Gowitness is a website screenshotting tool which is very useful for
identifying targets of interest. It can accept multiple input formats, and can
even scan a specified CIDR for web services. My favorite feature
though, is perception sorting, in which it sorts the screenshots by
similarity. This is helpful when searching for unique targets within a large
number of similar websites. I'll outline in this post how to install
gowitness in Kali Linux 2022.2 and also basic usage.
If you haven't already installed Go in Kali Linux, let's start with that.
You'll need to navigate to https://golang.org/dl/ and copy the download
link for latest the Linux version. At the time of this post,
it's https://go.dev/dl/go1.18.3.linux-amd64.tar.gz. Use these commands
to download and install it:
wget <go-download-url>
tar xvzf <filename>
sudo chown -R
root:root ./go
sudo mv go /usr/local
Now you'll need to add the following lines to ~/.zshrc:
export GOPATH=$HOME/work
export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
You can use this command to allow this change to take effect in your
current shell:
source ~/.zshrc
If everything went well, you should be able to run the following command
and get the version number of Go:
There's one more prerequisite for gotwitness, however, which is Chrome.
Let's install that:
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
sudo dpkg -i google-chrome-stable_current_amd64.deb
Now we're ready to install gowitness:
go install github.com/sensepost/gowitness@latest
gowitness
If it was successful, the second command should output the gotwitness
help/usage. Use the commands below to do a quick test, in which we
screenshot a website and have gowitness serve up the report via a locally
hosted web interface. Note that in my commands I like to specify a database
path (instead of the default of gowitness.sqlite3). This way each engagement
has a separate database, targets aren't mixed, and clean up is easier.
gowitness single https://www.google.com --db-path test0.sqlite3
gowitness report serve --db-path test0.sqlite3
Now we just open a browser on the Kali box and navigate
to http://127.0.0.1:7171/. Once you have the web interface up, try
clicking the 'Enable Perception Sorting' button which sorts the screenshots
by similarity. You can click on the screenshot image to view it in a new
tab, or click the URL to browse to it.
Gowitness can accept a number of inputs, including Nessus, nmap, and text
files - the latter consisting of one URL per line. To learn more about each
command, specify the command, followed by --help, like this:
gowitness file --help
If your Kali box is remote, here's a trick that can help you access the
gowitness server from your local browser and also proxy your local instance
of Burp Suite through the SSH session. To do this, you need to establish an
SSH session that forwards port 7171 used by gowitness and also sets up a
SOCKS5 proxy on the remote box:
sudo ssh -D 1080 -L 7171:127.0.0.1:7171 username@host
Now point Burp Suite to the SOCKS5 proxy listening on 127.0.0.1:1080. This
setting can be found in Burp under User options>Connections>SOCKS
Proxy
For best results, access the gowitness server via http://127.0.0.1:7171/
from the browser embedded in Burp Suite, so that the connection is proxied
through the SSH session.
Comments
Post a Comment