« Microsoft Patch Tuesday: RDP - Keep on Knockin' But You Can't Come In | Main | TrustKeeper Scan Engine Update »

14 June 2012

Comments

This segment talks about how to use custom Nmap NSE scripts to discover web services and take a screenshot of the resulting web page. Based on a script made available by Trustwave Spiderlabs..
Izrada web stranice

Recently a member from the Trustwave SpiderLabs team created an nmap NSE script that could be used to take a screenshot of webpages as it scanned the network. Working for a top 10 accounting firm, I conduct a lot of internal penetration tests for clients that operate on very large networks, and sometimes I’m required to audit entire counties. Having the ability to view all the webpages on the internal network without being required to manually type in each addresses into the browser sounded amazing. This was very exciting news now that there was a way to automate this process and have the ability to scale.
izrada web stranice

I had issues initially getting this NSE script to work because of a different OS and version of nmap.

I posted a tutorial including tweaks and optimizations I made to the code in order to make it run, and perform better:

http://www.pentestgeek.com/2012/07/11/using-nmap-to-screenshot-web-services-troubleshooting/

Love the post!

I made some modifications to the scripts posted here:

http://pauldotcom.com/wiki/index.php/Episode295#Tech_Segment:_Using_Nmap_To_Screenshot_Web_Services

Enjoy!

Cheers,
Paul

Which script are you trying to find that it's showing isn't there? You can get to the git rep by going to https://github.com/SpiderLabs/Nmap-Tools and then copying and pasting the github URL. If you are not able to get the binary, you can get it by going directly to http://wkhtmltopdf.googlecode.com and downloading it from the links on the left.

I've had a few people test it out, and show that it is working, however some sites it appears that wkhtmltoimage has problems with. It's not really a NSE script bug, but more a problem with the wkhtmltoimage binary as it's erroring out. I'll do some more testing and see if I can find a workaround.

Thanks for the feedback.

Looks like the script source link is dead, any alternative sites? Very nice work on the script, if it works as advertised would be extremely cool.

Has anyone other than the author tried this tutorial?

another simple tweak on top of preview page would be to add clickable links to respective url's.

The instructions only worked with the BackTrack maintained nmap. I had nmap installed from source and it failed for me. That's okay, because I just went back to maintained version.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment