Convert Figma logo to code with AI

RedSiege logoEyeWitness

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

5,618
903
5,618
19
View on GitHub

Top Related Projects

RedSiege's avatar

EyeWitness

5,613

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

michenriksen's avatar

aquatone

5,872

A Tool for Domain Flyovers

sensepost's avatar

gowitness

4,140

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

nmap's avatar

nmap

11,878

Nmap - the Network Mapper. Github mirror of official SVN repository.

robertdavidgraham's avatar

masscan

25,225

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

byt3bl33d3r's avatar

CrackMapExec

9,015

A swiss army knife for pentesting networks

Quick Overview

EyeWitness is an open-source tool designed for taking screenshots of websites, providing server header information, and identifying default credentials if possible. It's particularly useful for penetration testers and security professionals who need to quickly assess and document large numbers of web servers or web applications.

Pros

  • Automates the process of capturing screenshots and gathering information from multiple web targets
  • Generates well-organized HTML reports for easy analysis and presentation
  • Supports various protocols including HTTP, HTTPS, and RDP
  • Includes features for identifying default credentials on web applications

Cons

  • May trigger security alerts or be blocked by some web application firewalls
  • Can be resource-intensive when scanning large numbers of targets
  • Requires proper setup and dependencies, which might be challenging for some users
  • Limited to visual and basic information gathering, not a comprehensive security assessment tool

Getting Started

  1. Clone the repository:

    git clone https://github.com/RedSiege/EyeWitness.git

  2. Navigate to the setup directory:

    cd EyeWitness/Python/setup

  3. Run the setup script for your operating system (e.g., for Kali Linux):

    ./setup.sh

  4. Run EyeWitness with a file containing URLs:

    cd ..
./EyeWitness.py -f urls.txt --web

This will scan the URLs listed in urls.txt, capture screenshots, and generate an HTML report in the default output directory.

Competitor Comparisons

RedSiege logo

EyeWitness

5,613

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

Pros of EyeWitness

  • Comprehensive web application reconnaissance tool
  • Captures screenshots and generates reports for easy analysis
  • Supports various protocols including HTTP, HTTPS, and RDP

Cons of EyeWitness

  • May require additional dependencies for full functionality
  • Can be resource-intensive when scanning large networks
  • Learning curve for advanced features and customization

Code Comparison

EyeWitness:

def create_driver(browser, resolution, user_agent):
    if browser == "chrome":
        chrome_options = webdriver.ChromeOptions()
        chrome_options.add_argument("--ignore-certificate-errors")
        chrome_options.add_argument("--ignore-ssl-errors")
        chrome_options.add_argument("--headless")
        chrome_options.add_argument("--window-size=" + resolution)
        if user_agent:
            chrome_options.add_argument("--user-agent=" + user_agent)
        return webdriver.Chrome(chrome_options=chrome_options)

Both repositories appear to be the same project, as EyeWitness is a single repository. The code snippet above demonstrates how the tool creates a web driver for capturing screenshots and interacting with web applications. It supports various browser options and configurations, allowing for flexibility in reconnaissance tasks.

michenriksen logo

aquatone

5,872

A Tool for Domain Flyovers

Pros of Aquatone

  • Written in Go, making it faster and more efficient for large-scale scanning
  • Supports concurrent scanning, allowing for quicker results on multiple targets
  • Includes built-in web server for easy viewing of results

Cons of Aquatone

  • Less comprehensive reporting compared to EyeWitness
  • Fewer customization options for output and scanning parameters
  • Limited support for authentication methods

Code Comparison

EyeWitness (Python):

def create_driver(resolution, user_agent, proxy):
    chrome_options = webdriver.ChromeOptions()
    chrome_options.add_argument("--ignore-certificate-errors")
    chrome_options.add_argument("--headless")
    chrome_options.add_argument("--window-size={0}".format(resolution))
    chrome_options.add_argument("--user-agent={0}".format(user_agent))
    if proxy:
        chrome_options.add_argument("--proxy-server={0}".format(proxy))

