sensepost/gowitness sensepost/gowitness

Image Processing
  • Stars
    star
    2,701
  • Rank 16,219 (Top 0.4 %)
  • Language
    Go
  • License
    GNU General Publi...
  • Created over 6 years ago
  • Updated 23 days ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
sensepost/gowitness
github

sensepost

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

🔍 gowitness - a golang, web screenshot utility using Chrome Headless


🔍 gowitness

A golang, web screenshot utility using Chrome Headless.

@leonjza Go Report Card Docker build & Push


introduction

gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line, with a handy report viewer to process results. Both Linux and macOS is supported, with Windows support mostly working.

Inspiration for gowitness comes from Eyewitness. If you are looking for something with lots of extra features, be sure to check it out along with these other projects.

documentation

For installation information and other documentation, please refer to the wiki here.

screenshots

dark

credits

gowitness would not have been possible without some of these amazing projects: chromedp, tabler, zerolog, cobra, gorm, go-nmap, wappalyzergo, goimagehash

license

gowitness is licensed under a GNU General Public v3 License. Permissions beyond the scope of this license may be available at http://sensepost.com/contact/.

More Repositories

1

objection

📱 objection - runtime mobile exploration
Python
6,799
star
2

reGeorg

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
Python
2,901
star
3

ruler

A tool to abuse Exchange services
Go
2,071
star
4

mana

*DEPRECATED* mana toolkit for wifi rogue AP attacks and MitM
HTML
1,079
star
5

DET

(extensible) Data Exfiltration Toolkit (DET)
Python
813
star
6

godoh

🕳 godoh - A DNS-over-HTTPS C2
Go
721
star
7

kwetza

Python script to inject existing Android applications with a Meterpreter payload.
Smali
623
star
8

Snoopy

Snoopy: A distributed tracking and data interception framework
Python
596
star
9

hostapd-mana

SensePost's modified hostapd for wifi attacks.
C
520
star
10

DNS-Shell

DNS-Shell is an interactive Shell over DNS channel
Python
516
star
11

rattler

Automated DLL Enumerator
C++
511
star
12

USaBUSe

Universal Serial aBUSe is a project to demonstrate the risks of hardware bypasses of software security by Rogan Dawes at SensePost.
C
479
star
13

snoopy-ng

Snoopy v2.0 - modular digital terrestrial tracking framework
Python
428
star
14

reDuh

Create a TCP circuit through validly formed HTTP requests
Java
342
star
15

autoDANE

Auto Domain Admin and Network Exploitation.
Python
298
star
16

Frack

Frack - Keep and Maintain your breach data
Python
279
star
17

SPartan

Frontpage and Sharepoint fingerprinting and attack tool.
Python
274
star
18

wiresocks

A sock, with a wire, so you can tunnel all you desire.
Shell
266
star
19

impersonate

A windows token impersonation tool
Python
254
star
20

mallet

Mallet is an intercepting proxy for arbitrary protocols
Java
248
star
21

UserEnum

Domain user enumeration tool
Python
209
star
22

jack

Drag and Drop ClickJacking PoC development assistance tool.
CSS
187
star
23

wpa_sycophant

Evil client portion of EAP relay attack
C
177
star
24

wikto

Nikto for Windows with some extra features.
C#
172
star
25

routopsy

Routopsy - Hacking Routers with Routers
Python
164
star
26

heartbleed-poc

Test for SSL heartbeat vulnerability (CVE-2014-0160)
Ruby
158
star
27

dwn

d(ockerp)wn - a docker pwn tool manager
Python
158
star
28

gdi-palettes-exp

DC25 5A1F - Demystifying Windows Kernel Exploitation by Abusing GDI Objects
C++
143
star
29

wadi

Wadi Fuzzing Harness
JavaScript
127
star
30

birp

Big Iron Recon & Pwnage
Python
118
star
31

assless-chaps

Crack MSCHAPv2 challenge/responses quickly using a database of NT hashes
Python
115
star
32

liniaal

Liniaal - A communication extension to Ruler
Go
99
star
33

ms16-098

Windows 8.1 x64 Exploit for MS16-098 RNGOBJ_Integer_Overflow
C
93
star
34

frida-windows-playground

A collection of Frida hooks for experimentation on Windows platforms.
C
92
star
35

notruler

The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.
Go
89
star
36

go-out

☄️ go-out - A Golang egress buster.
Go
81
star
37

anapickle

Toolset for writing shellcode in Python's Pickle language and for manipulating pickles to inject shellcode.
Python
79
star
38

autoresponder

Quick python script to automatically load NTLM hashes from Responder logs and fires up Hashcat to crack them
Python
78
star
39

offensive-rpc

Offensive RPC PoC
C++
78
star
40

xrdp

A rudimentary remote desktop tool for the X11 protocol exploiting unauthenticated x11 sessions
Python
77
star
41

peanuts

Peanuts is a free and open source wifi tracking tool. Based on the SensePosts Snoopy-NG project that is now closed.
Python
70
star
42

mydumbedr

C
68
star
43

apostille

Java
68
star
44

WiFi-Rifle

Creating a wireless rifle de-authentication gun, which utilized a yagi antenna and a Raspberry Pi.
Python
65
star
45

