{"id":13541893,"url":"https://github.com/nccgroup/scrying","last_synced_at":"2025-04-05T16:08:05.184Z","repository":{"id":37744388,"uuid":"265223109","full_name":"nccgroup/scrying","owner":"nccgroup","description":"A tool for collecting RDP, web and VNC screenshots all in one place","archived":false,"fork":false,"pushed_at":"2023-04-03T22:55:55.000Z","size":5377,"stargazers_count":464,"open_issues_count":36,"forks_count":52,"subscribers_count":17,"default_branch":"main","last_synced_at":"2025-03-29T15:06:18.023Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nccgroup.png","metadata":{"files":{"readme":"README.md","changelog":"Changelog.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-05-19T11:02:21.000Z","updated_at":"2025-03-17T08:41:38.000Z","dependencies_parsed_at":"2024-01-14T08:54:59.998Z","dependency_job_id":"96486859-0cd5-4406-83c5-81caa97e503a","html_url":"https://github.com/nccgroup/scrying","commit_stats":null,"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Fscrying","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Fscrying/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Fscrying/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Fscrying/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nccgroup","download_url":"https://codeload.github.com/nccgroup/scrying/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247361689,"owners_count":20926643,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T10:00:58.458Z","updated_at":"2025-04-05T16:08:05.165Z","avatar_url":"https://github.com/nccgroup.png","language":"Rust","readme":"# NCC Group Scrying\n![Build](https://github.com/nccgroup/scrying/workflows/Build/badge.svg)\n![Release](https://github.com/nccgroup/scrying/workflows/Release/badge.svg)\n\nA new tool for collecting RDP, web and VNC screenshots all in one place\n\nThis tool is still a work-in-progress and should be mostly usable but is not yet complete.\nPlease file any bugs or feature requests as [GitHub issues](https://github.com/nccgroup/scrying/issues)\n\n## Motivation\nSince Eyewitness recently [dropped support for RDP](https://github.com/FortyNorthSecurity/EyeWitness/issues/422#issuecomment-539690698) there isn't a working CLI tool for capturing RDP screenshots.\nNessus still works, but it's a pain to get the images out and they're not included in the export file.\n\nI thought this was a good opportunity to write a fresh tool that's more powerful than those that came before. Check out the feature list!\n\n## Installation\nFor web screenshotting, scrying currently depends on there being an installation of Chromium or Google Chrome. Install with `pacman -S chromium` or the equivalent for your OS.\n\nDownload the latest release from [the releases tab](https://github.com/nccgroup/scrying/releases). There's a Debian package available for distros that use them (install with `sudo dpkg -i scrying*.deb`), and zipped binaries for Windows, Mac, and other Linuxes.\n\n## Usage\nGrab a single web page, RDP server, or VNC server:\n```\n$ scrying -t http://example.com\n$ scrying -t rdp://192.0.2.1\n$ scrying -t 2001:db8::5 --mode web\n$ scrying -t 2001:db8::5 --mode rdp\n$ scrying -t 192.0.2.2\n$ scrying -t vnc://[2001:db8::53]:5901\n```\n\nRun on a headless server:\n```\n# apt install xvfb # or OS equivalent\n$ xvfb-run scrying -t http://example.com\n```\n\nAutomatically grab screenshots from an nmap output:\n```\n$ nmap -iL targets.txt -p 80,443,8080,8443,3389 -oX targets.xml\n$ scrying --nmap targets.xml\n```\n\nChoose a different output directory for images:\n```\n$ scrying -t 2001:db8::3 --output-dir /tmp/scrying_outputs\n```\n\nRun from a targets file:\n```\n$ cat targets.txt\nhttp://example.com\nrdp://192.0.2.1\n2001:db8::5\n$ scrying -f targets.txt\n```\n\nRun through a web proxy:\n```\n$ scrying -t http://example.com --web-proxy http://127.0.0.1:8080\n$ scrying -t http://example.com --web-proxy socks5://\\[::1\\]:1080\n```\n\nImage files are saved as PNG in the following directory structure:\n```\noutput\n├── report.html\n├── rdp\n│   └── 192.0.2.1-3389.png\n├── vnc\n│   └── 192.0.2.1-5900.png\n└── web\n └── https_example.com.png\n```\n\nCheck out the report at `output/report.html`!