This project is no longer supported. I have decided to discontinue development due to the success of EyeWitness. I figure if I'm abandoning my own tool to use something else, I should probably recommend others do it as well. Enjoy! Thank you.


  1. Install the pre-requisites.

    • cURL
    • PhantomJS:
      • Download or compile PhantomJS v2.X and place the binary in the same directory as the PeepingTom source files.
      • Make sure the binary is named "phantomjs".
  2. Run the script.

    • python ./ -h


  • Input is limited only to what PhantomJS allows. PhantomJS will take any string as input for the location of a resource. If a protocol is not given, PhantomJS assumes the string is a file path on the local operating system. Ports apply as normal.



  • discontinued development and dropped support for the project.


  • migrated capture.js to phantomjs v2.0.
  • optimized capture.js to account for several phantomjs error conditions.
  • added some code for debugging capture.js in standalone conditions.


  • added the ability to specify an output folder.


  • migrated from optparse to argparse.


  • fixed the indefinite timeout bug in the cURL command.


  • added the ability to store and view the source code of each target.
  • changed the cURL command to avoid using HEAD requests.


  • added the ability to import Nmap files.
  • changed the "-n" argument to "-x" for XML input mode.


  • removed PyQt4 support.
  • completely reorganized and optimized the codebase.
  • passed input requirements to PhantomJS. Input is now limited only to what PhantomJS allows (see Notes).
  • added the ability to import Nessus files.
  • added the ability to screenshot local files.
  • added full header infromation for all redirects and the final destination.
  • added clickable images for full size viewing.
  • added dynamic resizing of the html report.
  • added an option for setting the socket timeout.
  • modified reporting to group and sort results based on hash values of screenshot images.


  • cleaned up the code for release.


  • no longer freezes on redirects to 401 authentication.
  • stores each run in a unique directory.
  • shows headers for final destination rather than redirect.
  • denotes redirect next to the status header.