common-substr

Simple tool to extract the most common substrings from an input text. Built for password cracking.
Go
62
star
46

shinai-fi

Docker images for learning wifi hacking
Shell
60
star
47

hash-cracker

Script to perform some hashcracking logic automagically
C
59
star
48

punch-q

👊 A small utility to play with IBM MQ
Python
58
star
49

thumbscr-ews

Exchangelib wrapper for pentesting
Python
53
star
50

BiLE-suite

The Bi-directional Link Extractor.
Perl
53
star
51

wsproxy

A websocket proxy
JavaScript
53
star
52

go-derper

Memcache hacking tool.
Ruby
48
star
53

yeti

SensePost's network footprinting and enumeration tool. You can't pwn what you don't know about.
Java
42
star
54

understanding-eap

A repository with toy implementations of MSCHAPv2, MPEE and WPA/2 to understand EAP better
Python
36
star
55

sockstlsproxy

C#
33
star
56

ntcrack

Left To My Own Devices - NT hash tools
Rust
32
star
57

mail-in-the-middle

Python
30
star
58

policies

Collection of information security policies.
28
star
59

Suru

Suru is one of the original Man In The Middle (MITM) proxies that sits between the user's browser and the web application.
C#
27
star
60

dual-pod-shock

C
25
star
61

squeeza

SQL Injection without the pain of syringes.
Ruby
25
star
62

steampipe-plugin-projectdiscovery

A steampipe plugin to query projectdiscovery.io tools.
Go
25
star
63

wpa3-vuln

hostapd and wpa_supplicant 2.7 vulnerable to Mathy's WPA3 bugs
C
23
star
64

x11-active-displays

Checks X11 and outputs a screenshot to of the display if allowed and the display is active
Lua
23
star
65

SapCap

SApCap is a SAP packet sniffer and decompression tool for analysing SAP GUI (DIAG) traffic
C++
17
star
66

6thSense

A while back antirez, in a post to Bugtraq, detailed a new Tcp portscan method.
Perl
17
star
67

password-tools

Service desk password tools.
JavaScript
16
star
68

maltego-mvs

Tools to combine MVS data with external sources and visualise the output in Maltego.
Python
16
star
69

ntp_monlist

Basic script to pull addresses from a NTP server using the monlist command.
Python
15
star
70

XAPSpy

Runtime analysis of windows phone 7 applications.
C#
14
star
71

SAPProx

SAPProx is a proof of concept tool for intercepting and modifying SAP GUI (DIAG protocol) traffic.
C++
12
star
72

JBaah

HTTP Brute Forcer (Java replacement for SP's CrowBar).
Java
12
star
73

SP-DNS-mine

Google DNS name / sub domain miner.
Perl
11
star
74

casper

Casper is a tiny system tray application that can be used to view the invisible windows on your desktop.
C#
11
star
75

cipherchecks

visually see issues with supported cipher suites
Python
11
star
76

SpUD

SensePost Unified Data API (SPUD) is a wrapper for apps requiring use of the deprecated Google API.
C#
11
star
77

esp-vnc

Our fork of the esp-link firmware with a built in VNC server for passing input events to an AVR. Part of our Universal Serial aBUSe project.
C
11
star
78

neverevercookie

GUI for cleaning out evercookie persistence locations.
Java
10
star
79

dresscode

Python
10
star
80

berate_radius

Alpine hostapd-mana based RADIUS server
Shell
9
star
81

Manifestor

Android Manifest.xml tool
Python
9
star
82

glypeahead

Port scan through Glype proxies.
PHP
9
star
83

ClashofSpamTitan

Python
9
star
84

BilePublic

BiLE stands for Bi-directional Link Extraction. It is used in the footprinting process to find non-obvious relationships between different web sites.
Perl
9
star
85

jcertchecker

JCertChecker is used to check HTTPS certificates.
Java
8
star
86

Scully

Scully is a client interface to MSSQL and MySQL database servers.
C#
8
star
87

finder

Finder.pl remotely checks IIS Servers for most of the methods used by WebDAV.
Perl
8
star
88

desperate

Perl
7
star
89

CarbanakCheck

Check squid logs for possible Carbanak malware.
Python
7
star
90

MonSoen

Proxy Server network scanner and tunnelling tool.
Python
7
star
91

hash-cracker-apple-silicon

Script to perform some hashcracking logic automagically
Python
6
star
92

sconwar

a bring your own client programming game
Go
6
star
93

go

Seriously primitive portscanner using Squid proxy.
Perl
6
star
94

pudding

IDS evasion for web-based exploits via encoding built into a "proxy"
6
star
95

unitools

For working with IIS servers with the Unicode bug
Perl
5
star
96

gr-protocoldecoder

A simple way to decode a known protocol in GRC in real time.
CMake
5
star
97

file-read-experiments

A few short scripts to look at the performance of various file read strategies.
Rust
5
star
98

mpdchecker

Confirm the presence of HTTP methods per directory.
Python
4
star
99

sensedecode

Sensedecode includes 2 perl scripts which exploit the IIS url decoding bug.
Perl
4
star
100

sensecon-2021-discord-bot

Discord Bot used for the SenseCon 2021 Challenges: https://sensepost.com/blog/2021/sensecon-2021-wargames-edition/
TypeScript
4
star