One common situation when conducting a penetration test in web servers and especially in non production systems is the fact that you can discover many services that are not even running a web application.In order to address this problem and to look only the specific services that are running applications Trustwave SpiderLabs have created a Nmap script which allows you to take a screenshot of the running web services.

This script depends on the wkhtmltoimage tool in order to work efficiency.So the first step is to download it,extract it and copy it on the /usr/local/bin folder.In order to achieve that we need to execute the following command from our terminal.

wget http://wkhtmltopdf.googlecode.com/files/wkhtmltoimage-0.11.0_rc1-static-i386.tar.bz2
tar -jxvf wkhtmltoimage-0.11.0_rc1-static-i386.tar.bz2
cp wkhtmltoimage-i386 /usr/local/bin/

Now it is time to download the http-screenshot script and place it on the following path where all the nmap scripts are located.

/usr/local/share/nmap/scripts/

This script will call for the wkhtmltoimage executable in order to take the screenshot.So it is basically integrates this tool inside the nmap.

http-screenshot script – code

 

Now its time to run the command nmap –script-updatedb in order to update our nmap script engine with the new script.

If we want to test this script all we have to do is to call the script in our nmap scans.For example:

http-screenshot script in use

 

As you can see from the example it saves the image with the IP of the host and with the port that the service is running.Lets see the saved screenshot:

Screenshot of a web application from Nmap

 

Conclusion

Nmap has a very powerful script engine that allows you to discover additional information regarding the hosts that you are scanning.Basically this script uses the tool wkhtmltoimage in order to perform the job but from the script engine of nmap making the scans of web services more effective.With this script that Trustwave SpiderLabs have created,you can have an idea of which services are worth looking for your penetration test from the moment of your scan reducing the time that you have to spend by examining every web service separately.