Identify and add asset discovery tools

[Bandit-HaxUnit]

Add gowitness for visual reconnaissance to enhance asset discovery.

[cursor]

Bug: Browser Path and Database Location Issues

The gowitness command hardcodes the Chrome browser path to /usr/bin/google-chrome, which can prevent visual reconnaissance from working on systems where Chrome is installed elsewhere or not at all, despite gowitness being able to auto-detect browser paths. Additionally, the gowitness report export command assumes the gowitness.sqlite3 database is located within the screenshots directory, but the gowitness capture command does not explicitly specify the database output path, potentially leading to report generation failures.

main.py#L1180-L1194

haxunit/main.py

Lines 1180 to 1194 in 496cc3f

	f"--screenshot-format png "
	f"--chrome-path /usr/bin/google-chrome "
	f"--user-agent 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'"
	)
	self.cmd(gowitness_cmd)
	# Generate gowitness report
	report_cmd = (
	f"gowitness report export "
	f"-f {screenshots_dir}/gowitness.sqlite3 "
	f"--format csv "
	f"> {self.dir_path}/gowitness_report.csv"
	)
	self.cmd(report_cmd)

Fix in Cursor • Fix in Web

---

BugBot free trial expires on July 24, 2025
Learn more in the Cursor dashboard.

Was this report helpful? Give feedback by reacting with 👍 or 👎

[x-stp]

check license compat; may need a reference @cursoragent look into it

[Bandit-HaxUnit]

Thanks for the note, since HaxUnit only calls gowitness as an external CLI tool without linking or bundling its code, GPLv3 compatibility isn’t a concern.

[x-stp]

LGTM