GigaOm Radar for Attack Surface Management: Bishop Fox Named "Leader" and "Fast Mover". Read the report to learn why

Tool Talk: Eyeballer

In Episode 1 of our Tool Talk series we explore Eyeballer, an AI-powered, open-source tool designed to help penetration testers assess large-scale external perimeters.

Login pages. Web apps. Clunky old designs circa 2005. You can spot potentially vulnerable web pages a mile away. But manually evaluating thousands of screen shots to find the “interesting” ones before you can even start pen testing is frustrating and a waste of valuable time.

With Eyeballer, those mind-numbing, eye-blurring manual scans can be a thing of the past.

Eyeballer is an AI-powered, open-source tool designed to help penetration testers assess large-scale external perimeters. Aim it at any screenshot repository and Eyeballer will “look at” rendered web pages to identify which ones are likely to contain vulnerabilities, as well as which ones can be deprioritized during security assessments.

Join us on for our inaugural episode of Tool Talk — a series of interactive “show-and-tell” webcasts featuring popular offensive security tools. Tune in for an up-close look at Eyeballer in action. Follow along, ask questions, and even try it yourself as Bishop Fox Lead Researcher and Eyeballer Co-Creator Dan Petro demonstrates how to use Eyeballer to:

  • Assess a repository of screenshots for indications of potential vulnerabilities
  • Supplement automated scanning methods to close gaps in coverage
  • Improve testing times and accuracy

Dan Petro Headshot

About the author, Dan Petro

Lead Researcher at Bishop Fox

Dan Petro is a Lead Researcher at Bishop Fox and focuses on application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. Dan has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. He has developed several open-source tools including Untwister, which breaks pseudorandom number generators. Additionally, Dan has been quoted in Wired, The Guardian, Business Insider, and Mashable. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.
More by Dan

Joe sechman

About the author, Joe Sechman

AVP of R&D at Bishop Fox

Joe brings over 20 years of experience to his role as Associate Vice President of R&D where he is responsible for nurturing a culture of innovation across Bishop Fox. Over his career, Joe has amassed many security certifications, delivered several presentations, and has co-authored multiple industry publications with groups such as ISC2, ISACA, ASIS, HP, and IEEE.

Additionally, Joe is a prolific inventor with nine granted patents in the fields of dynamic and runtime application security testing, attack surface enumeration, and coverage (U.S. Patents 10,699,017, 10,515,219, 10,516,692, 10,515,220, 10,423,793, 9,846,781, 10,650,148, 10,587,641, and 11,057,395). Prior to joining Bishop Fox, Joe held leadership positions with companies such as Cobalt Labs, HP Fortify, Royal Philips, and Sunera LLC (now Focal Point Data Risk). Earlier in his career, Joe served as the lead penetration tester within SPI Labs at SPI Dynamics where he cut his teeth alongside some of the best and brightest application security industry professionals. Joe received his Bachelor of Business Administration degree in Management Information Systems from the Terry College of Business - University of Georgia.
More by Joe

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.