basic vuln checking

[digininja]

I've just ran Nessus across the range I scanned earlier and something Nessus does is to throw random filenames with html and aspx extensions at the site to see how it responds. From this I've just picked up a load of IIS error pages with path disclosure (the "IIS 7.5 Detailed Error 404.0" page")

This is going beyond your current remit of just taking screenshots but it would be good if you could add it as a disabled by default option.

Thinking really big, talk to the Nikto team and see if you could use their database to get full screenshots of errors rather than just their command line output.

[freeload101]

I also think that would be out of scope for this app if anything it would be nice to have a 'dupelicate' checker. see diff dupe if 2 lines or less are different https://rmccurdy.com/scripts/WEBDUMP_BURP

also off topic you could use https://github.com/percx/Praeda to include some web checks too I found just running burp or curl on all ports/ips you can get shells on A/V systems and wonky IOT devices by searching for stuff liek "command not found" regex warn|\berr|fail|unabl|can|not|fault)

I really love Eyewitness because it allows me to QUICKLY with the help of my webdump_burp to remove dupes to go though thousands of webapps and get a picture of each landing page to find targets during pentest

https://github.com/percx/Praeda