diff --git a/cybersecurity/offensive/information-gathering/eyewitness.Dockerfile b/cybersecurity/offensive/information-gathering/eyewitness.Dockerfile
new file mode 100644
index 0000000..0540040
--- /dev/null
+++ b/cybersecurity/offensive/information-gathering/eyewitness.Dockerfile
@@ -0,0 +1,53 @@
+FROM debian:bookworm
+
+# Install dependencies
+RUN apt-get update && apt-get install -y \
+    git \
+    wget \
+    cmake \
+    python3 \
+    xvfb \
+    python3-pip \
+    python3-netaddr \
+    python3-dev \
+    firefox-esr \
+    python3-venv \
+    && rm -rf /var/lib/apt/lists/*
+
+# Clone EyeWitness
+RUN git clone --depth 1 https://github.com/RedSiege/EyeWitness.git /EyeWitness
+WORKDIR /EyeWitness
+
+# Setup Python virtual environment and dependencies
+RUN python3 -m venv venv && \
+    . venv/bin/activate && \
+    python3 -m pip install \
+    fuzzywuzzy \
+    selenium==4.9.1 \
+    python-Levenshtein \
+    pyvirtualdisplay \
+    netaddr && \
+    cd Python/setup && \
+    ./setup.sh
+
+# Set environment variables
+ENV TERM=xterm \
+    SCREENSHOT_DIR=/eyewitness/screens \
+    LOGDIR=/eyewitness/logs
+
+# Create directories and selenium log path
+RUN mkdir -p /eyewitness/screens /eyewitness/logs
+
+# Create wrapper script to handle venv activation and Xvfb
+RUN echo '#!/bin/bash\n\
+    source /EyeWitness/venv/bin/activate\n\
+    mkdir -p "$SCREENSHOT_DIR"\n\
+    xvfb-run --server-args="-screen 0, 1024x768x24" \\\n\
+    python3 /EyeWitness/Python/EyeWitness.py \\\n\
+    --selenium-log-path "$LOGDIR" "$@"' > /usr/local/bin/run-eyewitness && \
+    chmod +x /usr/local/bin/run-eyewitness
+
+VOLUME ["/eyewitness"]
+WORKDIR /eyewitness
+
+ENTRYPOINT ["/usr/local/bin/run-eyewitness"]
diff --git a/cybersecurity/offensive/information-gathering/eyewitness.yml b/cybersecurity/offensive/information-gathering/eyewitness.yml
new file mode 100644
index 0000000..c326008
--- /dev/null
+++ b/cybersecurity/offensive/information-gathering/eyewitness.yml
@@ -0,0 +1,125 @@
+description: >
+  EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
+
+functions:
+  eyewitness_single:
+    description: Capture screenshot and information from a single URL
+    parameters:
+      target:
+        type: string
+        description: The URL to capture
+        examples:
+          - https://example.com
+
+    container:
+      platform: linux/amd64
+      build:
+        path: ${cwd}/eyewitness.Dockerfile
+        name: eyewitness_local
+      volumes:
+        - ${cwd}/eyewitness:/eyewitness
+
+    cmdline:
+      - --headless
+      - --web
+      - --single
+      - ${target}
+      - --no-prompt
+      - -d
+      - /eyewitness/screens/report
+
+  eyewitness_file:
+    description: Capture screenshots and information from a file containing URLs
+    parameters:
+      target_file:
+        type: string
+        description: File containing URLs to scan (one per line)
+        examples:
+          - urls.txt
+
+    container:
+      platform: linux/amd64
+      build:
+        path: ${cwd}/eyewitness.Dockerfile
+        name: eyewitness_local
+      volumes:
+        - ${cwd}/eyewitness:/eyewitness
+        - ${cwd}/${target_file}:/eyewitness/targets.txt
+
+    cmdline:
+      - --headless
+      - --web
+      - -f
+      - ${target_file}
+      - --no-prompt
+      - -d
+      - /eyewitness/screens/report
+
+  eyewitness_nmap_xml:
+    description: Capture screenshots from a Nmap XML output file
+    parameters:
+      xml_file:
+        type: string
+        description: Path to Nmap XML output file
+        examples:
+          - nmap_output.xml
+
+    container:
+      platform: linux/amd64
+      build:
+        path: ${cwd}/eyewitness.Dockerfile
+        name: eyewitness_local
+      volumes:
+        - ${cwd}/eyewitness:/eyewitness
+        - ${cwd}/${nmap_xml_file}:/eyewitness/scan.xml
+
+    cmdline:
+      - --headless
+      - --web
+      - -x
+      - /eyewitness/${nmap_xml_file}
+      - --no-prompt
+      - -d
+      - /eyewitness/screens/report
+
+  eyewitness_custom_ports:
+    description: Scan specific URLs with custom HTTP/HTTPS ports
+    parameters:
+      target:
+        type: string
+        description: The URL to capture
+        examples:
+          - https://example.com
+      http_ports:
+        type: string
+        description: Additional HTTP ports (comma-separated)
+        examples:
+          - "8080,8081"
+        default: ""
+      https_ports:
+        type: string
+        description: Additional HTTPS ports (comma-separated)
+        examples:
+          - "8443,9443"
+        default: ""
+
+    container:
+      platform: linux/amd64
+      build:
+        path: ${cwd}/eyewitness.Dockerfile
+        name: eyewitness_local
+      volumes:
+        - ${cwd}/eyewitness:/eyewitness
+
+    cmdline:
+      - --headless
+      - --web
+      - --single
+      - ${target}
+      - --no-prompt
+      - --add-http-ports
+      - ${http_ports}
+      - --add-https-ports
+      - ${https_ports}
+      - -d
+      - /eyewitness/screens/report