-
Notifications
You must be signed in to change notification settings - Fork 16
/
CHANGELOG
222 lines (168 loc) · 17.2 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
[11.18.2014]
Modified..: Fixed a bug where server reset wasn't caught if using an invalid SSL cert.
[10.16.2014]
Modified..: EyeWitness no longer leaves alert messages open when changing URLs. When the URL changes, it SHOULD close out the alert box/basic auth prompt/etc. Thanks to @harmj0y for yelling at me until I finally looked into figuring it out and getting it done.
[10.14.2014]
Modified..: Eyewitness now supports basic auth. New command line options are available to force basic auth using the provided username and password for all requests. This obviously requires using a modified list of URLs to only attempt basic auth against them. Thanks to @digininja for the idea. This was just the likely beginning of Github Issue #97 (but under original eyewitness)
[10.10.2014]
Modified..: EyeWitness has now split into two repos, one for python, and one for ruby. This will allow for easier issues/feature request tracking between the two languages.
[10.9.2014]
Modified..: EyeWitness now supports website "traceroute" functionality. This provides really interesting information to see where you may be redirected. Thanks to @digininja for the suggestion, this is really cool functionality. - Github Issue #75
Modified..: Changed error message when EyeWitness is not given a proper command. Thanks Digininja for the suggestion. - Github Issue #84
Modified..: Removed debug message left in code. Thanks for pointing this out @digininja - Github Issue #85
Modified..: Updated gem error message when gem is not present. Thanks @digininja - Github Issue #88
Modified..: EyeWitness web "traceroute" now follows relative redirects. Thanks for the request/bug @digininja - Github Issue #91
[9.22.2014]
Modified..: EyeWitness now displays an error if no URLs are passed in, quits out, and doesn't generate the report folder. Thanks @digininja for the info! - Github Issue #78
[9.21.2014]
Modified..: Added proxy support to EyeWitness. Proxy usage requires both an ip and port to be passed via the command line or the config file. Thanks @digininja for suggesting the feature! This was a really good idea Robin. - Github Issue #65
[9.20.2014]
Modified..: EyeWitness can now use a config file for the ruby version (python support for config files will be added shortly). Command line options always take precedence over the config file, but the config file is next. Uncomment any config you would like. To use a config file, copy the sample config from the configs directory and place it in the same directory as EyeWitness as eyewitness.config.
Modified..: Fixed file input bug. If provided a directory, EyeWitness should now error out and state that the user needs to provide a valid text file containing URLs. Thanks to @digininja for letting me know about this error - Github Issue #73
[9.16.2014]
Modified..: Fixed issue in python nmap parser
[9.15.2014]
Modified..: Added an additional service detection to nmap parsing for port 8081
[9.14.2014]
Modified..: Link structure and results in each page is now working correctly. Somehow, a bug was introduced at some point. Hopefully this should be fixed for good now.
[9.10.2014]
Modified..: Added -? to alias the help option for EyeWitness CLI interface, thanks @digininja! - Github Issue #64
Modified..: If not given any input, or missing key commands via the cli, EyeWitness will error out and print the command line options it takes. Thanks to @harmj0y for pestering me every assessment until I finally added this in.
Modified..: Added checks for inavlid command line options, thanks @digininja! - Github Issue #63
[8.25.2014]
Modified..: Hopefully fixed an issue when encountering basic auth web pages, and other connection errors. Fix included to not check for default creds against non-existant source code (code doesn't exist because of the error encountered) - thanks @harmj0y for letting me know
[8.22.2014]
Modified..: Fixed -d issue in python version of EyeWitness. Thanks for letting me know Robin. - Issue #60
Modified..: While working on the -d issue, an off by one error was found for the report generation. This has been fixed.
Modified..: Localscan options now handles ENETUNREACH error that is still super odd and can't figure out why this is seen (when the user encountering it can ping the host...?)