Aquatone (Go):

func takeScreenshot(url string, timeout time.Duration) (*screenshot, error) {
    ctx, cancel := context.WithTimeout(context.Background(), timeout)
    defer cancel()
    task := chromedp.NewContext(ctx)
    var buf []byte
    if err := chromedp.Run(task, screenshotTasks(url, &buf)); err != nil {
        return nil, err
    }
    return &screenshot{URL: url, Data: buf}, nil
}

Both tools aim to capture screenshots and gather information about web applications, but they differ in implementation language and specific features. EyeWitness offers more detailed reporting and customization, while Aquatone focuses on speed and concurrent scanning capabilities.

sensepost logo

gowitness

4,140

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

Pros of gowitness

  • Written in Go, offering better performance and easier deployment
  • Supports concurrent scanning, potentially faster for large-scale operations
  • Includes built-in web server for viewing results

Cons of gowitness

  • Less extensive reporting options compared to EyeWitness
  • May have fewer customization options for screenshots
  • Lacks some advanced features like clustering similar pages

Code Comparison

EyeWitness (Python):

def create_driver(resolution, user_agent, proxy_server):
    chrome_options = webdriver.ChromeOptions()
    chrome_options.add_argument('--ignore-certificate-errors')
    chrome_options.add_argument('--test-type')
    chrome_options.add_argument('--headless')
    return webdriver.Chrome(chrome_options=chrome_options)

gowitness (Go):

func (c *Chrome) Setup() error {
    opts := append(chromedp.DefaultExecAllocatorOptions[:],
        chromedp.Flag("ignore-certificate-errors", true),
        chromedp.Flag("headless", true),
    )
    allocCtx, cancel := chromedp.NewExecAllocator(context.Background(), opts...)
    c.context, c.cancel = chromedp.NewContext(allocCtx)
    return nil
}

Both tools use headless browsers for screenshot capture, but gowitness leverages Go's concurrency features for potentially faster execution, while EyeWitness offers more comprehensive reporting and analysis capabilities.

nmap logo

nmap

11,878

Nmap - the Network Mapper. Github mirror of official SVN repository.

Pros of nmap

  • Comprehensive network scanning and discovery tool
  • Extensive scripting capabilities for custom scans
  • Large, active community and regular updates

Cons of nmap

  • Steeper learning curve for advanced features
  • Can be resource-intensive for large-scale scans
  • Primarily focused on network-level scanning

Code Comparison

nmap

local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"

portrule = shortport.http

action = function(host, port)
  local response = http.get(host, port, "/")
  return stdnse.format_output(true, response.body)
end

EyeWitness

def create_web_index_head(date):
    return """<html>
    <head>
    <title>EyeWitness Report</title>
    <style type='text/css'>
        body {margin: 0; padding: 0; background: #FFFFFF; font-size: 13px; font-family: '{font}';}
        h1 {font-size: 16px;}
        #screenshot {max-width: 850px; max-height: 550px; display: inline-block; float: right;}
        #report {width: 100%;}
    </style>
    </head>
    <body>
    <h2>EyeWitness Report ({date})</h2>
"""

While nmap focuses on network scanning and port discovery, EyeWitness specializes in web application screenshots and reporting. nmap's code example shows a basic HTTP scan script, while EyeWitness's code demonstrates HTML report generation. Both tools serve different purposes in the security assessment workflow.

robertdavidgraham logo

masscan

25,225

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

Pros of masscan

  • Extremely fast network scanning, capable of scanning the entire Internet in under 6 minutes
  • Highly customizable with numerous command-line options for fine-tuning scans
  • Supports asynchronous transmission, allowing for increased efficiency

Cons of masscan

  • Focused solely on port scanning, lacking the web application analysis capabilities of EyeWitness
  • May generate more network traffic and be more easily detected by intrusion detection systems
  • Requires more technical expertise to interpret and analyze results compared to EyeWitness's visual output

