PeepingTom /

Filename Size Date modified Message
11 B
Migrated capture.js to phantomjs v2.0.
34.3 KB
Added an open source license.
2.0 KB
Updated the README file.
2.0 KB
Migrated capture.js to phantomjs v2.0.
9.5 KB
Migrated capture.js to phantomjs v2.0.


  1. Install the pre-requisites.

    • cURL
    • PhantomJS:
      • Download or compile PhantomJS v2.X and place the binary in the same directory as the PeepingTom source files.
      • Make sure the binary is named "phantomjs".
  2. Run the script.

    • python ./ -h


  • Input is limited only to what PhantomJS allows. PhantomJS will take any string as input for the location of a resource. If a protocol is not given, PhantomJS assumes the string is a file path on the local operating system. Ports apply as normal.



  • migrated capture.js to phantomjs v2.0.
  • optimized capture.js to account for several phantomjs error conditions.
  • added some code for debugging capture.js in standalone conditions.


  • added the ability to specify an output folder.


  • migrated from optparse to argparse.


  • fixed the indefinite timeout bug in the cURL command.


  • added the ability to store and view the source code of each target.
  • changed the cURL command to avoid using HEAD requests.


  • added the ability to import Nmap files.
  • changed the "-n" argument to "-x" for XML input mode.


  • removed PyQt4 support.
  • completely reorganized and optimized the codebase.
  • passed input requirements to PhantomJS. Input is now limited only to what PhantomJS allows (see Notes).
  • added the ability to import Nessus files.
  • added the ability to screenshot local files.
  • added full header infromation for all redirects and the final destination.
  • added clickable images for full size viewing.
  • added dynamic resizing of the html report.
  • added an option for setting the socket timeout.
  • modified reporting to group and sort results based on hash values of screenshot images.


  • cleaned up the code for release.


  • no longer freezes on redirects to 401 authentication.
  • stores each run in a unique directory.
  • shows headers for final destination rather than redirect.
  • denotes redirect next to the status header.