After discovering the subdomains of a target domain, it’s important to check each one to determine which subdomain leads to a login portal or a sensitive directory of the organization. However, there may be a lot of subdomains to check manually, and this process can be very time-consuming. As an aspiring penetration tester, you can be strategic and use a tool such as EyeWitness, which allows you to automate the process of checking each subdomain within a file and taking a screenshot of them.

installation:

  1. To install run these commands: ew_1
git clone https://github.com/RedSiege/EyeWitness.git
cd EyeWitness/python/setup
sudo ./setup.sh
  1. After running all these commands it should install the tool: ew_2
  2. Come back to the previous dir: ew_3
  3. Next, use the following commands to allow EyeWitness to capture a screenshot of each subdomain that was found within the MS-subdomains.txt file ew_4
mkdir screenshots
# come to the dir where eyewitness py script is present
./EyeWitness.py --web -f /home/kali/subdomains.txt -d /home/kali/screenshots --prepend-https
  1. Syntax breakdown:
  • --web: Takes an HTTP screenshot
  • –f: Specifies the source file, along with the list of domains to check
  • –d: Specifies the output directory for the screenshots
  • --prepend-https: Prepends http:// and https:// to the domains without either protocol

I had various issues while installing this tool on newer kali linux, so i used a different method , so to do this follow the below commands:

cd ~/Desktop/EyeWitness/
# 1. Create the virtual environment
python3 -m venv .venv

# 2. Activate it
source .venv/bin/activate

# 3. Install the required Python packages into it
pip install -r ./Python/setup/requirements.txt

# 4. Run EyeWitness (while the venv is still active)
./Python/EyeWitness.py --web -f /home/kali/MS-subdomains.txt -d /home/kali/screenshots_TUKL --prepend-https

ew_5 ew_6