Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Eyeballer: Automating Security Triage with Machine Learning

This easy-to-follow guide explores the capabilities of Eyeballer, a first-of-its-kind AI-powered pen testing tool.

Close coverage gaps and speed up security assessments with the power of AI.

Sometimes pen testers can recognize the web pages most likely to contain an actionable lead simply by how those pages look. A blocky web app that looks odd, an admin login page that could be brute-forced, or even just a web page that looks “interesting” are all prime targets for a hacker. But for larger perimeters, manually reviewing screenshots of every page to find the “interesting” isn’t realistic. And, unfortunately, traditional scanners can’t determine which web pages need further inspection.

With Eyeballer, penetration testers have a valuable new resource for improving the accuracy and speed of assessing external perimeters. Eyeballer is a first-of-its-kind AI-powered testing tool that automates the heavy lifting of visually inspecting webpages, allowing the testers to maximize their expertise by focusing on exposures and not triage.

In this eBook, you will learn:

  • Key capabilities of Eyeballer – what it does (and doesn’t do)
  • How Eyeballer works – looking through the layers
  • The results of using Eyeballer on real-world datasets

Dan Petro Headshot

About the author, Dan Petro

Senior Security Engineer

As a senior security engineer for the Bishop Fox Capability Development team, Dan builds hacker tools, focusing on attack surface discovery. Dan has extensive experience with application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. He has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.

More by Dan

Gavin stroy

About the author, Gavin Stroy

Senior Security Consultant

Gavin Stroy (CCNP) is a Senior Security Analyst at Bishop Fox, where he focuses on application assessments (static and dynamic) and network penetration testing (external and internal). Gavin is an active member of the security research community and has published an article on Network Based File Carving in eForensics Magazine. He has spoken on the topic of machine learning at DEFCON China and has presented the AI tool Eyeballer at Black Hat USA in 2019.
More by Gavin

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.