screenshots and integrates with Nmap and Nessus XML output for seamless workflow integration.

5.7kstars
901forks
23issues
Updated 3mo ago
View on GitHub

Installation

from source

$ git clone https://github.com/RedSiege/EyeWitness && cd EyeWitness/Python/setup && ./setup.sh

Docker

$ docker pull redsiege/eyewitness

Use Cases

  • Capturing screenshots of web services, RDP, and VNC across large target lists
  • Auto-categorizing targets by type (admin panels, CMS, network devices, etc.)
  • Identifying default credentials on discovered web interfaces
  • Processing Nmap and Nessus scan output into visual reconnaissance reports
  • Prioritizing targets during large-scale penetration assessments

Tags

screenshotscategorizationrdpvncdefault-credentialstriage

Details

Category
๐Ÿ•ธ Web Scanning
Language
Python
License
GPL-3.0
Platforms
๐Ÿงlinux

Links

GitHub Repository

github.com/RedSiege/EyeWitness

Releases

github.com/RedSiege/EyeWitness/releases

Issues

github.com/RedSiege/EyeWitness/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Alternatives & Comparisons

httpx

Go

Fast multi-purpose HTTP toolkit. Probes for running HTTP servers with retries and fallbacks.

Compare EyeWitness vs httpx

Katana

Go

Next-gen crawling and spidering framework. Headless browser and standard mode with automatic form fill.

Compare EyeWitness vs Katana

Aquatone

Go

Visual web discovery tool. Takes screenshots of web pages across large target lists and generates browsable HTML reports.

Compare EyeWitness vs Aquatone

More in Web Scanning

httpx

Go

Fast multi-purpose HTTP toolkit. Probes for running HTTP servers with retries and fallbacks.

http-probetech-detectionprojectdiscovery

Nikto

Perl

Classic web server scanner. Tests for dangerous files, outdated server software, and version-specific problems.

web-serverclassiccgi-scan

Gobuster

Go

Directory/file, DNS, and vhost busting tool. Brute-forces URIs, DNS subdomains, virtual host names, and S3 buckets.

directory-brutedns-brutevhost

Feroxbuster

Rust

Fast, recursive content discovery tool written in Rust. Like gobuster on steroids with auto-recursion.

directory-bruterecursiverust

Burp Suite Community

Java

Web vulnerability scanner and proxy. Intercept, modify, and replay HTTP/S traffic for web app testing.

proxyweb-appinterceptor

ffuf

Go

Fast web fuzzer written in Go. Fuzz anything - URLs, headers, POST data - with blazing speed.

fuzzingdirectory-brutefast