Nmap Script to Screenshot Web Services

24 Jun

One common situation when conducting a penetration test in web servers and especially in non production systems is the fact that you can discover many services that are not even running a web application.In order to address this problem and to look only the specific services that are running applications Trustwave SpiderLabs have created a Nmap script which allows you to take a screenshot of the running web services.

This script depends on the wkhtmltoimage tool in order to work efficiency.So the first step is to download it,extract it and copy it on the /usr/local/bin folder.In order to achieve that we need to execute the following command from our terminal.

tar -jxvf wkhtmltoimage-0.11.0_rc1-static-i386.tar.bz2
cp wkhtmltoimage-i386 /usr/local/bin/

Now it is time to download the http-screenshot script and place it on the following path where all the nmap scripts are located.


This script will call for the wkhtmltoimage executable in order to take the screenshot.So it is basically integrates this tool inside the nmap.

http-screenshot script – code


Now its time to run the command nmap –script-updatedb in order to update our nmap script engine with the new script.

If we want to test this script all we have to do is to call the script in our nmap scans.For example:

http-screenshot script in use


As you can see from the example it saves the image with the IP of the host and with the port that the service is running.Lets see the saved screenshot:

Screenshot of a web application from Nmap



Nmap has a very powerful script engine that allows you to discover additional information regarding the hosts that you are scanning.Basically this script uses the tool wkhtmltoimage in order to perform the job but from the script engine of nmap making the scans of web services more effective.With this script that Trustwave SpiderLabs have created,you can have an idea of which services are worth looking for your penetration test from the moment of your scan reducing the time that you have to spend by examining every web service separately.


Posted by on June 24, 2012 in Network Mapping


Tags: ,

4 responses to “Nmap Script to Screenshot Web Services

  1. Robert

    June 29, 2012 at 3:17 pm

    Very cool stuff

  2. tsp

    July 9, 2012 at 3:43 pm

    There is also a amd64 version of the wkhtmltoimage. If you download it, then you simply need to replace the i386 version in the script:
    tar xjvf wkhtmltoimage-0.11.0_rc1-static-amd64.tar.bz2
    sudo cp wkhtmltoimage-amd64 /usr/local/bin/
    cd /usr/local/share/nmap/scripts
    sudo sed -i ‘s/wkhtmltoimage-i386/wkhtmltoimage-amd64/g’ http-screenshot.nse

  3. Brandon

    July 19, 2012 at 6:44 pm

    I had issues initially getting this NSE script to work because of a different OS and version of nmap.

    I posted a tutorial including tweaks and optimizations I made to the code in order to make it run, and perform better:

  4. netbiosX

    July 19, 2012 at 6:52 pm


    I had read your article a couple of weeks ago.Nice work!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: