Convert Figma logo to code with AI

sensepost logogowitness

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

2,867
329
2,867
47
View on GitHub

Top Related Projects

michenriksen's avatar

aquatone

5,601

A Tool for Domain Flyovers

RedSiege's avatar

EyeWitness

4,897

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

byt3bl33d3r's avatar

CrackMapExec

8,349

A swiss army knife for pentesting networks

OJ's avatar

gobuster

9,540

Directory/File, DNS and VHost busting tool written in Go

tomnomnom's avatar

httprobe

2,815

Take a list of domains and probe for working HTTP and HTTPS servers

Quick Overview

GoWitness is a website screenshot utility written in Go. It uses Chrome Headless to capture screenshots of web pages, making it useful for reconnaissance during web application security assessments or for monitoring website changes over time.

Pros

  • Fast and efficient due to Go's concurrent nature
  • Cross-platform compatibility (Windows, macOS, Linux)
  • Supports various output formats (HTML, JSON, CSV)
  • Integrates well with other security tools and workflows

Cons

  • Requires Chrome or Chromium to be installed
  • Limited customization options for screenshot capture
  • May struggle with complex, JavaScript-heavy websites
  • Potential legal concerns when used without permission

Getting Started

  1. Install GoWitness:
go install github.com/sensepost/gowitness@latest
  1. Basic usage to capture a single URL:
gowitness single https://example.com
  1. Scan a list of URLs from a file:
gowitness file -f urls.txt
  1. Generate a report after scanning:
gowitness report serve

For more advanced usage and options, refer to the project's documentation on GitHub.

Competitor Comparisons

michenriksen logo

aquatone

5,601

A Tool for Domain Flyovers

Pros of Aquatone

  • More comprehensive feature set, including domain takeover checks and custom HTTP headers
  • Supports multiple input formats (e.g., Nmap XML, text files)
  • Generates HTML reports with interactive elements for easier analysis

Cons of Aquatone

  • Written in Ruby, which may have more dependencies and setup requirements
  • Less actively maintained (last update in 2019)
  • May be slower for large-scale scans compared to Go-based alternatives

Code Comparison

Aquatone (Ruby):

def capture_screenshot(url, output_file)
  browser.visit(url)
  browser.save_screenshot(output_file)
end

Gowitness (Go):

func captureScreenshot(url string, outputFile string) error {
    ctx, cancel := chromedp.NewContext(context.Background())
    defer cancel()
    return chromedp.Run(ctx, chromedp.Navigate(url), chromedp.Screenshot(outputFile, chromedp.FullPage))
}

Both tools aim to capture screenshots of web pages, but Gowitness leverages Go's concurrency features and the chromedp library for potentially faster execution. Aquatone offers a wider range of features beyond screenshot capture, making it more suitable for comprehensive web reconnaissance tasks. However, Gowitness's simplicity and Go implementation may make it easier to integrate into existing workflows and potentially more performant for large-scale scans.

RedSiege logo

EyeWitness

4,897

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

Pros of EyeWitness

  • Written in Python, which may be more familiar to some users
  • Supports multiple report formats (HTML, CSV, XML)
  • Includes additional features like parsing Nmap XML output

Cons of EyeWitness

  • Slower execution compared to GoWitness
  • More complex setup with additional dependencies
  • Less actively maintained (last commit over a year ago)

Code Comparison

EyeWitness (Python):

def create_driver(resolution, user_agent, proxy):
    chrome_options = webdriver.ChromeOptions()
    chrome_options.add_argument("--ignore-certificate-errors")
    chrome_options.add_argument("--ignore-ssl-errors")
    chrome_options.add_argument("--headless")
    return webdriver.Chrome(options=chrome_options)

GoWitness (Go):

func (c *Chrome) Screenshot(url string) (*ChromeResult, error) {
    ctx, cancel := chromedp.NewContext(context.Background())
    defer cancel()
    var buf []byte
    if err := chromedp.Run(ctx, fullScreenshot(url, 100, &buf)); err != nil {
        return nil, err
    }
    return &ChromeResult{Image: buf}, nil
}

Both tools aim to capture screenshots of web pages, but GoWitness is written in Go, offering faster execution and easier deployment. EyeWitness provides more comprehensive reporting options and additional features for parsing input data. The code snippets show the different approaches to creating a headless browser instance and capturing screenshots, reflecting the language-specific implementations.

