Tag Archives: nmap

http-screenshot-html updated


Posted on December 16, 2012 by

I’ve updated the http-screenshot-html script.  You can download it at the Google Code page.  The primary changes are:

  • Compatibility with Lua 5.2 as used in NMAP 6.25
  • Added the “imgquality” script argument to modify the image output quality of wkhtmltoimage.

See the script’s Manual for full details on using the script.

Also, it appears that there is a bug in Lua 5.2. If you use backslashes while calling a script, Lua will throw an error about an Invalid Escape Sequence.  So make sure you use forward slashes when calling scripts or using script args in NMAP 6.25.  This should be fixed in a future release of NMAP.

Improving http-screenshot.nse


Posted on July 19, 2012 by

Latest version of the script is here:


About a month ago, the folks at SpiderLabs created an NMAP NSE script to grab a screenshot of any scanned hosts that were running web services.  (Read about it here).  The guys over at Pauldotcom were talking about the script and how it would be cool if it could output the results with links and full header information.  I decided this would be a good opportunity for me to learn some Lua and do some cool things with NMAP. (more…)

What War Games teaches us about security (Part 1)


Posted on July 4, 2012 by

I recently re-watched War Games, the 1983 movie staring Matthew Broderick and Ally Sheedy. If you haven’t seen it, stop. Go watch it. We’ll play a game of chess while we wait for you.

One of the great things about War Games is that it shows a fairly realistic depiction of a hack. At the beginning of the movie, we see David Lightman use a Wardialer to find phone numbers connected to modems. It turns out NORAD had left a phone line exposed to the outside and that allowed David Lightman to access the WOPR. Later on in the movie, one of the Sys Admins at NORAD said, “The phone company screwed up! They exposed a phone line.” This leads us to our first lesson. (more…)