Subscribe to the CyberThreatPOV Podcast

Introducing PenDoc: Stop Manually Screenshotting 500 Web Apps

by: BradPosted on:

PenDoc Banner

Because manually screenshotting 500 web apps is NOT how you want to spend your Friday.

The Problem Every Penetration Tester Faces

We’ve all been there. You’ve just finished a comprehensive reconnaissance phase and discovered 300+ subdomains. Your port scan revealed dozens of web services. Burp Suite’s sitemap is overflowing with endpoints. Now comes the tedious part: documenting everything with screenshots for your report.

Eight hours later, you’re still manually capturing screenshots, organizing files, and hating your life. There has to be a better way.

Enter PenDoc: Your Automated Documentation Sidekick

PenDoc is a fully automated penetration testing documentation tool that captures screenshots and metadata from web applications. Point it at your targets, grab coffee (or three), and come back to organized screenshots and a beautiful HTML report.

GitHub: https://github.com/kamakauzy/PenDoc

What Makes PenDoc Special

Multiple Input Sources

PenDoc speaks every recon tool’s language:

  • Burp Suite sitemap exports – Export from Burp and feed directly to PenDoc
  • Nmap XML scans – Automatically identifies web services from port scans
  • Subdomain enumeration results – Works with subfinder, amass, sublist3r outputs
  • Simple URL lists – Plain text files, one URL per line
  • Mix and match – Combine all inputs in a single run

Blazing Fast Concurrent Processing

PenDoc uses Playwright with concurrent processing to capture multiple screenshots simultaneously. With 5 parallel workers (configurable), you can process hundreds of targets in minutes instead of hours.

Automatic Metadata Enrichment

Beyond screenshots, PenDoc captures:

  • HTTP status codes and response headers
  • Technology detection (web servers, frameworks, CDN/WAF)
  • SSL/TLS certificate analysis and expiration checking
  • Security headers (CSP, HSTS, X-Frame-Options)
  • Page titles and response timing

Beautiful HTML Reports

The generated report features:

  • Modern, responsive design with dark mode (because pen testers don’t use light mode)
  • Searchable and filterable interface
  • Click-to-zoom screenshots
  • Organized by domain
  • Statistics dashboard with success rates and technology breakdown
  • JSON export for automation

Quick Start

# Clone and install
git clone https://github.com/kamakauzy/PenDoc.git
cd PenDoc
pip install -r requirements.txt
playwright install chromium

# Run with any input source
python pendoc.py --urls targets.txt --output results/
python pendoc.py --burp sitemap.xml --output results/
python pendoc.py --nmap scan.xml --output results/
python pendoc.py --subdomains subdomains.txt --output results/

# Or combine everything
python pendoc.py \
  --urls urls.txt \
  --burp burp_sitemap.xml \
  --subdomains subs.txt \
  --nmap scan.xml \
  --output client_engagement/

Real-World Use Cases

Reconnaissance Documentation

After subdomain enumeration, use PenDoc to automatically screenshot and categorize all discovered subdomains. Create a visual inventory of your target’s infrastructure without manual effort.

Penetration Test Reports

Generate visual evidence for your findings. Capture before/after exploitation screenshots. Include proof-of-access documentation that makes your reports more compelling and professional.

Scope Verification

Quickly verify which targets are accessible, identify out-of-scope resources, and document testing boundaries. Screenshot everything to confirm you’re testing the right applications.

Workflow Integration

# Subdomain enumeration → PenDoc
subfinder -d example.com -o subdomains.txt
python pendoc.py --subdomains subdomains.txt --output recon/

# Port scanning → PenDoc  
nmap -iL targets.txt -p- -sV -oX scan.xml
python pendoc.py --nmap scan.xml --output portscan/

# Burp Suite testing → PenDoc
# (Export sitemap from Burp)
python pendoc.py --burp sitemap.xml --output manual_test/

Performance That Doesn’t Suck

  • Speed: ~5-10 targets per minute (depends on target response times)
  • Concurrency: 5 parallel workers by default (configurable up to 20+)
  • Memory: ~500MB-2GB (scales with concurrency)
  • Smart filtering: Automatically excludes static resources (.js, .css, images)

Highly Configurable

Everything is configurable via YAML:

  • Screenshot viewport sizes (desktop, tablet, mobile)
  • Concurrent workers for performance tuning
  • HTTP timeouts and retry logic
  • Technology detection patterns
  • Report appearance and grouping
  • SSL verification settings
  • Custom HTTP headers and user agents

Integration with Your Platform

PenDoc was designed to integrate with existing security platforms. Here’s an example integration:

from database import db_util

# Export web hosts from your platform
hosts = db_util.get_web_hosts(client_id='ABC123')

# Create input for PenDoc
with open('urls.txt', 'w') as f:
    for host in hosts:
        f.write(f"{host['url']}\n")

# Run PenDoc
import subprocess
subprocess.run([
    'python', 'pendoc.py',
    '--urls', 'urls.txt',
    '--output', f'output/{client_id}_screenshots'
])

Why We Built This

During penetration testing engagements, documentation is critical but time-consuming. Manual screenshot capture is:

  • Tediously slow (8+ hours for large scopes)
  • Error-prone and inconsistent
  • Boring as hell
  • Takes time away from actual testing

PenDoc automates the busywork so you can focus on finding vulnerabilities and writing quality reports. Your clients get better documentation, and you get your Friday back.

Technical Details

Technology Stack:

  • Python 3.10+ for modern async capabilities
  • Playwright (Chromium) for reliable browser automation
  • Jinja2 for flexible HTML templating
  • YAML-based configuration
  • asyncio for high-performance concurrent processing

Requirements:

  • Python 3.10 or higher
  • Playwright with Chromium browser
  • 2GB RAM minimum (more for higher concurrency)
  • Network access to targets (obviously)

Security Considerations

  • No credential storage
  • Local execution only (nothing phones home)
  • Sanitized file paths (no directory traversal)
  • SSL verification configurable (disabled by default for pen testing)
  • No remote code execution
  • Safe for production use in pen testing contexts

Future Enhancements

We’re considering adding:

  • Authentication support (credentials, cookies, API tokens)
  • JavaScript interaction (click buttons, fill forms)
  • Comparison mode (diff screenshots over time)
  • Advanced response body analysis
  • PDF report generation
  • Masscan support for high-speed network scanning

Get Started Today

PenDoc is available now on GitHub with complete documentation, example files, and a test suite:

🔗 GitHub: https://github.com/kamakauzy/PenDoc

# Quick start
git clone https://github.com/kamakauzy/PenDoc.git
cd PenDoc
pip install -r requirements.txt
playwright install chromium
python test_pendoc.py

# Run with examples
python pendoc.py --urls examples/urls.txt --output test_output

Contributing

Found a bug? Want a feature? Have a better ASCII art header? We welcome:

  • Bug reports and issues
  • Feature requests
  • Pull requests
  • Integration examples

License

PenDoc is released for internal penetration testing use. See the repository for full details.

Stop manually screenshotting. Start actually testing. Try PenDoc today.

Tags: penetration testing, security tools, automation, documentation, web application security, screenshot automation, burp suite, nmap, python, playwright