Automating EyeWitness

by Vince
in Blog
Hits: 2077

The other day, I mentioned the importance of documentation and it got me to thinking about screenshots -- and from there, to EyeWitness.  The description for EyeWitness states:  "EyeWitness is designed to take screenshots of websites, RDP services, and open VNC servers, provide some server header info, and identify default credentials if possible."

I've used it to take screenshots of websites, not much else.  You feed it a list of URLs, point it to that list, and it will create clean screenshots of whatever you feed it.  

Then I got to thinking -- if only it could....

Before I get to this little hack-y script, let me mention an error that you could possibly get when running EyeWitness.  This could be on an existing Kali machine or even a brand new install.  If you happen to see:

"Message: unknown field `sessionId`, expected one of `implicit`, `pageLoad`, `script` at line 1 column 12"

You need to run:  apt-get update && apt-get dist-upgrade && apt-get autoremove

Technically, you don't need to run that last command but you might as well clean things up while you're upgrading.  If the above runs successfully and you get your machine all patched up, that error should go away and you will get a clean run with EyeWitness.  

Moving on to my script --

EyeWitness wants an absolute path and if you don't give it what it wants, it can / will fail to run.  It also wants to save the screen captures under /usr/share/eyewitness.  That first line in the script will grab the current working directly, set it to the variable $MYPATH, and a line further down the script will use that for the location for the output directory.  When I'm writing scripts, I like to echo the path for a sanity check.  Feel free to remove everything from && to the end of the line.  

In order to keep the script from getting ahead of itself, I'm pausing for the Dirb process to finish in the lines with process_id.  Aside from that, it should be straightforward.  

Obviously, you can replace Dirb with whatever directory brute force tool you like.  You'll just need to switch that line with "cut" in order to capture the correct location with the URLs.

MYPATH=$(pwd) && echo "$MYPATH/urls.out"
echo "Enter host address:"
echo "Example: http://www.example.com"
read varhost
echo "Working..."
dirb $varhost -r -o dirb.out &
process_id=$!
wait $process_id
cat dirb.out | grep 200 | cut -d " " -f2 >> urls.out
eyewitness -f "$MYPATH/urls.out" -d "$MYPATH/eyewitness_output" --web


When we launch our script, first we see if scanning with Dirb:





And then it switches over to EyeWitness:





When it finished, our output folder contains the screenshots -- and that's it.  Quick and dirty but it works!