1
00:00:00,080 --> 00:00:09,840
So the last tool on our enumeration revisited list is going to be a tool called go witness so go witness

2
00:00:09,900 --> 00:00:15,030
is written in go and it's a form of another tool that was called Eyewitness.

3
00:00:15,060 --> 00:00:19,740
Let's go ahead and just go to go witness in while you're installing it because already have it installed.

4
00:00:20,220 --> 00:00:22,370
I'm going to have I'm going to talk about it OK.

5
00:00:22,410 --> 00:00:24,650
So that way we we kill some time here.

6
00:00:24,720 --> 00:00:29,850
So let's go ahead and go to go witness here and I want you to just scroll down.

7
00:00:29,850 --> 00:00:33,420
Copy the go get right here and it takes about 30 seconds to install.

8
00:00:33,420 --> 00:00:37,360
So while we're doing that let's talk about what go witness actually does.

9
00:00:37,410 --> 00:00:42,480
So we have a list of the machines that are alive right.

10
00:00:42,480 --> 00:00:48,780
We find the list of machines that are alive and we sort those out we give everything up and running.

11
00:00:48,780 --> 00:00:55,620
And what we're gonna do is we're gonna go to all those different addresses and we're going to actually

12
00:00:55,620 --> 00:00:57,950
take a screenshot of those addresses.

13
00:00:58,140 --> 00:01:06,030
So I'm going to just give you an example of one here but you can run this through a whole list of file

14
00:01:06,060 --> 00:01:06,720
if you want.

15
00:01:06,750 --> 00:01:11,150
So a whole list of subdomains and that will automate into the process.

16
00:01:11,160 --> 00:01:17,880
So instead of having to go to a hundred domains or subdomains one by one you can just look at the pictures

17
00:01:17,940 --> 00:01:23,190
of each subdomain and visually understand what's going on very quickly on a Web site.

18
00:01:23,520 --> 00:01:29,100
So if there's an interesting log in form you can target that page right away versus you know just going

19
00:01:29,100 --> 00:01:32,040
one by one and it just saves a lot of time.

20
00:01:32,100 --> 00:01:37,800
So you by now should have go witness install and what we're gonna do is we're just going to pick out

21
00:01:37,950 --> 00:01:39,030
one domain here.

22
00:01:39,030 --> 00:01:45,300
So what we can do is we can take a look at go witness and do a dash dash help and I'll show you in the

23
00:01:45,300 --> 00:01:53,390
next video how it's automated into my script so we can scan a cider range if we want to and take screenshots

24
00:01:53,420 --> 00:01:59,300
we can take a screenshot of a single your URL we can do a file as I said before here we're just going

25
00:01:59,300 --> 00:02:06,040
to take a screenshot of a one year or else let's go ahead and just say go witness and we're going to

26
00:02:06,050 --> 00:02:07,440
do a single.

27
00:02:07,820 --> 00:02:17,150
We have to specify the URL flag here and we'll display HECS Tesla icon and so to go out and take a screenshot

28
00:02:17,180 --> 00:02:22,660
of Tesla dot com and we should be able to go find that screenshot pretty easily we could save this out

29
00:02:22,660 --> 00:02:25,940
to a directory but it should be right where we're at here in the root.

30
00:02:25,970 --> 00:02:32,540
So if you go to home and we look for a screenshot hey there it is a G.P.S. Tesla dot com and this is

31
00:02:32,540 --> 00:02:36,430
exactly what Tesla dot.com looks like when you navigate to it.

32
00:02:36,470 --> 00:02:42,820
So imagine you have 100 Web sites and you want to run through 100 different Web sites you can see here

33
00:02:42,820 --> 00:02:43,000
look.

34
00:02:43,030 --> 00:02:47,150
Picture by picture until you see what's interesting and what's not interesting.

35
00:02:47,150 --> 00:02:50,060
So that's really it.

36
00:02:50,410 --> 00:02:58,760
It's it's an awesome tool here and it's fantastically easy to run and very easy to just do very quickly.

37
00:02:58,760 --> 00:03:04,310
So from here what I want to do is I want to cap this off with showing you my script that I run when

38
00:03:04,310 --> 00:03:09,170
I'm doing bug bounty hunting or when I'm doing anything against a client and I'm going to provide that

39
00:03:09,170 --> 00:03:11,350
script to you as well.

40
00:03:11,360 --> 00:03:15,740
So I will leave a pastebin for it on the next video to where you can access it.

41
00:03:15,740 --> 00:03:20,870
You can modify it make it your own do whatever you want with it and have fun with it.

42
00:03:20,870 --> 00:03:25,850
So let's go ahead and move to next video where we talk about automation and we wrap up this enumeration

43
00:03:25,850 --> 00:03:29,090
section and we start moving on to Web application pen testing.