What it does Eyeballer is a TensorFlow-based image classifier trained specifically on web screenshots from penetration tests. Feed it the output of tools like EyeWitness or GoWitness and it sorts pages into five categories: old-looking sites, login pages, actual webapps, custom 404s, and parked domains. It outputs both a browsable HTML report and a CSV for further scripting.

The interesting bit The model attacks a genuinely annoying problem: modern web apps make simple heuristics useless. Custom 404s return HTTP 200 and hide the “404” string. Login pages resist easy grepping. Parked domains look plausibly real. Eyeballer learned to recognize these visually, and the README is admirably honest about what each label actually means — “that certain ‘je ne sais quoi’ of a website that looks like it was designed in the early 2000’s.”

Key highlights

• Pretrained weights available via GitHub releases; training data hosted on Kaggle
• Binary accuracy of 93.52%, though all-or-nothing accuracy drops to 76.09%
• Webapp detection is strongest (95.32% precision); parked domains weakest (70.99%)
• Includes a live demo at eyeballer.bishopfox.com
• GPU training supported but the README cheerfully declines to help you set up drivers

Caveats

• Requires 1.6x aspect ratio screenshots (e.g., 1440x900); wrong ratios “squish” and degrade predictions
• “Old Looking” recall is only 62.20% — it misses more than a third of vintage vulnerability gold mines
• README notes GPU setup is “way beyond the scope” and you’re on your own for hardware compatibility

Verdict Worth a look if you’re doing large-scope external pentests and drowning in screenshot output. Skip it if your workflow is already lightweight or you prefer grepping for <input type="password"> and calling it a day.