PaulDotCom on Using Nmap to Screenshot Web Services

[Fyodor <fyodor () insecure org>]

Hi Folks.  About a month ago, Trustwave SpiderLabs wrote an
interesting Nmap NSE script for taking screenshots of web servers
discovered by Nmap:

http://blog.spiderlabs.com/2012/06/using-nmap-to-screenshot-web-services.html

It is by Ryan Linn, who has done a lot of great Nmap and Metasploit
work in the past.  Now Paul Asadoorian has put out a great PaulDotCom
podcast further improving and describing the script:

http://pauldotcom.com/wiki/index.php/Episode295

The NSE team discussed this back when it originally came out and we
tentatively decided not to put the script into Nmap proper.  The main
problem is the dependency on the obscure wkhtmltoimage program.  The
thought is that if someone is going to have to go to the trouble of
installing this obscure 3rd party program, it isn't much harder to
self-install the NSE script too.  But we could consider rethinking
that if people think the script is useful enough.  We would also need
ot rewrite it since the script isn't under an Nmap-compatible license,
but it's a trivial script anyway.  It's only about a dozen lines of
code since wkhtmltoimage does almost all of the work.

Anyway, it is nice to see Nmap NSE getting more attention from great
folks like Ryan and Paul, and we've added a link to the script from
the NSE Script Vault:

https://secwiki.org/w/Nmap/Script_Vault

Cheers,
Fyodor



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/