In the rapidly evolving landscape of cybersecurity, identifying potential vulnerabilities in web applications is essential to safeguard your data. Eyeballer is an innovative tool designed to streamline this process, especially during extensive network penetration tests. By leveraging your existing screenshots from tools like EyeWitness or GoWitness, Eyeballer assists in classifying web pages that are more likely to harbor vulnerabilities. Let’s dive into how you can effectively use Eyeballer to maximize your penetration testing efforts.

Setting Up Eyeballer

Before we get started, ensure you have the necessary packages installed. You can do this quickly with the following commands:

sudo pip3 install -r requirements.txt

If you wish for GPU support (which is optional), run this command:

sudo pip3 install -r requirements-gpu.txt

Note: Setting up a GPU for TensorFlow involves various steps like hardware compatibility and driver installations, which are beyond the scope of this guide. You may need to conduct some research or seek assistance if you’re aiming to optimize your performance with a GPU.

Preparing Your Data

In order to make the most of Eyeballer, you will need to find and prepare your training data. You can obtain the required datasets from:

• Kaggle for Training Data

Two critical elements need to be present:

1. images: A folder containing screenshots resized to 224×224 pixels.
2. labels.csv: This file should include the labels corresponding to your screenshots.

Ensure both the images and labels.csv are placed in the root of the Eyeballer code directory. You can also find pretrained weights for immediate use on GitHub, available in the releases section.

Understanding the Labeling System

Eyeballer categorizes web pages into several types, each holding significance during penetration testing:

• Old-Looking Sites: Think of them as vintage cars in a junkyard; they may look appealing but are typically filled with vulnerabilities.
• Login Pages: These are akin to locked doors; they signify unexplored territory that requires specific keys (credentials) to access.
• Webapp: Consider this your complete toolbox; it indicates a broader attack surface exists beyond just a login.
• Custom 404: These pages are like illusionists—visually engaging yet often hide nothing of value behind their tricks.
• Parked Domains: Imagine finding a vacant lot in a bustling city; it appears legitimate but offers little to exploit.

Using Eyeballer to Predict Labels

Now that your environment is set up and data is prepared, predicting labels for your screenshots is simple. Using a native aspect ratio of 1.6x (for instance, 1440×900) is recommended to avoid distortion. Run the below command to predict labels:

eyeballer.py --weights YOUR_WEIGHTS.h5 predict YOUR_FILE.png

For batch processing multiple files, you can execute:

eyeballer.py --weights YOUR_WEIGHTS.h5 predict PATH_TO_YOUR_FILES

The outcomes will be presented in both human-readable (results.html) and machine-readable (results.csv) formats, making analysis straightforward.

Performance Metrics

The effectiveness of Eyeballer can be evaluated using two key metrics:

• Overall Binary Accuracy: The likelihood that a single label prediction is correct.
• All-or-Nothing Accuracy: This metric is stricter, assessing if all labels for an image are correctly predicted.

With a high Overall Binary Accuracy of 93.52%, you have a solid tool in your arsenal. Precision and recall for individual labels can provide deeper insights.

Training Your Own Models

If you’re looking to train Eyeballer anew, you can run the following:

eyeballer.py train

This process may require a robust machine with a good GPU for efficiency. After training, the model will output a new weights file named weights.h5 by default.

Troubleshooting Tips

If you encounter any issues while using Eyeballer, consider reviewing the setup of your environment, ensuring your screenshots are formatted correctly, and that all required packages are installed. For further assistance:

• Check the documentation of any relevant dependencies.
• Look for installation guides on TensorFlow if you’re using GPU.
• Explore community forums and resources.

For more insights, updates, or to collaborate on AI development projects, stay connected with fxis.ai.

Conclusion

Utilizing Eyeballer can substantially increase the efficacy of your penetration tests, helping you to pinpoint the most vulnerable targets efficiently. The synergy of traditional screenshotting tools with cutting-edge predictive analytics opens the door to a more secure web environment.

At fxis.ai, we believe that such advancements are crucial for the future of AI, as they enable more comprehensive and effective solutions. Our team is continually exploring new methodologies to push the envelope in artificial intelligence, ensuring that our clients benefit from the latest technological innovations.