description = [[ Attempt to take a snapshot of the remote host if it runs a web server. Based on the original SpiderLabs http-screenshot.nse, and screenshot.js from IVRE by Pierre LALET with fixes included. ]] author = "Jerold H. --" license = "Same as nmap --" categories = {"discovery", "safe"} local http = require 'http' local stdnse = require 'stdnse' portrule = function(host,port) local svc = { std = { ["http"] = 1, ["http-alt"] = 1 }, ssl = { ["https"] = 1, ["https-alt"] = 1 } } -- If != TCP port, do not run. if port.protocol ~= 'tcp' or not ( svc.std[port.service] or svc.ssl[port.service] ) then stdnse.print_debug( 1, "Not an acceptable TCP port (http, http-alt, https, or https-alt.)" ) return false end -- If != SSL, do not run. if (svc.ssl[port.service] or port.version.service_tunnel == 'ssl') and not nmap.have_ssl() then stdnse.print_debug( 1, "No SSL support." ) return false end return true end action = function(host, port) local svc = { std = { ["http"] = 1, ["http-alt"] = 1 }, ssl = { ["https"] = 1, ["https-alt"] = 1 } } -- Default URLs will start with http:// local protocol = "http://" -- If SSL is set on the port, switch the protocol. if (svc.ssl[port.service] or port.version.service_tunnel == 'ssl') then protocol = "https://" end -- Snapshots will be named snap-:.png local output = host.ip .. ":" .. port.number .. "-pjs.png" -- Execute the command using screenshot.js via PhamtomJS local cmd = "screenshot.js " .. protocol .. host.ip .. ":" .. port.number .. " " .. output .. "" local ret = os.execute(cmd) local result = "Completed with errors" if ret then result = "Snapshot saved to " .. output end -- Return the output message return stdnse.format_output(true, result) end