byt3bl33d3r logo

CrackMapExec

8,349

A swiss army knife for pentesting networks

Pros of CrackMapExec

  • More comprehensive penetration testing tool with broader functionality
  • Supports various protocols (SMB, WMI, MSSQL, etc.) for network enumeration and exploitation
  • Active development with frequent updates and community contributions

Cons of CrackMapExec

  • Steeper learning curve due to its extensive feature set
  • Potentially more resource-intensive, especially for large-scale scans
  • May trigger more security alerts due to its aggressive nature

Code Comparison

CrackMapExec (Python):

from crackmapexec import connection
conn = connection.Connection('192.168.1.100', 'username', 'password')
conn.login()
conn.shares()

Gowitness (Go):

import "github.com/sensepost/gowitness/cmd"

cmd.Execute()

Summary

CrackMapExec is a powerful, multi-purpose penetration testing tool with extensive capabilities for network enumeration and exploitation. It supports various protocols and offers more advanced features compared to Gowitness. However, this comes at the cost of increased complexity and potential for triggering security alerts.

Gowitness, on the other hand, is more focused on web screenshot and information gathering. It's simpler to use and less likely to trigger security alerts, but has a narrower scope of functionality compared to CrackMapExec.

The choice between these tools depends on the specific requirements of the penetration testing or security assessment task at hand.

OJ logo

gobuster

9,540

Directory/File, DNS and VHost busting tool written in Go

Pros of Gobuster

  • More versatile with multiple modes (DNS, vhost, directory, file brute forcing)
  • Generally faster performance for directory and file enumeration
  • Supports custom wordlists and pattern-based brute forcing

Cons of Gobuster

  • Lacks screenshot capabilities
  • No built-in reporting or visual output features
  • Limited to text-based results without additional processing

Code Comparison

Gobuster (main scanning function):

func (d *DNSBuster) Start(ctx context.Context) error {
    d.resultChan = make(chan Result)
    d.errorChan = make(chan error)
    d.wildcardIps = make(map[string]struct{})
    return d.brute(ctx)
}

Gowitness (screenshot capture):

func CaptureScreenshot(url string, options *ChromeOptions) (*Screenshot, error) {
    ctx, cancel := chromedp.NewContext(context.Background())
    defer cancel()
    return captureScreenshot(ctx, url, options)
}

While Gobuster focuses on efficient brute-forcing and enumeration, Gowitness specializes in web screenshot capture and visual reconnaissance. Gobuster is more suitable for thorough directory and subdomain discovery, while Gowitness excels at visually documenting web assets and generating reports with screenshots.

tomnomnom logo

httprobe

2,815

Take a list of domains and probe for working HTTP and HTTPS servers

Pros of httprobe

  • Lightweight and fast, focusing solely on probing HTTP/HTTPS services
  • Simple to use with minimal configuration required
  • Easily integrates into command-line pipelines

Cons of httprobe

  • Limited functionality compared to gowitness (no screenshot capabilities)
  • Lacks advanced features like custom user agents or proxy support
  • No built-in reporting or output formatting options

Code Comparison

httprobe:

func probeHttp(url string, timeout time.Duration) (string, error) {
    client := &http.Client{
        Timeout: timeout,
    }
    resp, err := client.Get(url)
    if err != nil {
        return "", err
    }
    defer resp.Body.Close()
    return url, nil
}

gowitness:

func (s *Screenshot) Take(url string) error {
    ctx, cancel := chromedp.NewContext(context.Background())
    defer cancel()
    return chromedp.Run(ctx,
        chromedp.Navigate(url),
        chromedp.CaptureScreenshot(&s.Data),
    )
}

The code snippets highlight the core differences between the two tools. httprobe focuses on simple HTTP probing, while gowitness includes more complex functionality for capturing screenshots using Chrome DevTools Protocol.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README


🔍 gowitness

A golang, web screenshot utility using Chrome Headless.

@leonjza Go Report Card Docker build & Push


introduction

gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line, with a handy report viewer to process results. Both Linux and macOS is supported, with Windows support mostly working.

Inspiration for gowitness comes from Eyewitness. If you are looking for something with lots of extra features, be sure to check it out along with these other projects.

documentation

For installation information and other documentation, please refer to the wiki here.

screenshots

dark

credits

gowitness would not have been possible without some of these amazing projects: chromedp, tabler, zerolog, cobra, gorm, go-nmap, wappalyzergo, goimagehash

license

gowitness is licensed under a GNU General Public v3 License. Permissions beyond the scope of this license may be available at http://sensepost.com/contact/.