___________ __________ _____ ________ ________ .____ ___________ \_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/ | __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_ | \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \ \___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ / \/ \/ \/ \/ \/ \/ \/

gowitness Cheatsheet

← Back to cheatsheets

← Home

Gowitness is a website screenshot utility written in Go. It uses Chrome Headless to generate screenshots, storing results in a SQLite database with an optional web UI for browsing.

Commands

  • gowitness single - Screenshot single URL
  • gowitness file - Screenshot URLs from file
  • gowitness nmap - Parse nmap XML for targets
  • gowitness scan - Scan and screenshot CIDR range
  • gowitness server - Start web report server
  • gowitness report - Generate report

Single URL

  • gowitness single https://example.com - Screenshot single URL
  • gowitness single -u https://example.com - Explicit URL flag

File Input

  • gowitness file -f urls.txt - Screenshot from file
  • gowitness file -f urls.txt -t 10 - With 10 threads

Global Options

  • -t, --threads - Concurrent threads (default 4)
  • -P, --screenshot-path - Screenshot save location
  • -D, --db-path - Database file path
  • -X, --resolution - Screenshot resolution (e.g., 1920x1080)
  • -F, --fullpage - Capture full page screenshot
  • --timeout - Page timeout in seconds
  • --delay - Delay before screenshot (seconds)
  • --user-agent - Custom User-Agent
  • --proxy - HTTP/SOCKS5 proxy
  • --chrome-path - Path to Chrome binary
  • --disable-db - Don't save to database

Scan Command

  • gowitness scan --cidr 192.168.1.0/24 - Scan CIDR range
  • --cidr - CIDR range to scan
  • --ports - Ports to check (comma separated)
  • --skip-https - Skip HTTPS checks
  • --skip-http - Skip HTTP checks

Nmap Integration

  • gowitness nmap -f scan.xml - Parse nmap XML
  • --open - Only use open ports
  • --service-contains - Filter by service name

Report Server

  • gowitness server - Start web server
  • --address - Listen address (default 127.0.0.1:7171)

Common Examples

Single Screenshot

gowitness single https://example.com

Screenshot single URL.

From URL List

gowitness file -f urls.txt -t 10

Screenshot URLs from file with 10 threads.

Full Page Screenshots

gowitness file -f urls.txt -F

Capture full page (scrolling).

Custom Resolution

gowitness file -f urls.txt -X 1920x1080

Set viewport resolution.

CIDR Scan

gowitness scan --cidr 192.168.1.0/24 --ports 80,443,8080

Scan network range for web servers.

From Nmap Results

gowitness nmap -f nmap_scan.xml --open

Screenshot from nmap results.

Start Report Server

gowitness server

Browse results at http://127.0.0.1:7171

With Delay

gowitness file -f urls.txt --delay 3

Wait 3 seconds before screenshot.

Through Proxy

gowitness file -f urls.txt --proxy http://127.0.0.1:8080

Route through Burp Suite.

Pipeline

subfinder -d example.com -silent | httpx -silent > urls.txt && gowitness file -f urls.txt

Full recon pipeline.

Database

Results stored in SQLite database (default: gowitness.sqlite3)

  • Contains URLs, response codes, titles, headers
  • Screenshots linked by URL hash
  • Queryable for reporting

Tips

  • Use --fullpage for complete page capture
  • Increase threads for large URL lists
  • Use the web server for easy browsing
  • Add delay for JavaScript-heavy sites
  • Combine with httpx to filter live hosts first
  • Database enables easy querying and reporting
  • Similar to aquatone but with SQLite backend
  • Requires Chrome/Chromium installed
  • Always get authorization before scanning

← Back to cheatsheets

← Home