Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Eyeballer: Automating Security Triage with Machine Learning

This easy-to-follow guide explores the capabilities of Eyeballer, a first-of-its-kind AI-powered pen testing tool.

Download Guide

Close coverage gaps and speed up security assessments with the power of AI.

Sometimes pen testers can recognize the web pages most likely to contain an actionable lead simply by how those pages look. A blocky web app that looks odd, an admin login page that could be brute-forced, or even just a web page that looks “interesting” are all prime targets for a hacker. But for larger perimeters, manually reviewing screenshots of every page to find the “interesting” isn’t realistic. And, unfortunately, traditional scanners can’t determine which web pages need further inspection.

With Eyeballer, penetration testers have a valuable new resource for improving the accuracy and speed of assessing external perimeters. Eyeballer is a first-of-its-kind AI-powered testing tool that automates the heavy lifting of visually inspecting webpages, allowing the testers to maximize their expertise by focusing on exposures and not triage.

In this eBook, you will learn:

  • Key capabilities of Eyeballer – what it does (and doesn’t do)
  • How Eyeballer works – looking through the layers
  • The results of using Eyeballer on real-world datasets
Dan Petro Headshot

About the author, Dan Petro

Senior Security Engineer

As a senior security engineer for the Bishop Fox Capability Development team, Dan builds hacker tools, focusing on attack surface discovery. Dan has extensive experience with application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. He has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.

More by Dan
Gavin stroy

About the author, Gavin Stroy

Senior Security Consultant

Gavin Stroy (CCNP) is a Senior Security Analyst at Bishop Fox, where he focuses on application assessments (static and dynamic) and network penetration testing (external and internal). Gavin is an active member of the security research community and has published an article on Network Based File Carving in eForensics Magazine. He has spoken on the topic of machine learning at DEFCON China and has presented the AI tool Eyeballer at Black Hat USA in 2019.
More by Gavin

Extend Your Knowledge

Check out these related resources.

20 Tips To Make the Most of Your Pen Test Guide Cover Page
Guide

20 Tips to Make the Most of Your Pen Test

Whether you’ve conducted many pen tests or are about to embark on your first, this eBook contains helpful guidance for companies at every stage of security-program maturity.

Learn More
Illustration of 3 documents next to each other
Guide

Breaking & Entering: A Pocket Guide for Friendly Remote Admins

This user-friendly guide offers a comprehensive offensive security roadmap for sysadmins, penetration testers, and other security professionals.

Learn More
Bishop Fox Webcast title Outpacing Modern Attackers with Security featuring Wes Hutcherson, Barrett Darnell, and Ori Zigindere
Webcast

Outpacing the Speed and Precision of Modern Attackers with Continuous Attack Surface Testing

On-demand webcast provides an in-depth look at using Continuous Attack Surface Testing (CAST) to identify and close attack windows before it’s too late.

Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.