finds.dev← search

// the find

byt3bl33d3r/WitnessMe

★ 763 · Python · GPL-3.0 · updated Sep 2024

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.

WitnessMe is a web inventory tool for pentesters and red teamers: point it at an IP range, Nmap XML, or Nessus file and it screenshots every HTTP/HTTPS service it finds, then lets you browse and search results through a local CLI or REST API. It's the kind of thing you run at the start of an internal engagement to get a visual lay of the land quickly.

Nmap/Nessus XML parsing is genuinely useful — you don't have to reformat output from your port scanner before feeding it in. The YAML signature library is large (~200 entries covering Cisco, Dell, HP, Synology, cameras, printers) and trivially extensible. Docker packaging with the REST API makes it easy to run remotely and pipe results to other tooling. The test suite is real — unit and integration tests covering target parsing, grab, signatures, and the scan DB, which is more than most security tools bother with.

Pyppeteer has been effectively abandoned (last meaningful commit years ago) and is a thin wrapper around an old pinned version of Chromium — you will fight version mismatches and 'Page Crash' errors on modern systems. The REST API explicitly ships with no authentication, which is a footgun if you deploy it anywhere cloud-adjacent. Last push was September 2024 but activity has been sparse for years; the project feels in maintenance-only mode. The terminal screenshot preview is ITerm2-only, which limits its usefulness for most users.

View on GitHub →

// want more like this?

We dig through GitHub every week and send a few repos picked for what you actually care about — each with an honest take like this one.

Get finds in your inbox → Search again →