stolenusername/cowitness stolenusername/cowitness

  • Stars
    star
    118
  • Rank 299,923 (Top 6 %)
  • Language
    Go
  • License
    MIT License
  • Created over 1 year ago
  • Updated 8 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
stolenusername/cowitness
github

stolenusername

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

CoWitness is a powerful web application testing tool that enhances the accuracy and efficiency of your testing efforts. It allows you to mimic an HTTP server and a DNS server, providing complete responses and valuable insights during your testing process.

CoWitness

Images\CoWitness.png

License: MIT made-with-python

CoWitness is a tool designed to function as an HTTP, HTTPS, and DNS server. It allows you to serve web pages, log HTTP requests, and customize DNS responses. This README provides an overview of the features and instructions on how to compile and use the CoWitness tool.

Features

  • HTTP Server: CoWitness includes an HTTP server that listens on port 80. It can serve static files from the current working directory. Each HTTP request is logged, including the client's IP address, requested resource, and user agent.

  • HTTPS Server: In addition to the HTTP server, CoWitness also provides an HTTPS server that listens on port 443. Similar to the HTTP server, it serves static files and logs each request.

  • DNS Server: CoWitness functions as a DNS server, listening on port 53. It allows you to customize DNS responses, including NS and A records. DNS requests are logged, including the client's IP address and the requested domain.

  • Logging: CoWitness creates log files for HTTP and DNS requests. The logs are appended to existing files, allowing you to track and analyze the server activity.

  • Quiet Mode: CoWitness can run in quiet mode by passing the -q command-line argument. In this mode, the ASCII art banner will not be displayed.

Prerequisites 📝

Before using CoWitness, ensure that you have the following requirements:

  • Go programming language installed on your system, get it HERE.
  • Internet access to download Go dependencies.
  • A remote server with a public IP address.

Installation 👨🏼‍🔧

Follow these steps to install and compile CoWitness:

  1. Clone the CoWitness repository from GitHub:
git clone https://github.com/your-username/CoWitness.git
  1. Change to the CoWitness directory:
cd CoWitness
  1. Build the CoWitness executable:
go build cowitness.go

This command compiles the CoWitness source code and creates an executable file.

Usage 👨🏻‍💻

To use CoWitness on a remote server, follow these steps:

  1. Choose a domain name for your testing environment.
  2. Set up a remote server and obtain a public IP address for it.
  3. Register your name servers to point to the public IP address. (Refer to your domain registrar's documentation for instructions on how to set up name servers.)
  4. Create glue records to associate the IP address with your remote server. This step may vary dpending on your DNS provider. Consult their documentatin for guidance on creating glue records.
  5. Ensure that ports 80 and 53 are available on the remote server. Configure any firewall or network settings to allow incoming connections on these ports.
  6. Transfer the CoWitness executable to the remote server using a secure method such as SCP or SFTP.

Connect to the remote server via SSH:

ssh username@your-server-ip

Navigate to the directory where you transferred the CoWitness executable and run the CoWitness executable:

./CoWitness

Customization ⚒️

You can customize CoWitness to fit your specific needs. Here are some possible modifications:

  • Change the default ports: Modify the constants HTTPPort, HTTPSPort, and DNSPort in the source code to use different port numbers.

  • Modify the log file paths: You can change the paths for the HTTP and DNS log files (http.log and dns.log) by updating the os.OpenFile calls in the source code.

  • Customize the banner: You can modify the ASCII art banner displayed when CoWitness starts by editing the displayBanner function in the source code.



Community & Contributions

We welcome contributions and feedback from the community. If you encounter any issues or have suggestions for improvements, please open an issue or submit a pull request on our GitHub repository!

License

CoWitness is released under the MIT License.

More Repositories

1

Meta-Detector

The following code when compiled in go takes a domain name as an argument and outputs an HTML file with Google Search links for various document types. Each link opens the results in a new tab
Go
11
star
2

DirSpray

DirSpray allows you to take a list of target domains, a list of target files and directories, and then enumerate those without having to throttle your requests.
Go
1
star
3

proxspray

Prox Spray is a powerful tool designed to assist you in testing web applications by checking if you can proxy through common ports. It provides a convenient way to identify potential vulnerabilities or access restricted resources during penetration testing.
Go
1
star
4

SparrowHawk

An application to quickly check for indicators of compromise for Silver Sparrow based on the article at: https://redcanary.com/blog/clipping-silver-sparrows-wings/
Go
1
star