[8.20.2014]
Modified..: Added error checking from Robin Woods's (@digininja) supplied code. - Issue # 55
Modified..: Added gem file where gems can be tracked and installed easier - thanks Robin - Issue # 56
[8.4.2014]
Modified..: Code that parses file input (single URL per line) now ignored blank lines within the file. Thanks to webyeti and the APT students at blackhat.
[7.27.2014]
Modified..: Changed header request to perform a HEAD request, vs. a get. Hopefully should save some time. Thanks @harmj0y for the suggestion.
[7.21.2014]
Modified..: Fixed a bug where the time and date wouldn't be shown at the top of the report when providing the directory path for the report.
[7.16.2014]
Modified..: Fixed bug when encountering a web page over ssl that a handshake can't be established. Thanks to @harmj0y for reporting this.
[7.15.2014]
Modified..: Fixed bug when encountering an unknown error. Thanks to @harmj0y for reporting this.
Modified..: Changed how timeout works with Selenium. By default, EyeWitness will wait up to 10 seconds for a web page to load for the screenshot. If it doesn't load in time, it will throw an error. This value cannot currently be changed via the command line. If it needs to be changed, simple change the value on line 28 within EyeWitness.rb. The timeout value specified with --timeout is for the server header information. This is still modified by the value passed with --timeout.
[7.14.2014]
Modified..: Fixed bug in nmap parser that would return mac addresses as the hostname when parsing nmap xml output. Thanks for Steve Borosch (rvrsh3ll) for pointing out the issue to me.
Modified..: HTML source code is now readable, '\n' is used to help :)
Modified..: Link structure is now placed at the top of the page (and bottom)
[7.13.2014]
Released..: Ruby version of Eyewitness (Use this one unless you have to use the python version)
Thanks....: Thanks to Rohan Vazarkar (@cptjesus) for porting his url sorting function to ruby
[6.30.2014]
Added.....: --no-dns flag can be used when parsing nmap or nessus xml to generate the web server list by IP addresses, and not dns names. Thanks to @digininja for initially bringing this up, being patient while I try to think of a decent way to do this, and then @webbreacher for providing the simple solution I should have thought of.
[5.30.2014]
Modified..: Eyewitness now properly closes any xvfb session at the end of a successful run. - Continuation of Github Issue #45 - Thanks Robin for working and troubleshooting fixes with me.
Modified..: EyeWitness Nmap xml parser now checks if multiple IPs (which have a hostname) have the same hostname. If so, it will automatically switch to using the IP to identify the web server vs. the hostname, thereby preventing overwrites. Thanks for reporting this Robin. Really interesting logic flaw to find and fix. - Github Issue #52
[5.29.2014]
Added.....: Setup script now checks the apt-get install and ensures it returns a 0 status. Any non-zero status will alert the user of an error and stop the install process. Thanks Robin for reporting this - Github Issue #51
Modified..: Nmap xml parser now checks if hostname exists in the URL list before adding it to it. If it does exist, it'll add the IP address instead. Thanks Robin for pointing out this logic issue. - Github Issue #52
[5.23.2014]
Added.....: Check to make sure user is using python version 2.7.x. Any other version will fail (gracefully) :) - Github Issue #44 - Thanks Robin
Modified..: Command line options are now grouped together based on similarity.
Added.....: Check to make sure directory (if provided by user) doesn't exist. If so, prompt before overwriting. - Github Issue #47 - Thanks Robin
Added.....: Flag --results <num URLs> can be used to specify the number of results per page within the EyeWitness report. - Github Issue #49 - Thanks Robin
[5.16.2014]
Modified..: Added link structure to the top of the report. Thanks for suggestion Robin - Github Issue #41
Modified..: EyeWitness handles exceptions when receiving a decode error for server header responses - Github Issue #35
Added.....: Amap file output parsing added. Thanks to Jonathan Murray for submitting the parsing code.
