Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/UserExistsError/webshooter

Inspired by gowitness and EyeWitness
https://github.com/UserExistsError/webshooter

http-scans web-screenshot

Last synced: about 1 month ago
JSON representation

Inspired by gowitness and EyeWitness

Awesome Lists containing this project

README 

        
# webshooter



Take screenshots of web sites and generate an HTML report. This tool waits a specified period to allow the page to render before taking the screenshot. Report sorts screenshots by page title and server header.



![Report](docs/screenshots/tiles-med.png)



## Installation



### pip



You can install with `pip` after cloning the repository:



```

pip install .

```



This will check for a nodejs install and install binaries from https://nodejs.org/ if needed. Nodejs and all dependencies will

be installed in the `site-packages` directory, and will be removed when you uninstall webshooter.



### Manual Install



Requires python3.9+, nodejs, and npm. Puppeteer is used for rendering pages and taking screenshots. Jinja2 is used for html and JavaScript templating.



Get the latest Node LTS from here https://nodejs.org/ and extract it. Add the bin directory (contains node and npm) to your PATH. Testing has been done

with Node 16.x.



Install remaining requirements:



```

npm install

pip3 install -r requirements.txt

```



`npm install` will create a `node_modules/` directory with its dependencies. Webshooter needs to be able to find this directory when it runs. You

can run webshooter in the same directory you ran `npm install` from (or a subdirectory), or you can specify `NODE_PATH=/path/to/node_modules` when running.



### Docker



Instead of manually installing dependencies, you can just build from the included Dockerfile with:



```

docker build -t webshooter .

```



Then run with:



```

docker run -it -p 127.0.0.1:8000:8000/tcp webshooter

```



After generating a report, you can access it outside the container with:



```

python -m http.server 8000

```



Browse to http://localhost:8000/page.0.html from your host to access the report.



## Usage



```

webshooter.py --session myscreens scan [-u URL_FILE] [-x NMAP_XML] [URL [... URL]]

```

This will grab screenshots of all supplied urls. The session file can be used to resume a scan and generate a report. This command can be run multiple times with new urls to add. Once a url is added, it will be remembered in the session file. A screenshot will be attempted once for each url. Failed screenshots can be reattempted with `--retry`.



You can also provide a file with 1 url per line and pass it in with `-u`. Positional arguments are also treated as urls. In addition to urls, you can specify HOST[:PORT]. If the port is not specified in the url, it is inferred from the scheme. If no scheme or port is given, http/80 and https/443 are both attempted.



An nmap xml file can also be used with `-x`. Open ports that are considered HTTP (80,8080) or HTTPS (443,8443) will be scanned. You can override these ports with `--ports-http` and `--ports-https`. `--all-open` will treat all open ports as http/s and overrides `--ports-http` and `--ports-https`. Note that `--ports-http[s]` only applies to nmap xml.



Recommended usage is to provide an nmap xml file generated like so:

```

nmap -p 80,443,8000,8080,8443,8888 -oX http.xml ...

```

Additional HTTP ports can be added.



## Report



```

webshooter.py --session myscreens report

```

The default report generates a tile view which doesn't require vertical scrolling. Use `--column` to get a less dense report with 1 screenshot per row. Screens per page can be set with the `-p` option. Navigate pages using the navigation bar or by using the left and right arrow keys. Screenshots are sorted by page title (or Server header if no title). The file `index.html` is generated with the report that links to the first instance of each unique page title.