\n\n## Features:\nFeatures with ticks next to them have been implemented, others are TODO\n* ✔️ Automatically decide whether an input should be treated as a web address or RDP server\n* ✔️ Automatically create output directory if it does not already exist\n* ✔️ Save images with consistent and unique filenames derived from the host/IP\n* ✔️ Full support for IPv6 and IPv4 literals as well as hostnames\n* ✔️ Read targets from a file and decide whether they're RDP or HTTP or use hints\n* ✔️ Parse targets smartly from Nmap and Nessus output\n* ✔️ HTTP - uses platform web renderer, optionally provide paths to try on each server\n* ✔️ Produces an HTML report to allow easy browsing of the results\n* ✔️ VNC - supports sending auth\n* ✔️ RDP - mostly working, does not support \"plain RDP\" mode, see [#15](https://github.com/nccgroup/scrying/issues/15)\n* ✔️ Customise size of captured images (web \u0026 RDP; VNC does not generally allow this)\n* Proxy support - SOCKS works for RDP. Web is currently broken pending [inclusion of the set_proxy command in webkit2gtk](https://github.com/gtk-rs/webkit2gtk-rs/issues/81) [#11](https://github.com/nccgroup/scrying/issues/11)\n* Video streams - tracking issue [#5](https://github.com/nccgroup/scrying/issues/5)\n* option for timestamps in filenames\n* Read targets from a msf services -o csv output\n* OCR on RDP usernames, either live or on a directory of images\n* NLA/auth to test credentials\n* Parse Dirble JSON output to grab screenshots of an entire website - waiting for [nccgroup/dirble#51](https://github.com/nccgroup/dirble/issues/51)\n* Full cross-platform support - tested on Linux and Windows; Mac support has been deprioritised pending good ideas for screenshotting the cocoa webview\n\n\n## Help text\n```\nUSAGE:\n scrying [OPTIONS] \u003c--file \u003cFILE\u003e|--nmap \u003cNMAP XML FILE\u003e|--nessus \u003cNESSUS XML FILE\u003e|--target \u003cTARGET\u003e\u003e\n\nOPTIONS:\n --disable-report Don't create a report.html [aliases: no-report]\n -f, --file \u003cFILE\u003e Targets file, one per line\n -h, --help Print help information\n -l, --log-file \u003cLOG FILE\u003e Save logs to the given file\n -m, --mode \u003cMODE\u003e Force targets to be parsed as `web`, `rdp`, `vnc` [default:\n auto] [possible values: web, rdp, vnc, auto]\n --nessus \u003cNESSUS XML FILE\u003e Nessus XML file\n --nmap \u003cNMAP XML FILE\u003e Nmap XML file\n -o, --output \u003cOUTPUT DIR\u003e Directory to save the captured images in [default: output]\n --proxy \u003cPROXY\u003e Default SOCKS5 proxy to use for connections e.g.\n socks5://[::1]:1080\n --rdp-domain \u003cRDP DOMAIN\u003e Domain name to provide to RDP servers that request one\n --rdp-pass \u003cRDP PASS\u003e Password to provide to RDP servers that request one\n --rdp-proxy \u003cRDP PROXY\u003e SOCKS5 proxy to use for RDP connections e.g.\n socks5://[::1]:1080\n --rdp-timeout \u003cRDP TIMEOUT\u003e Seconds to wait after last bitmap before saving an image\n [default: 2]\n --rdp-user \u003cRDP USER\u003e Username to provide to RDP servers that request one\n -s, --silent Suppress most log messages\n --size \u003cSIZE\u003e Set the size of captured images in pixels. Due to protocol\n limitations, sizes greater than 65535x65535 may get truncated\n in interesting ways. This argument has no effect on VNC\n screenshots. [default: 1280x1024]\n -t, --target \u003cTARGET\u003e Target, e.g. http://example.com, rdp://[2001:db8::4]\n --test-import Exit after importing targets\n --threads \u003cTHREADS\u003e Number of worker threads for each target type [default: 10]\n -v, --verbose Increase log verbosity\n -V, --version Print version information\n --vnc-auth \u003cVNC AUTH\u003e Password to provide to VNC servers that request one\n --web-mode \u003cWEB MODE\u003e Choose between headless Chrom{e,ium} or native webview (GTK\n on Linux, Edge WebView2 on Windows, Cocoa WebView on Mac\n [default: chrome] [possible values: chrome, native]\n --web-path \u003cWEB PATH\u003e Append a path to web requests. Provide multiple to request\n each path sequentially\n --web-proxy \u003cWEB PROXY\u003e HTTP/SOCKS Proxy to use for web requests e.g.\n http://[::1]:8080\n```\n\n## Sample HTML report\n![Sample report](images/scrying-report.png)\n","funding_links":[],"categories":["Recon","Rust (42)","Rust","Projects"],"sub_categories":["Screenshots"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnccgroup%2Fscrying","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnccgroup%2Fscrying","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnccgroup%2Fscrying/lists"}