10 Jun 16:06

leonjza

bf79d65

2.4.0

66 commits later, this is a major release of gowitness with many new features, fixes and overall polish. Some screenshots to see what the updated report server UI looks like is below, followed by the change log for this release. Enjoy!

The new Dashboard view

A dark themed, detailed view:

A light themed, detailed view:

new

Add application technology identification using Wappalyzer (via #104 and #110 and #127) (in 3a80bf6 and e79214e and 65816c6) (thanks guervild and Ice3man543 and terrabitz)
Improve performance in HostsInCIDR() method (via #107) (in 71125b2) (thanks NickChillClub)
Add a Nessus parser (via #123) (in e1923bb) (thanks randomactsofsecurity)
Add additional header support (via #124) (in c7b874a) (thanks randomactsofsecurity)
Refactor the webserver to make use of Gin (in 6fad6c3)
Various web UI dependency upgrades, fixes and layout updates (via 05f3c32)
Add new API endpoints. API documentation can be found in the Wiki here (via 49c8702 and 6769e88)
Add a new dashboard view (via 00f9394)
Restore the ability to export static HTML reports again (via 3e459eb)
Record both browser console logs and network events as emitted via Chrome. These fields are searchable and make it possible to see the IP's that hosts resolved to at the time of the screenshot (in 396de21 and 3efb7b0)
Add a simple pager to the detail view (in 0c14e67)
Add a theme switcher for light mode or dark mode, defaulting to dark mode (in 0cbdafb)
Add the ability to dump and save the DOM (in 453a0fc)
Significantly refactor the search feature to more agressively search through collected data. This includes URL's, DOM's, network events, console logs and more. (in 78303cb)
Add the ability to save screenshots as PDF's instead of PNG's (in 2f87924)
Add an example docker-compose.yml file to show how the report server could be used when exposed to a larger network.

fixes

Improve reliability, dealing with some cases where Chrome may hang (via #132) (in 79c4f6e) (thanks rtpt-jonaslieb and randomactsofsecurity)
Prevent screenshot filenames from becoming overly long (in 19b4e15)

other

build release binaries with Go 1.18.2 (186f57e) (8b88b47) (19c1827)
build releases for macOS ARM (96df49e)
bump dependencies (3092a86) (861543e) (01005bb) (af7a504) (c6da64d) (0002ef9)
use github actions to build docker image (ff1241d)
replace vfsgen with native Golang embed for web assets (d98ae0c)
Bump the default User-Agent string used (via ec73fbb)

76065c1c937630e44ecde32abfc0fd945cb20483  gowitness-2.4.0-darwin-amd64
b556b7f45a1b313a1686843f219cf8b045ad0e48  gowitness-2.4.0-darwin-arm64
d361fe3cdf738b0fe60b204a03017e3b4b38ffb5  gowitness-2.4.0-linux-amd64
0f91805c85dd665758e205dda8e8edf09dacb498  gowitness-2.4.0-windows-amd64.exe

Assets 6

20 May 07:37

leonjza

2.3.6

0685be6

2.3.6

This is primarily a security/hardening release.

fixes

Limit the allowed URI's that may be submitted to the screenshot or report server to only those starting with http / https by default. You can use the new --allow-insecure-uri / -A flag to disable this. Take note that with the -A flag, it means someone could screenshot file:// URI's and read local files on the host filesystem. To combat some of this abuse, by default the report & screenshot servers listen on localhost only. However, if you are exposing the report or screenshot servers to the Internet (or other untrusted networks), make sure you restrict access to it as other problematic URI's such as localhost and cloud metadata URIs (and any other SSRF vector) will also be reachable this way. (57dffb7) (thanks to Omri Inbar from Checkmarx for reporting the LFI).

other

go-staticcheck fixes and other code cleanups (1149417)

8a2ca3dc8a58ce3e103aeabd13df7713c0322b2c  gowitness-2.3.6-darwin-amd64
b50938b99af45d7bc209428a648f057b11a6025f  gowitness-2.3.6-linux-amd64
1dcee72acdf074f1850263643ca9297b0d5b38e3  gowitness-2.3.6-windows-amd64.exe

Assets 5

18 May 08:24

leonjza

2.3.5

4644da7

2.3.5

fixes

Check the correct error when parsing Proxy URI's (28a8c77)
Fix a typo (c168591) (thanks @benichmt1 via #96)

other

Bump go version used for release builds to 1.15.10 (6697b99)
Bump dependencies to use chromedp 0.7.2, fixing #101 (d503334)

