by One common situation when conducting a penetration test in web servers and especially in non production systems is the fact that you can discover many services that are not even running a web application.In order to address this problem and to look only the specific services that are running applications Trustwave SpiderLabs have created a Nmap script which allows you to take a screenshot of the running web services.
This script depends on the wkhtmltoimage tool in order to work efficiency.So the first step is to download it,extract it and copy it on the /usr/local/bin folder.In order to achieve that we need to execute the following command from our terminal.
wget http://wkhtmltopdf.googlecode.com/files/wkhtmltoimage-0.11.0_rc1-static-i386.tar.bz2
tar -jxvf wkhtmltoimage-0.11.0_rc1-static-i386.tar.bz2
cp wkhtmltoimage-i386 /usr/local/bin/
Now it is time to download the http-screenshot script and place it on the following path where all the nmap scripts are located.
/usr/local/share/nmap/scripts/
This script will call for the wkhtmltoimage executable in order to take the screenshot.So it is basically integrates this tool inside the nmap.
Now its time to run the command nmap –script-updatedb in order to update our nmap script engine with the new script.
If we want to test this script all we have to do is to call the script in our nmap scans.For example:
As you can see from the example it saves the image with the IP of the host and with the port that the service is running.Lets see the saved screenshot:
Conclusion
Nmap has a very powerful script engine that allows you to discover additional information regarding the hosts that you are scanning.Basically this script uses the tool wkhtmltoimage in order to perform the job but from the script engine of nmap making the scans of web services more effective.With this script that Trustwave SpiderLabs have created,you can have an idea of which services are worth looking for your penetration test from the moment of your scan reducing the time that you have to spend by examining every web service separately.
Penetration Testing Lab 
Very cool stuff
There is also a amd64 version of the wkhtmltoimage. If you download it, then you simply need to replace the i386 version in the script:
wget https://wkhtmltopdf.googlecode.com/files/wkhtmltoimage-0.11.0_rc1-static-amd64.tar.bz2
tar xjvf wkhtmltoimage-0.11.0_rc1-static-amd64.tar.bz2
sudo cp wkhtmltoimage-amd64 /usr/local/bin/
cd /usr/local/share/nmap/scripts
sudo sed -i ‘s/wkhtmltoimage-i386/wkhtmltoimage-amd64/g’ http-screenshot.nse
I had issues initially getting this NSE script to work because of a different OS and version of nmap.
I posted a tutorial including tweaks and optimizations I made to the code in order to make it run, and perform better:
http://www.pentestgeek.com/2012/07/11/using-nmap-to-screenshot-web-services-troubleshooting/
@Brandon
I had read your article a couple of weeks ago.Nice work!