Code Comparison

masscan:

for (i=0; i<range.count; i++) {
    struct Range *r = &range.list[i];
    count += r->end - r->begin + 1;
}

EyeWitness:

def create_web_index_head(date):
    return """<html>
    <head>
    <title>EyeWitness Report</title>
    """

The code snippets highlight the different focus areas of the two tools. masscan's C code demonstrates its emphasis on efficient scanning and range calculations, while EyeWitness's Python code shows its focus on generating visual reports for web applications.

byt3bl33d3r logo

CrackMapExec

9,015

A swiss army knife for pentesting networks

Pros of CrackMapExec

  • More versatile tool for network penetration testing and lateral movement
  • Supports multiple protocols (SMB, WMI, MSSQL, etc.) for comprehensive network enumeration
  • Actively maintained with frequent updates and new features

Cons of CrackMapExec

  • Steeper learning curve due to its extensive feature set
  • May trigger more security alerts due to its active scanning and exploitation capabilities
  • Requires more setup and dependencies compared to EyeWitness

Code Comparison

EyeWitness (Python):

def create_web_index_html(web_index):
    with open(os.path.join(output_directory, 'index.html'), 'a') as f:
        f.write("<br><table border=\"1\">\n")
        f.write("<tr><th>Web Request Info</th></tr>\n")

CrackMapExec (Python):

def proto_flow(self, hosts, protocol_db, module, chain=None):
    for host in hosts:
        if type(host) is str:
            host = {
                'hostname': host,
                'port': protocol_db[module.protocol]['port']
            }

Both tools are written in Python, but CrackMapExec's codebase is more complex due to its broader functionality. EyeWitness focuses on web application reconnaissance, while CrackMapExec is designed for network penetration testing across multiple protocols.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

EyeWitness - Web Screenshot Tool

EyeWitness is designed to take screenshots of websites, provide server header info, and identify default credentials if known. Now powered by Chromium browser for better reliability and easier installation.

🚀 Key Features

  • Cross-platform support - Windows, Linux, and macOS
  • Chromium-powered - Reliable headless screenshots with Google Chrome/Chromium
  • Adaptive resource management - Automatically adjusts to system capabilities
  • Configuration file support - Save your preferred settings
  • URL validation - Pre-flight checks to ensure URLs are valid
  • Progress tracking with ETA - Know exactly when your scan will complete
  • Enhanced error handling - Specific error types with actionable guidance
  • Multiple input formats - Text files, Nmap XML, Nessus XML
  • Isolated virtual environment - Zero system conflicts and PEP 668 bypass

🔒 Virtual Environment Architecture

EyeWitness now uses Python virtual environments for all installations, providing:

✅ Key Benefits

  • No system conflicts - All Python packages installed in isolated environment
  • No PEP 668 issues - Completely bypasses "externally-managed-environment" errors on Kali/modern Linux
  • Cross-platform consistency - Same approach on Windows, Linux, and macOS
  • Easy cleanup - Delete eyewitness-venv/ directory to remove everything
  • Production ready - Automatic error handling and rollback on failures

🚀 How It Works

  1. Setup creates virtual environment - eyewitness-venv/ directory with isolated Python
  2. Activate the virtual environment - Simple command to enter the isolated environment
  3. All packages installed in isolation - Zero impact on your system Python
  4. Run EyeWitness normally - Standard Python commands work within the virtual environment

📁 File Structure After Installation

EyeWitness/
├── eyewitness-venv/          # 🔒 Virtual environment (isolated Python packages)
│   ├── bin/activate          # Linux/macOS activation script
│   └── Scripts/activate.bat  # Windows activation script
├── Python/
│   └── EyeWitness.py         # 📜 Main script (runs in virtual environment)
└── setup/                    # Setup scripts and requirements

📦 Installation Options

🔥 NEW: EyeWitness now uses Python virtual environments for zero conflicts and bulletproof installation across all platforms!

Note: Docker support is currently in development. Please use native installation options below for now.

