🔍 gowitness - a golang, web screenshot utility using Chrome Headless
Full Changelog: https://github.com/sensepost/gowitness/compare/2.5.0...2.5.1
1edfe2209731e68621006b3cc0376d6a4b97e85e gowitness-2.5.1-darwin-amd64
3c817d57d704a3de1dcb084a59b77e684dddb154 gowitness-2.5.1-darwin-arm64
19c75086ac90ae2891f24fa89d76c84748eb3d06 gowitness-2.5.1-linux-amd64
105ecb560afccd5f29fe1d748c32862848f556df gowitness-2.5.1-linux-arm64
e893957658f560911864eeecec606c0cd9ea8e05 gowitness-2.5.1-linux-armv7
32315a0b50ccd4e28b941a4b0121200b6625eb9e gowitness-2.5.1-windows-amd64.exe
--js
flag on screenshotted pages. (thanks @djallalzoldik) (via #180)sqlite://gowitness.sqlite3
(the default), or postgres://user:pass@host/database
.--screenshot-db-store
(thanks @habitualdev) (originally via #166 but refactored in https://github.com/sensepost/gowitness/commit/62d6de3d49dd5fa438e0ab38105f3bfb050da0ee). The report viewer will automatically fallback to the filesystem if database screenshots are not available.io/ioutil
(in https://github.com/sensepost/gowitness/commit/f939dec411a982f98d6b2e79555a14fd28039e00)Full Changelog: https://github.com/sensepost/gowitness/compare/2.4.2...2.5.0
72f9578e558527bd5e8c6212d5e63b18867cd0b7 gowitness-2.5.0-darwin-amd64
d3fa213e6e0c8543256e26c1c3b3b71f23175485 gowitness-2.5.0-darwin-arm64
5f76bc689612b0b1ca5266834c76cb0c55a120b8 gowitness-2.5.0-linux-amd64
9c567241d9202689d395e704735fd8f3c1a47cfb gowitness-2.5.0-linux-arm64
c8005cc40c8a7a9c1c690737e14853c829263acd gowitness-2.5.0-linux-armv7
d906179afa9b59950a3ded496f9c0ede260c2cb7 gowitness-2.5.0-windows-amd64.exe
8577bca1f581d7f163144b5c9068861fcf401524 gowitness-2.4.2-darwin-amd64
64b7469d97a511650f1efb74499878ad3ef8e76d gowitness-2.4.2-darwin-arm64
e98b223ae71ef7a8df75ba0a6461b6b772a2176e gowitness-2.4.2-linux-amd64
18556f2b0b856d90865ddae653c2e05182541e37 gowitness-2.4.2-linux-arm64
adb157143d84ff697c0cf965df3ce04ae34a5a48 gowitness-2.4.2-linux-armv7
6de652cf5ddf8f4f541f6172f127d23747353097 gowitness-2.4.2-windows-amd64.exe
nmap
command example documentation. (thanks @crypt0rr ) (via #138)8c5dfc2b7f5a66aec4d861522c2d78452e1950ac gowitness-2.4.1-darwin-amd64
bd4026cad944b6143fbad90b0a9f2e41671509f6 gowitness-2.4.1-darwin-arm64
82c56c41caf8e1474adc851a90df48cb5b7c9ee1 gowitness-2.4.1-linux-amd64
b6391b19c6b5316e74c18f8c05dcec1987186170 gowitness-2.4.1-linux-arm64
9f79dfa11aaf6788a1150da41c12da03185e26af gowitness-2.4.1-linux-armv7
5ec37979e14290200f0d0919006102cefa89edd2 gowitness-2.4.1-windows-amd64.exe
66 commits later, this is a major release of gowitness with many new features, fixes and overall polish. Some screenshots to see what the updated report server UI looks like is below, followed by the change log for this release. Enjoy!
The new Dashboard view
A dark themed, detailed view:
A light themed, detailed view:
HostsInCIDR()
method (via #107) (in 71125b2b19f08b7bc87481c2d7a0c50aa8b6fbb0) (thanks NickChillClub)docker-compose.yml
file to show how the report server could be used when exposed to a larger network.embed
for web assets (d98ae0ce3e054d4ffd5bd41a1f5cefef3bcc42fd)76065c1c937630e44ecde32abfc0fd945cb20483 gowitness-2.4.0-darwin-amd64
b556b7f45a1b313a1686843f219cf8b045ad0e48 gowitness-2.4.0-darwin-arm64
d361fe3cdf738b0fe60b204a03017e3b4b38ffb5 gowitness-2.4.0-linux-amd64
0f91805c85dd665758e205dda8e8edf09dacb498 gowitness-2.4.0-windows-amd64.exe
This is primarily a security/hardening release.
http
/ https
by default. You can use the new --allow-insecure-uri
/ -A
flag to disable this. Take note that with the -A
flag, it means someone could screenshot file://
URI's and read local files on the host filesystem. To combat some of this abuse, by default the report & screenshot servers listen on localhost only. However, if you are exposing the report or screenshot servers to the Internet (or other untrusted networks), make sure you restrict access to it as other problematic URI's such as localhost and cloud metadata URIs (and any other SSRF vector) will also be reachable this way. (https://github.com/sensepost/gowitness/commit/57dffb7a890996daf37254719b035166f1b33d6b) (thanks to Omri Inbar from Checkmarx for reporting the LFI).8a2ca3dc8a58ce3e103aeabd13df7713c0322b2c gowitness-2.3.6-darwin-amd64
b50938b99af45d7bc209428a648f057b11a6025f gowitness-2.3.6-linux-amd64
1dcee72acdf074f1850263643ca9297b0d5b38e3 gowitness-2.3.6-windows-amd64.exe
72dcadc450a02e931ab9143ef23f9ddba8a6d9cd gowitness-2.3.5-darwin-amd64
71052ed766b0155c7331c155e7cbed213776c3a8 gowitness-2.3.5-linux-amd64
5446ad08a709d4462269776af78578410616929d gowitness-2.3.5-windows-amd64.exe
78722cc482250dba386c0e562568212a1dcbf4d1 gowitness-2.3.4-darwin-amd64
5fb571b12d761f26adbec073d0d73bc45d194259 gowitness-2.3.4-linux-amd64
26726bf22eb9ad6a274aa07b83e8a624904e937c gowitness-2.3.4-windows-amd64.exe
f86cc43856f756960898bbc4ff8ce16ded30717f gowitness-2.3.3-darwin-amd64
b2c5afe02d91c26dfe06547f668390d517a934e0 gowitness-2.3.3-linux-amd64
750c84767a8786fa812f7836ed5b3586f2b7c835 gowitness-2.3.3-windows-amd64.exe
632016c57e12d046cd7efc2debd6ebce0b8a5ba5 gowitness-2.3.2-darwin-amd64
ecc414ffd377e212cc66f32ed2a9ee055b5af640 gowitness-2.3.2-linux-amd64
aa2bc8b925d2bbd7942e8fbd650fa02d9c296f3c gowitness-2.3.2-windows-amd64.exe