explaingit

redsiege/eyewitness

5,720PythonAudience · ops devopsComplexity · 2/5Setup · moderate

TLDR

A Python security tool that automatically screenshots a large list of websites in one pass, records HTTP headers, and flags pages with default credentials, used to quickly survey web services during penetration tests.

Mindmap

mindmap
  root((eyewitness))
    What it does
      Screenshot websites
      Record HTTP headers
      Flag default credentials
    Input formats
      Plain URL list
      Nmap XML
      Nessus XML
    Tech stack
      Python
      Headless Chromium
      Virtual environment
    Use cases
      Penetration testing
      Security audits
      Network surveys
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Feed an Nmap XML scan result into EyeWitness to automatically screenshot every discovered web service without opening each URL by hand.

USE CASE 2

Survey a large IP range of web interfaces during a penetration test and generate a single consolidated report.

USE CASE 3

Identify web services still running on default credentials during an authorized security audit.

Tech stack

PythonChromium

Getting it running

Difficulty · moderate Time to first run · 30min

Requires running a setup script to create a Python virtual environment, install scripts provided for Windows, Linux, and macOS.

License terms not mentioned, intended for authorized security testing only per the maintainer.

In plain English

EyeWitness is a Python tool used during security assessments to quickly take screenshots of a large number of websites in one pass. Instead of opening each URL manually in a browser, you give EyeWitness a list of addresses and it visits each one automatically, captures what the page looks like, and saves the results to a report. It also records each server's HTTP headers and checks whether the site appears to be running with default credentials that could be a security issue. The primary audience is penetration testers and security auditors who need to survey many web interfaces during an engagement. Common scenarios include scanning an IP range found during a network assessment, or reviewing web services exported from tools like Nmap or Nessus. EyeWitness accepts input as a plain text list of URLs, an Nmap XML file, or a Nessus XML file, so it fits naturally into an existing testing workflow. Under the hood, EyeWitness uses a headless Chromium browser to render pages, which means it handles modern JavaScript-heavy sites rather than just fetching raw HTML. The tool runs multiple pages in parallel using a thread count it calculates automatically based on the number of CPU cores available. It can also add delays between requests and route traffic through a proxy. Installation uses an isolated Python virtual environment so it does not interfere with other software on the system. Setup scripts are included for Windows, Linux, and macOS. After setup, you activate the virtual environment and run the tool from the command line. EyeWitness is open source and maintained by RedSiege. It is intended for authorized security testing only.

Copy-paste prompts

Prompt 1
I have an Nmap XML scan file from a network assessment and want to use EyeWitness to screenshot every open web port. Show me the exact command and how to activate the virtual environment first.
Prompt 2
How do I configure EyeWitness to add a delay between requests and route all traffic through a Burp Suite proxy during a penetration test?
Prompt 3
I want to run EyeWitness against a plain text list of URLs exported from Nessus. What flags do I pass and what does the HTML report output look like?
Open on GitHub → Explain another repo

← redsiege on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.