2023-04-25
Genre: Reports
OWASP is a non-profit open-source foundation focused on application security. They have local and global chapters around the world aimed at improving community security. We also have a local chapter called OWASP Kathmandu, which organizes events to spread awareness within Nepal. I had the privilege to speak at OWASP Kathmandu 0x03, where I presented my tool, Halyxon.
If you do not know what haylxon is, simple, it's a tool to take screenshots of webpages from terminal using chrome's headless feature written in Rust!
You can simply take a screenshot of a webpage as below!
hxn -b <path/to/chrome/bin> -u https://example.com
But wait, you could do that by just opening a browser and pressing some holy keys?
I mean yeah? but what would you do when you have hundreds
of urls, sub(domains) to take?
There were already tools like Eyewitness and Gowitness, which I had used, but they either felt slow or lacked my personal touch. Since I wanted to learn Rust, it was the perfect time to start a new project, especially since I already had a basic knowledge of Rust.
Haylxon comes with a lot of options now, reading urls from stdin
, defining ports
, running arbitary javascript
and a lot more.
You can pass a file containing a list of urls, and define height, width and even a delayed screenshot is possible.
One of the most interesting usages of this tools is that, you can run it on github
actions to take screenshot of your subdomain, zip that out upload to 0x0.st or your own instance.
After the talk, I was gifted some cute swag and a letter of appreciation. I want to thank OWASP for that <3.
I make and break softwares professionally