Synopsis:

I’m releasing version 0.1 of a web screenshot tool I wrote to make recon of a target organizations web resources very fast and effective.

Details:

I chose to write a tool to perform this task after trying to find one that fit my needs but unfortunately the tools I found either didn’t fit exactly what I needed or didn’t work at all. There are a few good options out there including nmap scripts and Selenium based scripts, however they all break on certain websites. Most commonly they have problems with HTTP redirects, javascript, flash, etc. Which are so common that it makes most of these other tools almost unusable.

Spiderlabs released a good example that uses wkhtmltoimage at https://github.com/SpiderLabs/Nmap-Tools, however I had a lot of problems with this as well as certain websites failed to be rendered properly by wkhtml. The wkhtml series of tools uses the webkit rendering engine.

The other main option I tried was using the Selenium browser automation system. Again though this just proved to not be the simplest and most effective way, and some websites just failed to be rendered properly.

I also tried browser plugins for firefox to take screenshots and save them, but had too many issues.

The system I came up with is extremely simple. Webshot loads a list of target websites, IPs and URLs from a newline delimited file, opens the target resource, takes a screenshot of the entire desktop for each site. One of the major issues I had when dealing with other tools was dealing with HTTPS sites that had any certificate issues. To solve that I simply use ‘sendkeys’ functionality to click the ‘accept’ certificate error button within Chrome.

The one major drawback to using the webshot method of loading chrome and taking a screenshot of the entire desktop is simply that you can’t do anything else on the computer running webshot until it finishes. However if you’re like me and have a few pentest systems used exclusively for running longer tasks then this actually doesn’t turn out to be such a big deal.

You can grab webshot from github at https://github.com/tdubs/webshot

Be sure to watch for updates as I’ll be adding some additional functionality shortly.