loading
loading
Discovery
Screenshot a list of websites for fast visual triage.
overview
webscreenshot renders web pages and saves an image of each, so you can eyeball a large attack surface instead of reading raw response data. Give it a single URL or a file of targets and it captures every one, which turns hundreds of live hosts into a contact sheet you can scan in minutes.
It drives several renderers, from the legacy PhantomJS to Chrome, Chromium, Edge, and Firefox, and exposes the controls a real browser needs: window size, image format and quality, proxies, custom headers, cookies, and HTTP Basic Auth. Parallel workers keep large lists moving, and a failed-URL file records the targets that never rendered.
On Trickest, webscreenshot is a Discovery node that takes a URL or an input file and writes a folder of images. Run it after probing so you only screenshot live hosts, then use the visual output to spot login panels, default pages, and interesting apps worth a closer look.
use cases
Screenshot every live host so an analyst can spot login portals, admin panels, and default pages at a glance instead of reading headers.
Point --input-file at a file of URLs and raise --workers to render hundreds of targets without waiting on one at a time.
Pass --cookie, a --header, or --http-username and --http-password so the capture shows the page as a logged-in user would see it.
Set --renderer to chrome or firefox over the legacy PhantomJS, and use --format and --quality to match how the output gets reviewed.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| url | STRING | · | Single URL target. |
| input-file | FILE | --input-file | File containing the target list, one URL per line. |
| renderer | STRING | --renderer | phantomjs, chrome, chromium, edgechromium, or firefox (default phantomjs). |
| format | STRING | --format | Output image format (pdf, png, jpg, jpeg, bmp, ppm). Default png. |
| window-size | STRING | --window-size | Width and height of the screen capture (default 1200,800). |
| workers | STRING | --workers | Number of parallel execution workers (default 4). |
| proxy | STRING | --proxy | Proxy to route captures through (e.g. http://proxy.company.com:8080). |
| cookie | STRING | --cookie | Cookie string to add to each request. |
Showing key inputs. webscreenshot exposes 28 inputs in total.
| Name | Type | Flag | Description |
|---|---|---|---|
| ssl | BOOLEAN | --ssl | Enforce SSL/TLS for every connection. |
| url | STRING | · | Single URL target. |
| crop | STRING | --crop | Rectangle t,l,w,h to crop the capture to (default WINDOW_SIZE '0,0,w,h'). Example: 10,20,w,h. |
| port | STRING | --port | Use the specified port for each target in the input list. |
| label | BOOLEAN | --label | For each screenshot, create another one displaying the target URL inside it (requires imagemagick). |
| proxy | STRING | --proxy | Specify a proxy. Example: http://proxy.company.com:8080. |
| cookie | STRING | --cookie | Cookie string to add. Example: JSESSIONID=1234; YOLO=SWAG. |
| format | STRING | --format | Output image file format (pdf, png, jpg, jpeg, bmp, ppm). Default png. |
| header | STRING | --header | Custom or additional header. Repeat for each header. Example: Host: localhost. |
| quality | STRING | --quality | Output image quality, an integer between 0 and 100 (default 75). |
| timeout | STRING | --timeout | Renderer execution timeout in seconds (default 30). |
| workers | STRING | --workers | Number of parallel execution workers (default 4). |
| renderer | STRING | --renderer | Renderer to use: phantomjs (legacy but best results), chrome, chromium, edgechromium, or firefox (version > 57). Default phantomjs. |
| custom-js | FILE | --custom-js | File containing JavaScript code to run before taking the screenshot (phantomjs only). |
| input-file | FILE | --input-file | File containing the target list, one URL per line. |
| label-size | STRING | --label-size | Font size for the label (default 60). |
| no-xserver | BOOLEAN | --no-xserver | Run without an X server (via xvfb-run). |
| proxy-auth | STRING | --proxy-auth | Authentication information for the proxy. Example: user:password. |
| proxy-type | STRING | --proxy-type | Proxy type: http (default), none (disable completely), or socks5. |
| window-size | STRING | --window-size | Width and height of the screen capture (default 1200,800). |
| http-password | STRING | --http-password | Password for HTTP Basic Authentication. |
| http-username | STRING | --http-username | Username for HTTP Basic Authentication. |
| multiprotocol | BOOLEAN | --multiprotocol | Perform screenshots over both HTTP and HTTPS for each target. |
| no-error-file | BOOLEAN | --no-error-file | Do not write a file listing the URLs of failed screenshots (default false). |
| label-bg-color | STRING | --label-bg-color | Label imagemagick background color (default NavajoWhite). |
| renderer-binary | FILE | --renderer-binary | Path to the renderer executable when it is not on the PATH. |
| verbosity-level | STRING | --verbosity | Verbosity level, repeat to increase (-v INFO, -vv DEBUG). Default ERROR. |
| ajax-max-timeouts | STRING | --ajax-max-timeouts | Per-AJAX-request and max-URL timeout in milliseconds (default 1400,1800). |
example
# screenshot a list of live hosts with Chrome, 8 parallel workerswebscreenshot --input-file live-hosts.txt --renderer chrome --workers 8 --format pngwebscreenshot.py version 2.97 [+] 6 URLs to be screenshot[INFO][http://example.com:80/] Screenshot OK[INFO][https://example.com:443/] Screenshot OK[INFO][http://198.51.100.20:8080/] Screenshot OK[INFO][http://203.0.113.45:80/] Screenshot OK[ERROR][http://198.51.100.37:80/] Screenshot somehow failed[+] 5 actual URLs screenshot[+] 1 error(s)guidance
Use webscreenshot to turn a list of live hosts into images for fast visual triage. It captures, it does not probe, so run httpx first to confirm liveness. For automated screenshotting plus an HTML report, gowitness or aquatone are alternatives.
Go-based screenshotter with a built-in report UI and database. Heavier, more turnkey reporting.
Screenshots plus clustering of similar pages into an HTML report for triage at scale.
Probes liveness and titles, and can capture screenshots inline, so one node both filters and shoots.
faq
related
Check whether a URL redirects to a masked 404 page.
Append lines to a file only if they are not already there.
Extract URLs and endpoints from Android APK files.
Visual inspection of websites across a large number of hosts.
Find suspicious files across a large set of AWS S3 buckets.
An automated tool that checks for backup artifacts that may disclose a web application's source code.
A host list is filtered to live hosts by httpx, then webscreenshot captures each one and writes the images as the workflow output.
Facts on this page come from the live Trickest tool library.