Eyeballer: Hacking Websites at Scale Using AI // Bishop Fox // Dan Petro
You know an old-looking website when you see it. Blocky frames, broken CSS, that certain "je ne sais quoi" of a website that looks like it was designed in the early 2000's. But what do you do when the attack surface has tens of thousands of websites in scope? How do you find these vulnerability diamonds-in-the-rough when there's no time to look through all of them manually?
This is where Eyeballer comes in. Eyeballer is an AI-powered, open-source tool designed to help penetration testers assess large-scale external perimeters. Aim it at a stack of screenshots and Eyeballer will “look at” the rendered web pages to identify which ones are likely to contain vulnerabilities, as well as which ones can be deprioritized during security assessments.