Eyewitness: Pentesting tool to automate viewing webpages

In the world of cybersecurity, penetration testers are constantly probing and testing networks to identify vulnerabilities before they can be exploited maliciously. Among the plethora of tools at their disposal, EyeWitness emerges as a powerful ally, enabling testers to visualize the interfaces of web servers, making it easier to identify potential entry points for further investigation. This blog post will delve into how to integrate EyeWitness with Nmap scans, creating a streamlined process for capturing the visuals of web servers.

Introduction to EyeWitness

EyeWitness is designed to take screenshots of websites, RDP services, and open VNC servers, automate the process of gathering data from the services it scans, and provide an easy-to-navigate interface to review the screenshots and details gathered. It is particularly useful for security professionals and penetration testers to quickly identify areas of interest within a large number of hosts.

Integrating Nmap Scans with EyeWitness

To leverage EyeWitness effectively, penetration testers often start with Nmap, a versatile tool for network discovery and security auditing. By scanning with Nmap and outputting the results to an XML file, testers can feed comprehensive network scan data directly into EyeWitness, enabling it to focus on live web servers for screenshot capture. Here’s how you can perform this integration step-by-step.

Step 1: Conducting an Nmap Scan

The first step involves scanning your target network with Nmap, ensuring you output the results in an XML format, which EyeWitness can later parse. For instance, you might use the following command to scan for common web server ports and save the output to an XML file:

nmap -p 80,443,8080,8443 -oX scan_results.xml 192.168.1.0/24

This command instructs Nmap to scan for open ports typical of web services (80, 443, 8080, 8443) across all addresses in the subnet 192.168.1.0/24, outputting the results to scan_results.xml.

Step 2: Installing EyeWitness

Before proceeding, ensure that EyeWitness is installed on your system. EyeWitness can be cloned from its GitHub repository and set up with ease. Follow the installation instructions provided in the repository’s README file.

Step 3: Using EyeWitness with Nmap Output

With your Nmap scan results ready, you can now use EyeWitness to parse the XML file and take screenshots of the web servers identified during the scan. Run EyeWitness against the Nmap output using the following command:

./EyeWitness.py -f scan_results.xml --web

This command tells EyeWitness to parse the file scan_results.xml, identify web servers, and take screenshots of their landing pages. The --web flag specifies that only web services should be considered, which is what we’re focusing on in this scenario.

Step 4: Reviewing the Results

Upon completion, EyeWitness generates a report that includes the screenshots, the server header responses, and default credentials (if any) for identified services. This report is invaluable for a penetration tester, providing a quick and easy way to review how a web service presents itself to unauthenticated users.

Conclusion

Integrating EyeWitness with Nmap scans offers a potent combination for penetration testers, merging the comprehensive scanning capabilities of Nmap with the visual reconnaissance power of EyeWitness. This approach not only saves time but also provides a visually enriched dataset that can be invaluable during the penetration testing process. Remember, while these tools can significantly enhance your testing capabilities, always ensure you have proper authorization before scanning and testing networks and systems.

Happy Pentesting!