Back to Blog
Webcap: A Next-Gen Web Screenshot Tool for Pentesting & Automation

Webcap: A Next-Gen Web Screenshot Tool for Pentesting & Automation

CyborgCyborg

We’re thrilled to introduce Webcap, an ultra-lightweight web screenshot utility engineered for pentesters, bug bounty hunters, and automation enthusiasts. Designed to replace legacy tools like Gowitness, Webcap combines simplicity with advanced capabilities, making it a versatile addition to your toolkit—whether you’re scripting in bash, Python, or integrating it into workflows like BBOT.

Why Webcap?

Webcap strips away the bloat of traditional screenshot tools. By interfacing directly with Chrome Devtools API, it bypasses bulky frameworks like Selenium or Playwright, offering a streamlined, dependency-free experience. But don’t let its simplicity fool you—Webcap packs powerful features tailored for both efficiency and deep analysis.

Standout Features

1. Perception Grouping in Web Interface

Tired of sifting through duplicate screenshots? Webcap’s web UI groups visually similar pages using perception hashing, letting you breeze through results. This AI-driven filter identifies near-identical renders (e.g., login redirects or error pages), saving hours of manual review.

2. JSON Output for Automation

Extract structured data effortlessly. Webcap’s terminal output includes:

  • Fully rendered DOM
  • JavaScript files parsed by the browser
  • Every request/response (AJAX calls, iframes, scripts, etc.)
  • OCR-extracted text from images (via --ocr flag)

3. Browser Session Forensics

Go beyond screenshots:

  • Capture all JavaScript executed during page load (--javascript).
  • Log every HTTP request/response pair (--requests --responses).
  • Extract rasterized text from images using OCR.

4. Lightweight & Script-Friendly

At just 3MB, Webcap installs in seconds and runs anywhere. Pipe JSON outputs to tools like jq for real-time analysis or integrate it into CI/CD pipelines.

Upcoming Features

  • Technology Detection: Automatically fingerprint frameworks (React, WordPress, etc.).
  • Custom JavaScript Injection: Modify pages pre-screenshot for dynamic interactions.

Get Started in 10 Seconds

sh
1pipx install webcap

Example Workflows

Capture Screenshots & DOM:

sh
1webcap scan urls.txt -o ./results --dom

Extract Requests/Responses:

sh
1webcap scan urls.txt --json --requests --responses | jq

Launch Web UI:

sh
1webcap server  # Browse to http://localhost:8000

Conclusion

Webcap isn’t just another screenshot tool—it’s a Swiss Army knife for web reconnaissance. Whether you’re cataloging attack surfaces, hunting for hidden endpoints, or automating asset monitoring, Webcap delivers precision without the overhead.

Stay tuned for its integration into BBOT and upcoming feature drops!

Got feedback?

Happy hunting! 🕵️♂️

Recon