When on an assessment that involves a very large number of IP addresses it can often be hard to determine which hosts to go after. As a web hacker at heart I’m often primarily interested in the web services running on the target network. Default credentials on web administration panels are basically guaranteed given enough IPs, but how can I quickly identify which web service are interesting?

One tool I’ve used is EyeWitness, which will use a headless instance of Ghost.py to take screenshots of web services. This is nice because there’s no browser involved but I’ve had lots of problems with it. For one, you can’t see things like Flash or Java because Ghost.py doesn’t support it. It also has the bad habit of segfaulting in the middle of a scan which is very frustrating when you’ve left it overnight. While I’m certainly not bashing the tool (many of the bugs are probably the fault of Ghost.py anyways), I felt that a better solution could be created by using a full browser controlled by a custom extension.

After reading the Chrome extension API and lots of Stackoverflow posts I created wmap.

wmap

wmap is a Chrome extension written mostly in JavaScript which uses the Chrome browser to generate HTML screenshot reports of web services. To use it, just enter in a scan name and give it a list of URL(s) and/or an Nmap scan XML and click “Start Scan”. You can also adjust how long the script should wait for pages to load via the “Timeout” field and how long to wait before taking a screenshot after the page loads with “Screenshot Delay”. With built-in Nmap support the tool can automatically use the enumerated hostnames in the URI(s). Finally, the tool also has support for fullscreen screenshots if larger screenshots are needed.

The tool generates reports similar to the following image:

2014-12-27_17-49-47

In addition to screenshots, the report also contains the URI, title, non-HTTPOnly cookies, and HTML of the resulting pages.

Click Here for a Sample Report

Available for install at the Chrome store, check it out:
https://chrome.google.com/webstore/detail/wmap/pflahkdjlekaeehbenhpkpipgkbbdbbo

If you find any bugs or have feature ideas, please let me know!