eyeballer
Eyeballer is a Python-based CNN that automatically classifies web application screenshots into categories like 'Old-Looking Sites', 'Login Pages', 'Webapps', 'Custom 404s', and 'Parked Domains' to help penetration testers identify vulnerable targets at scale. It outputs both human-readable HTML and machine-readable CSV results with reported 93.52% binary accuracy.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | BishopFox/eyeballer |
| Owner | BishopFox |
| Primary language | Python |
| License | GPL-3.0 — OSI-approved |
| Stars | 1.3k |
| Forks | 147 |
| Open issues | 9 |
| Latest release | 3.0 (2021-04-22) |
| Last updated | 2026-03-08 |
| Source | https://github.com/BishopFox/eyeballer |
What eyeballer is
A TensorFlow-based multi-label image classifier trained on pentest screenshots to detect patterns indicative of security risk or low-value targets. The model is distributed as pretrained H5 weights, accepts 224x224 PNG/image inputs, and supports both CPU and GPU inference. Training pipeline and evaluation metrics provided.
Get the eyeballer source
Clone the repository and explore it locally.
git clone https://github.com/BishopFox/eyeballer.gitcd eyeballer# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Screenshots must be 1.6:1 aspect ratio (e.g., 1440×900) for best accuracy; wrong ratios reduce precision due to image squishing during resize.
- Pretrained weights must be downloaded separately from GitHub releases; ensure version compatibility with installed TensorFlow (GPU/CPU).
- GPU setup for training is undocumented; CPU training will be slow. Only inference mode is likely practical on standard hardware.
- Multi-label classification outputs all applicable labels per image; interpret results as overlapping categories, not mutually exclusive buckets.
- Results are two-file output (HTML for review, CSV for integration); downstream tooling must parse CSV to filter or prioritize.
- Model performance degrades on labels with lower recall (e.g., 'Old Looking' 62.20%, 'Parked Domain' 66.43%); manual validation recommended for high-stakes decisions.
When to avoid it — and what to weigh
- Real-time, sub-second inference required — CPU inference is slow for bulk classification. GPU setup is undocumented and non-trivial. Batch processing is the intended use case.
- Non-English or highly regional web interfaces — Training data is pentest-oriented English-language screenshots. Label definitions assume Western web design patterns; effectiveness on other regions/languages is unknown.
- Production SaaS or critical security appliance — Last release was April 2021 (v3.0), with recent updates (March 2026 push) but no published release notes. No formal support, security audit, or SLA available.
- Closed-source commercial product deployment — GPL-3.0 requires derivative works to be open-source. Proprietary tools incorporating this model must expose source, which may conflict with IP protection goals. Requires legal review.
License & commercial use
Licensed under GNU General Public License v3.0 (GPL-3.0). This is a copyleft license requiring any modifications or derivative works to remain open-source and distribute source code under the same license.
GPL-3.0 permits commercial use of the unmodified software, but any proprietary modifications or derivative works must be released as open-source under GPL-3.0. Using this in a closed-source product or modifying it for a SaaS offering likely violates the license. Requires legal review before any commercial bundling or redistribution. The online demo (eyeballer.bishopfox.com) does not imply commercial support or indemnification.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | Medium |
No security audit, CVE history, or vulnerability disclosure policy documented. As a machine learning model, consider: (1) model poisoning or adversarial input robustness is not discussed; (2) input validation for image uploads is not specified (size limits, format validation); (3) GPU inference may expose side-channel risks in shared environments; (4) pretrained weights are unsigned/unverified—validate source from official GitHub releases. Use in offline/sandboxed environments only if ingesting untrusted screenshots.
Alternatives to consider
Manual screenshot review / custom regex/heuristics
No model complexity or licensing overhead; slower and error-prone but fully transparent and modifiable. Suitable for small scopes.
EyeWitness / GoWitness (screenshotting tools with built-in filtering)
These tools provide basic heuristic-based classification (e.g., HTTP status, title tags) without ML. Faster, no training data needed, but less sophisticated category detection.
Commercial OSINT/reconnaissance platforms (e.g., Shodan, censys.io, similar ML classifiers)
Proprietary SaaS with support, API, and commercial guarantees. No local deployment or GPL licensing concerns; higher cost and data privacy implications.
Build on eyeballer with DEV.co software developers
Eyeballer is open-source and powerful for triage—but deployment, retraining, and licensing require planning. Devco can help architect a custom or wrapped solution. Let's talk.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
eyeballer FAQ
Can I use Eyeballer for a commercial penetration testing service or product?
How long does inference take on a large screenshot directory?
What if my screenshots are not 1.6:1 aspect ratio?
Can I retrain the model on my own data?
Software developers & web developers for hire
Adopting eyeballer is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source security software in production.
Need to integrate AI-powered security tooling?
Eyeballer is open-source and powerful for triage—but deployment, retraining, and licensing require planning. Devco can help architect a custom or wrapped solution. Let's talk.