[5.13.2014]
Modified..: Local scan now automatically puts "http:\\" before any IP:port combo discovered as being live, except for port 443, and it will put "https:\\"
[5.9.2014]
Added.....: Message to user now displayed when using EyeWitness's --createtargets flag
Modified..: Windows binary of EyeWitness now can connect to https websites, fixed a bug where pyinstaller binaries specifically require the ssl import. Thanks to Arch Beard for informing me of the issue. (Needed to specifically add ssl import for it to work with pyinstaller)
[5.7.2014]
Modified..: Removed specific exception EyeWitness was unaware of.
[5.6.2014]
Modified..: Added a specific exception and generic exception handler to backup request (previously it only handled specific exceptions).
Added.....: --createtargets flag will create a file of all the targets (useful to make a quick target list from a nmap xml or nessus file)
Added.....: There is now a website counter next to the url letting you know how many URLs EyeWitness has gone through and the total remaining.
[5.5.2014]
Modified..: File outputs by EyeWitness have had their delimeter changed (pull request #38)
Modified..: Variable within EyeWitness for an error was the wrong variable name
[5.3.2014]
Modified..: Default creds check is no longer case sensitive when looking for signatures.
[5.2.2014]
Modified..: EyeWitness codebase was largely updated to make it cleaner and more efficient. Thanks to Daxda for your pull requests cleaning the code up!
Modified..: Fixed OS detection
Modified..: Removed subprocess library since it is no longer needed
[4.23.2014]
Added.....: Source code of windows version of EyeWitness is within Windows/. Only modification are the libraries being imported.
Modified..: EyeWitness is now windows compatible. To run on Windows, you would need to install all the required libraries (PyQt4 or PySide, Ghost, netaddr), or simply download the .exe version of EyeWitness at https://www.christophertruncer.com/InstallMe/EyeWitness.exe
Modified..: EyeWitness will now still run if signatures file isn't within the same directory as EyeWitness, but it will print a warning for each URL and will skip the signature/default creds check
[4.22.2014]
Added.....: EyeWitness now attempts to sort similar web pages based off of their title tag - Pull Request from Rvazarker (Rohan). Thanks to Rohan for adding this feature in to EyeWitness.
Modified..: --localscan now takes CIDR notation as its input
Modified..: Bug when checking for valid input on the --difference flag
Modified..: Bug from when the report date and time has been added to the top of the report.
Merged....: Rohan Vazarkar's pull request
[4.8.2014]
Modified..: Changed some of the directory creation logic, specifically when specifying the specific output directory to use. Thanks to Robin Wood for pointing this out. - Github Issue #31
[3.30.2014]
Added.....: When using --localscan, Eyewitness will attempt to scan and find potential web servers by scanning for machines on the local /24 subnet for common web ports (80, 443, 8080, 8443). It will write out the live machines to scanneroutput.txt in a format that EyeWitness can use. Thanks to Rohan Vazarkar helping to write this and get it added to EyeWitness.
[3.28.2014]
Modified..: Small code formatting update.
[3.27.2014]
Modified..: Modified all of EyeWitness to try to start making it PEP-8 compatible. - Github Issue #28
[3.26.2014]
Added.....: Exception handling in case there is an issue when grabbing a web page with a specific user agent. Thanks Webbreacher for helping to bring that up and let me know how to replicate it.
[3.25.2014]
Added.....: Add the --skipcreds flag, which will skip checking for default credentials and will just gather header responses and a screenshot.
Modified..: Modified the directory specification for the report output to now allow full paths. Github Issue #26
Added.....: Exception handling for server-side disconnects
[3.24.2014]
Modified..: Completed user agent switching. It detects differences in requests from the baseline request based off of html source length. If beyond a difference of 50 in length between the new request and the baseline, it will add the new useragent request to the report.
Added.....: Added in --difference, lets the user set the difference threshold, which is 50 by default.
