gitwtfhub

wtf is eyewitness?

redsiege/eyewitness — explained in plain English

Analysis updated 2026-06-26

5,720PythonAudience · ops devopsComplexity · 2/5Setup · moderate

TL;DR

A Python security tool that automatically screenshots a large list of websites in one pass, records HTTP headers, and flags pages with default credentials, used to quickly survey web services during penetration tests.

Mindmap

mindmap
  root((eyewitness))
    What it does
      Screenshot websites
      Record HTTP headers
      Flag default credentials
    Input formats
      Plain URL list
      Nmap XML
      Nessus XML
    Tech stack
      Python
      Headless Chromium
      Virtual environment
    Use cases
      Penetration testing
      Security audits
      Network surveys

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Why would anyone build with this?

REASON 1

Feed an Nmap XML scan result into EyeWitness to automatically screenshot every discovered web service without opening each URL by hand.

REASON 2

Survey a large IP range of web interfaces during a penetration test and generate a single consolidated report.

REASON 3

Identify web services still running on default credentials during an authorized security audit.

What's in the stack?

PythonChromium

How it stacks up

redsiege/eyewitnessi-tu/haskliglayout-parser/layout-parser
Stars5,7205,7205,730
LanguagePythonPythonPython
Setup difficultymoderateeasymoderate
Complexity2/51/53/5
Audienceops devopsdeveloperresearcher

Figures from each repo's GitHub metadata at analysis time.

How do you spin it up?

Difficulty · moderate Time to first run · 30min

Requires running a setup script to create a Python virtual environment, install scripts provided for Windows, Linux, and macOS.

License terms not mentioned, intended for authorized security testing only per the maintainer.

Wtf does this do

EyeWitness is a Python tool used during security assessments to quickly take screenshots of a large number of websites in one pass. Instead of opening each URL manually in a browser, you give EyeWitness a list of addresses and it visits each one automatically, captures what the page looks like, and saves the results to a report. It also records each server's HTTP headers and checks whether the site appears to be running with default credentials that could be a security issue. The primary audience is penetration testers and security auditors who need to survey many web interfaces during an engagement. Common scenarios include scanning an IP range found during a network assessment, or reviewing web services exported from tools like Nmap or Nessus. EyeWitness accepts input as a plain text list of URLs, an Nmap XML file, or a Nessus XML file, so it fits naturally into an existing testing workflow. Under the hood, EyeWitness uses a headless Chromium browser to render pages, which means it handles modern JavaScript-heavy sites rather than just fetching raw HTML. The tool runs multiple pages in parallel using a thread count it calculates automatically based on the number of CPU cores available. It can also add delays between requests and route traffic through a proxy. Installation uses an isolated Python virtual environment so it does not interfere with other software on the system. Setup scripts are included for Windows, Linux, and macOS. After setup, you activate the virtual environment and run the tool from the command line. EyeWitness is open source and maintained by RedSiege. It is intended for authorized security testing only.

Yoink these prompts

Prompt 1
I have an Nmap XML scan file from a network assessment and want to use EyeWitness to screenshot every open web port. Show me the exact command and how to activate the virtual environment first.
Prompt 2
How do I configure EyeWitness to add a delay between requests and route all traffic through a Burp Suite proxy during a penetration test?
Prompt 3
I want to run EyeWitness against a plain text list of URLs exported from Nessus. What flags do I pass and what does the HTML report output look like?

Frequently asked questions

wtf is eyewitness?

A Python security tool that automatically screenshots a large list of websites in one pass, records HTTP headers, and flags pages with default credentials, used to quickly survey web services during penetration tests.

What language is eyewitness written in?

Mainly Python. The stack also includes Python, Chromium.

What license does eyewitness use?

License terms not mentioned, intended for authorized security testing only per the maintainer.

How hard is eyewitness to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is eyewitness for?

Mainly ops devops.

View the repo → Decode another repo

This repo across BitVibe Labs

Don't trust strangers blindly. Verify against the repo.