🪟 Windows Installation

Automated setup with Python virtual environment:

# 1. Open PowerShell as Administrator
# 2. Navigate to EyeWitness directory
cd path\to\EyeWitness\setup

# 3. Run the setup script (creates virtual environment)
.\setup.ps1

# 4. Test installation by activating virtual environment
cd ..
eyewitness-venv\Scripts\activate.bat
python Python\EyeWitness.py --single https://example.com

What gets installed:

  • 🔒 Isolated Python virtual environment (eyewitness-venv/)
  • Python dependencies in virtual environment (selenium, etc.)
  • Google Chrome browser (if not present)
  • ChromeDriver for automation

🐧 Linux Installation

Production-ready setup with Python virtual environment:

# 1. Navigate to setup directory
cd EyeWitness/setup

# 2. Run the setup script (creates virtual environment)
sudo ./setup.sh

# 3. Test installation by activating virtual environment
cd ..
source eyewitness-venv/bin/activate
python Python/EyeWitness.py --single https://example.com

What gets installed:

  • 🔒 Isolated Python virtual environment (eyewitness-venv/)
  • All Python packages in virtual environment (completely bypasses PEP 668)
  • Chromium browser and ChromeDriver via system packages
  • Virtual display support (xvfb)

🎯 Benefits:

  • ✅ No PEP 668 conflicts - Virtual environment bypasses all restrictions
  • ✅ No system package issues - All Python deps isolated
  • ✅ Easy cleanup - Just delete eyewitness-venv/ directory
  • ✅ Production ready - Automatic rollback on installation failures

Supported Linux Distributions:

  • Ubuntu 20.04+ / Linux Mint
  • Debian 10+ / Kali Linux
  • CentOS 8+ / RHEL / Rocky Linux
  • Arch Linux / Manjaro
  • Alpine Linux

🍎 macOS Installation

Homebrew-based setup with Python virtual environment:

# 1. Install Chrome via Homebrew
brew install --cask google-chrome

# 2. Navigate to setup directory and run setup
cd EyeWitness/setup
sudo ./setup.sh

# 3. Test installation by activating virtual environment
cd ..
source eyewitness-venv/bin/activate
python Python/EyeWitness.py --single https://example.com

What gets installed:

  • 🔒 Isolated Python virtual environment (eyewitness-venv/)
  • Python dependencies in virtual environment
  • Chrome browser (via Homebrew)
  • ChromeDriver for automation

🎯 Usage Examples

🚀 How to Use EyeWitness

After running the setup script, activate the virtual environment and run EyeWitness:

🐧 Linux/macOS:

# 1. Activate the virtual environment
source eyewitness-venv/bin/activate

# 2. Run EyeWitness (you're now in the isolated environment)
python Python/EyeWitness.py --single https://example.com
python Python/EyeWitness.py -f urls.txt
python Python/EyeWitness.py -x nmap_scan.xml
python Python/EyeWitness.py -f urls.txt -d /path/to/output

# 3. When finished, deactivate the virtual environment
deactivate

🪟 Windows:

# 1. Activate the virtual environment
eyewitness-venv\Scripts\activate.bat

# 2. Run EyeWitness (you're now in the isolated environment)
python Python\EyeWitness.py --single https://example.com
python Python\EyeWitness.py -f urls.txt
python Python\EyeWitness.py -x nmap_scan.xml
python Python\EyeWitness.py -f urls.txt -d C:\path\to\output

# 3. When finished, deactivate the virtual environment
deactivate

📄 Configuration Files

# Activate virtual environment first
source eyewitness-venv/bin/activate  # Linux/macOS
eyewitness-venv\Scripts\activate.bat # Windows

# Create a sample config file
python Python/EyeWitness.py --create-config

# Use a config file
python Python/EyeWitness.py -f urls.txt --config ~/.eyewitness/config.json

🔍 URL Validation

# Activate virtual environment first
source eyewitness-venv/bin/activate  # Linux/macOS
eyewitness-venv\Scripts\activate.bat # Windows