Modified..: Ghost request now, by default, Clicks any popup message with "True" when requesting a web page. Helps in weird issues, potentially SSL issues. Thanks to craSH for pointing this out. - Github Issue #27
[3.20.2014]
Added.....: Began working on adding user agent switching capabilities
[3.18.2014]
Added.....: The user can now use the --useragent flag and provide a useragent to be used for all requests.
Modified..: Location of folder creating function moved outside of if statements.
Modified..: User now able to skip sleep by Ctrl+C during sleep of --jitter
Modified..: Location of log file (which is used to detect SSL certificate errors) was moved into folder of the running EyeWitness report, to ensure more than one instance of EyeWitness can be running simultaneously.
[3.15.2014]
Added.....: Detection of websites using invalid SSL certificates
Modified..: Setup script to use my modified Ghost library which allows the user to navigate to sites with invalid SSL certs (but also logs a warning).
[3.14.2014]
Added.....: Jitter functionality added in. If using -jitter <# of seconds>, it will randomize the URL list, and sleep between requests for a value of <# of seconds> - 30% of Num seconds provided
Modified..: Found potential issue with default creds function being called in the wrong location
Modified..: Moved instantiation of Ghost object
Modified..: EyeWitness can now be called from any location - Github Issue #18
Modified..: Changed variables to be multi-line strings (where applicable) - Github Issue #17
Modified..: Slightly changed help menu, if no file provided, EyeWitness help screen is shown
Modified..: Added ability to name output directory with -d switch - Github Issue #19
Modified..: Fixed bug in nmap xml parser that would happen if "tunnel" value didn't exist
[3.8.2014]
Modified..: Fixed issue where providing EyeWitness with 1025+ URLs would cause the process to hit its file descriptor limit. Issue has been fixed. - Github Issue # 15
[3.7.2014]
Modified..: Fixed backupRequest function to receive the correct variable
Modified..: Files being opened are now done properly
[3.5.2014]
Modified..: Setup script updated to add xvfb package so EyeWitness can run in a headless install. Thanks to baptistedonaux for letting me know and @themightyshiv for testing it out. Github Issue #13
[3.2.2014]
Modified..: Server header responses are now properly decoded from unicode rather than just stripping the u' from the string. Thanks to Ian Gallagher for pointing this out - Github Issue #3
Modified..: Updated setup script to use a specific known working commit of Ghost, to prevent any potential future breaks in functionality.
[3.1.2014]
Modified..: Did a major cleanup of code structure. Largely needed to not have duplicate code all over EyeWitness when implementing usage of scanning a single URL via a command line argument.
Added.....: --single for use to scan a single URL - thanks to Robin Wood (@digininja) for requesting this, it should have been added in the first place - Github Issue #7
Added.....: Aliased -h, -?, --h, -help, and --help to all produce the help menu if passed in as a parameter. Thanks to Robin Wood (@digininja) for the suggestion. - Github Issue #8
Modified..: Stopped stripping "http://", "https://", and "www" from URLs. Only stripping "//", ":", and "/" now. This is due to a logic flaw identified by Robin Wood (@digininja) that would cause images to be overwritten based off the URLs provided. - Github Issue #9
Added.....: Check to see if URL provided starts with "http://" or "https://", and if not, default to adding "http://" to the front of the url so ghost can resolve it. Thanks to Robin Wood (@digininja) for suggesting this. - Github Issue #6
[2.28.2014]
Modified..: Removed unnecessary packages from Debian support.
Added.....: Setup support for CentOS 6.5+.
[2.27.2014]
Modified..: Created a more robust setup script.
Modified..: Cleaned up setup script support for Kali.
Added.....: Setup support for Debian 7+.
[2.26.2014]
Modified..: EyeWitness report has been modified to prevent XSS execution for malicious scripts embedded within server response information. Thanks to Ian Gallagher (craSH) for letting me know and also submitting a patch. Totally awesome man.
Released..: EyeWitness Initial 1.0 Release