72dcadc450a02e931ab9143ef23f9ddba8a6d9cd  gowitness-2.3.5-darwin-amd64
71052ed766b0155c7331c155e7cbed213776c3a8  gowitness-2.3.5-linux-amd64
5446ad08a709d4462269776af78578410616929d  gowitness-2.3.5-windows-amd64.exe

Assets 5

09 Mar 08:15

leonjza

2.3.4

3e9cf05

2.3.4

new

Add the Public Key Algorithm field to the database (3e9cf05) (fixes #91)

78722cc482250dba386c0e562568212a1dcbf4d1  gowitness-2.3.4-darwin-amd64
5fb571b12d761f26adbec073d0d73bc45d194259  gowitness-2.3.4-linux-amd64
26726bf22eb9ad6a274aa07b83e8a624904e937c  gowitness-2.3.4-windows-amd64.exe

Assets 5

03 Mar 16:38

leonjza

2.3.3

33c35a5

2.3.3

fixes

Automatically dismiss JavaScript dialog boxes which caused gowitness to stall (bd6114e) (via #89) (thanks @Serizao)

f86cc43856f756960898bbc4ff8ce16ded30717f  gowitness-2.3.3-darwin-amd64
b2c5afe02d91c26dfe06547f668390d517a934e0  gowitness-2.3.3-linux-amd64
750c84767a8786fa812f7836ed5b3586f2b7c835  gowitness-2.3.3-windows-amd64.exe

Assets 5

26 Feb 08:13

leonjza

2.3.2

84ef468

2.3.2

other

Dependency bump (84ef468)

632016c57e12d046cd7efc2debd6ebce0b8a5ba5  gowitness-2.3.2-darwin-amd64
ecc414ffd377e212cc66f32ed2a9ee055b5af640  gowitness-2.3.2-linux-amd64
aa2bc8b925d2bbd7942e8fbd650fa02d9c296f3c  gowitness-2.3.2-windows-amd64.exe

Assets 5

12 Feb 08:31

leonjza

2.3.1

ea74b97

2.3.1

other

Bump the golang build version to 1.15.8 (ea74b97)

0c753be54f305d89120d4827b30eb602651a16e4  gowitness-2.3.1-darwin-amd64
5302eadb51736eafedef9a51a87c71171d536552  gowitness-2.3.1-linux-amd64
2750f88de5093f493927d803578c254debef65b6  gowitness-2.3.1-windows-amd64.exe

Assets 5

09 Dec 16:49

leonjza

2.3.0

73d7643

2.3.0

new

Add the --delay flag to have Chrome wait between navigation and screenshotting. (c67b522)

dd3c98d56daf34dce8e78448cf76c4992fdb7b35  gowitness-2.3.0-darwin-amd64
dfbf5c07c2009d61000b49c35556bdcc706f2844  gowitness-2.3.0-linux-amd64
374727171c6c0095c72d98d8c118ce8ac79ad644  gowitness-2.3.0-windows-amd64.exe

Assets 5

06 Dec 17:30

leonjza

2.2.1

6471cbf

2.2.1

This is small a bug fix release.

fixes

Prevent crashes when the database is disabled (#83)
Correctly parse URL's with a fragment (#) in it (#84)

other

Bump golang build container version to 1.14.12 (16229e3)

5591e6e601ae5377c72932af3cb845f6a71d72e1  gowitness-2.2.1-darwin-amd64
357380c4771afe2f9fb6e7fad017882d9d13c6e7  gowitness-2.2.1-linux-amd64
8b1ab7b1f2652839a924d4e6271bce26514fe700  gowitness-2.2.1-windows-amd64.exe

Assets 5

01 Nov 11:35

leonjza

2.2.0

2b915af

2.2.0

new

Add a new merge sub command. This command takes multiple gowitness sqlite databases and outputs a new, merged database. Check gowitness merge --help for more information.

other

Small report viewer UI updates (thanks @hackerpain).
Add an error message when the report viewer has no results, indicating that the database is either empty or not found.

fixes

Improved file name generation, specifically to append the .png extension.

5859a65d295b1cde4c3176b6b7c31225de495964  gowitness-2.2.0-darwin-amd64
366975463825f9d25f136c52a2509ac8d9c09d6f  gowitness-2.2.0-linux-amd64
67f78eb6404f22ea938a13434a80ff102f96c7fa  gowitness-2.2.0-windows-amd64.exe

Assets 5

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

new

fixes

other

fixes

other

fixes

other

new

fixes

other

other

new

fixes

other

new

other

fixes

Releases: sensepost/gowitness

2.4.0

new

fixes

other

2.3.6

fixes

other

2.3.5

fixes

other

2.3.4

new

2.3.3

fixes

2.3.2

other

2.3.1

other

2.3.0

new

2.2.1

fixes

other

2.2.0

new

other

fixes