Python3 EyeWitness

EyeWitness is a tool that has been around for many years and has seen many updates (huge shout out to Rohan (@cptjesus) for all of his amazing work). However, the tool was originally written in Python 2. As you all should be aware, Python 2 is set to no longer be supported as of January 1, 2020. Therefore, updating Eyewitness to Python 3 has been on my list of things to do. Thankfully, this is now complete and the master branch on Github contains the Python 3 version of EyeWitness – https://github.com/FortyNorthSecurity/EyeWitness

Python 3 Version of EyeWitness

With the Python 3 version comes some changes. The biggest change is that EyeWitness cannot currently screenshot RDP or VNC systems. This is due to the library that performed these actions not currently supporting Python 3. If the library is updated, EyeWitness will be updated to include that functionality once again.

The only other real difference is that the active credential checking is also removed from EyeWitness. While we personally liked this feature (thanks to Evan Pena for adding it in), the credential database wasn’t maintained and we hadn’t seen many people using it, therefore it was removed to reduce the code base.

Other than that, EyeWitness should be the same tool you have always used, just written in Python 3. It has been open in a beta format where we’ve tried to squash a number of bugs -big thanks to Robin Wood (@digininja) who submitted multiple bugs -but as with any new major version, other bugs may still exist. Please be sure to submit any bugs within Github so we can track them.

In the event that you do require EyeWitness’s ability to screenshot RDP or VNC, we have left a Python 2 branch within the repo (called “Python 2”), so you can always switch to that branch and use it if needed. However, this branch will not be maintained.

Thanks! And as always, feel free to Contact Us if you ever have any questions!