Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
EyeWitness – A Web
Application Info-Gathering
Tool
@ChrisTruncer
What’s it do?
!   Designed to screenshot web applications that’s been
provided by the user.
!   Text File
! Nmap XML Outpu...
EyeWitness
Why write it?
!   Inspiration came from Tim Tomes’s PeepingTom
!   Awesome tool
!   Fix Blank Images
!   Try a different s...
How to use it
How to use it
Create Web App “Signatures”
!   Create signature from web page source
!   Multiple Strings are OK
!   Find the default cre...
Future Enhancements
!   Group “similar” web apps together
!   Printers
!   Mirrored websites
!   Etc.
!   Looking for othe...
Current Signatures
Call to Action
!   Send me signatures!
!   E-Mail! – eyewitness@christophertruncer.com
!   Tweet Me!
!   Pull Request!
!  ...
Contact
! Github Repo
!   https://github.com/ChrisTruncer/EyeWitness
!   Project E-mail
! eyewitness@christophertruncer.co...
Upcoming SlideShare
Loading in …5
×

EyeWitness - A Web Application Triage Tool

EyeWitness is a web application triage tool. It's designed to take a file from the user containing web pages, gather server header information, take a screenshot of the web page, and then organize all the information in a report. Additionally, EyeWitness will warn you about invalid SSL certificates, and attempt to identify any default credentials that may apply to the website.

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

EyeWitness - A Web Application Triage Tool

  1. 1. EyeWitness – A Web Application Info-Gathering Tool @ChrisTruncer
  2. 2. What’s it do? !   Designed to screenshot web applications that’s been provided by the user. !   Text File ! Nmap XML Output !   .Nessus !   Gather server header information !   Identify default credentials !   Generates a report
  3. 3. EyeWitness
  4. 4. Why write it? !   Inspiration came from Tim Tomes’s PeepingTom !   Awesome tool !   Fix Blank Images !   Try a different screenshot library ! Ghost.py !   Stop wasting time looking up default creds !   A thought exercise
  5. 5. How to use it
  6. 6. How to use it
  7. 7. Create Web App “Signatures” !   Create signature from web page source !   Multiple Strings are OK !   Find the default creds !   Format all the things! ! Signature|creds ! Signature;A Long Signature;Signature|creds !   All signatures must be present or no match
  8. 8. Future Enhancements !   Group “similar” web apps together !   Printers !   Mirrored websites !   Etc. !   Looking for other suggestions… J !   More default creds…
  9. 9. Current Signatures
  10. 10. Call to Action !   Send me signatures! !   E-Mail! – eyewitness@christophertruncer.com !   Tweet Me! !   Pull Request! !   Find Bugs!
  11. 11. Contact ! Github Repo !   https://github.com/ChrisTruncer/EyeWitness !   Project E-mail ! eyewitness@christophertruncer.com !   @ChrisTruncer

×