# Validate URLs without taking screenshots
python Python/EyeWitness.py -f urls.txt --validate-urls

# Skip validation (use with caution)
python Python/EyeWitness.py -f urls.txt --skip-validation

⚙️ Advanced Options

# Activate virtual environment first
source eyewitness-venv/bin/activate  # Linux/macOS
eyewitness-venv\Scripts\activate.bat # Windows

# Adjust threads based on your system (default: auto-detected)
python Python/EyeWitness.py -f urls.txt --threads 5

# Increase timeout for slow connections
python Python/EyeWitness.py -f urls.txt --timeout 30

# Add delays and jitter
python Python/EyeWitness.py -f urls.txt --delay 2 --jitter 5

# Use proxy
python Python/EyeWitness.py -f urls.txt --proxy-ip 127.0.0.1 --proxy-port 8080

# Custom output directory
python Python/EyeWitness.py -f urls.txt -d /path/to/output

# Resume a previous scan
python Python/EyeWitness.py --resume /path/to/output/ew.db

Performance Tuning

EyeWitness automatically detects your system resources and adjusts accordingly:

  • Thread count based on CPU cores (2 × cores, max 20)
  • Memory monitoring to prevent system overload
  • Disk space checks before starting

Configuration File Format

Create a config file to save your preferred settings:

{
    "threads": 10,
    "timeout": 30,
    "delay": 0,
    "jitter": 0,
    "user_agent": "Custom User Agent",
    "proxy_ip": "127.0.0.1",
    "proxy_port": 8080,
    "output_dir": "./sessions",
    "prepend_https": false,
    "show_selenium": false,
    "resolve": false,
    "skip_validation": false,
    "results_per_page": 25,
    "max_retries": 2
}

Troubleshooting

Common Issues

Chromium/ChromeDriver not found:

  • All platforms: Re-run the setup script - it installs browsers automatically
  • Linux: sudo ./setup.sh in setup/ directory
  • Windows: .\setup.ps1 as Administrator in setup\ directory
  • macOS: sudo ./setup.sh in setup/ directory (after brew install --cask google-chrome)

Virtual environment issues:

  • Delete eyewitness-venv/ directory and re-run setup script
  • Ensure Python 3.7+ is installed with venv module support
  • Check that you ran setup script with proper Administrator/root privileges

Connection timeouts:

  • Increase timeout: --timeout 60
  • Check firewall settings
  • Verify target is accessible

High memory usage:

  • Reduce threads: --threads 5
  • Process URLs in smaller batches
  • Close other applications

Permission errors:

  • Linux/macOS: Check file permissions
  • Windows: Run as Administrator if needed

Error Messages

All errors now include specific troubleshooting steps. For example:

  • Timeout errors suggest proxy settings and timeout increases
  • Connection errors provide firewall and network checks
  • Resource errors show memory usage and recommendations

Output

EyeWitness generates:

  • report.html - Main report with screenshots
  • screens/ - Screenshot images
  • source/ - Page source code
  • ew.db - SQLite database for resume capability

Report Features

  • Categorized results (High Value, CMS, Network Devices, etc.)
  • Default credential detection
  • Header analysis
  • Searchable and sortable

Requirements

  • Python 3.7+ with venv module support (standard in most Python installations)
  • Administrator/root privileges for installation (system packages and virtual environment creation)
  • Internet connection for package downloads
  • Chromium/Chrome browser (automatically installed by setup script)
  • ChromeDriver (automatically installed by setup script)

📝 Note: The setup script handles all dependencies automatically. You just need Python 3.7+ and admin privileges.

Changes from Original

This fork includes significant modernization:

  • Fixed deprecated Selenium APIs
  • Replaced archived dependencies (fuzzywuzzy → rapidfuzz)
  • Added comprehensive error handling
  • Improved cross-platform support
  • Added resource monitoring
  • Docker support in development
  • Added configuration file support
  • Enhanced user experience

Contact

E-Mail: GetOffensive [@] redsiege [dot] com

License

EyeWitness is licensed under the GNU General Public License v3.0.