Self-Hosted Web Screenshot & Recon Tools: Gowitness vs EyeWitness vs httpx (2026 Guide)

When managing large attack surfaces or monitoring web infrastructure, taking screenshots of hundreds of URLs automatically is essential. Self-hosted web screenshot tools let you capture, catalog, and analyze web pages at scale without sending sensitive data to third-party services. In this guide, we compare three leading open-source tools: Gowitness, EyeWitness, and httpx — each offering different approaches to automated web reconnaissance and visual monitoring.

Overview Comparison

Gowitness

Gowitness is a Go-based web screenshot utility built by SensePost. It uses Chrome Headless to render pages and generates comprehensive HTML reports with screenshots, technology fingerprints, and page metadata.

Key Features

• Concurrent URL processing with configurable thread pools
• Automatic technology detection (CMS, frameworks, web servers)
• SQLite database backend for persistent storage
• Built-in web UI for browsing captured screenshots
• REST API for integration with other tools

Docker Compose Deployment

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

version: "3.8"
services:
  gowitness:
    image: ghcr.io/sensepost/gowitness:latest
    container_name: gowitness
    volumes:
      - ./screenshots:/app/screenshots
      - ./gowitness.sqlite:/app/gowitness.sqlite
    command:
      - file
      - -f
      - /app/targets.txt
      - -s
      - /app/screenshots
      - --db
      - /app/gowitness.sqlite
      - --threads
      - "20"
    shm_size: "2gb"
    restart: unless-stopped

  gowitness-web:
    image: ghcr.io/sensepost/gowitness:latest
    container_name: gowitness-web
    ports:
      - "7125:7125"
    volumes:
      - ./gowitness.sqlite:/app/gowitness.sqlite
    command:
      - report
      - server
      - --address
      - "0.0.0.0:7125"
      - --db
      - /app/gowitness.sqlite
    restart: unless-stopped

Quick Install

1
2
3
4
5

# Go install
go install github.com/sensepost/gowitness/v3@latest

# Scan URLs from file
gowitness file -f urls.txt -s ./screenshots --threads 20

EyeWitness

EyeWitness by Red Siege Security is a Python-based tool designed for rapid visual assessment of web services. It supports both Chrome and Firefox headless rendering and is widely used in penetration testing and infrastructure audits.

Key Features

• Supports both Chrome and Firefox headless browsers
• Credential support for authenticated screenshot capture
• Protocol detection (HTTP, HTTPS, RDP, VNC)
• Categorization of captured pages (login forms, default pages)
• Offline HTML report generation

Docker Compose Deployment

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

version: "3.8"
services:
  eyewitness:
    image: cowpatty/eyewitness:latest
    container_name: eyewitness
    volumes:
      - ./reports:/opt/EyeWitness/Reports
      - ./targets.txt:/opt/EyeWitness/targets.txt
    command:
      - -f
      - /opt/EyeWitness/targets.txt
      - --web
      - --all-protocols
      - --threads
      - "10"
      - --timeout
      - "30"
    shm_size: "2gb"
    restart: "no"

Quick Install

1
2
3
4
5

git clone https://github.com/RedSiege/EyeWitness.git
cd EyeWitness/Python/setup
./setup.sh
cd ../
python3 EyeWitness.py -f targets.txt --web --threads 10 --timeout 30

httpx

httpx is a fast, multi-purpose HTTP toolkit from ProjectDiscovery. While primarily an HTTP probing tool, it includes powerful screenshot capabilities alongside technology detection, status code checking, and content-length reporting.

Key Features

• Extremely fast concurrent HTTP probing (thousands of URLs per minute)
• Built-in screenshot module with Chrome Headless
• Technology detection using Wappalyzer fingerprints
• Response header and body extraction
• JSON output for easy parsing and integration
• CDN and WAF detection

Docker Compose Deployment

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

version: "3.8"
services:
  httpx:
    image: projectdiscovery/httpx:latest
    container_name: httpx
    volumes:
      - ./output:/root/output
      - ./targets.txt:/root/targets.txt
    command:
      - -l
      - /root/targets.txt
      - -screenshot
      - -screenshot-dir
      - /root/output/screenshots
      - -json
      - -o
      - /root/output/results.json
      - -threads
      - "50"
    shm_size: "2gb"
    restart: "no"

Quick Install

1
2

go install github.com/projectdiscovery/httpx/cmd/httpx@latest
cat targets.txt | httpx -screenshot -screenshot-dir ./screenshots -json -o results.json

Why Self-Host Your Web Screenshot Infrastructure?

Running web reconnaissance tools on your own infrastructure offers several critical advantages over cloud-based screenshot services.

Data Privacy and Confidentiality: When scanning internal networks, staging environments, or sensitive web applications, you never want URLs and page contents leaving your network. Self-hosted tools ensure all screenshots, metadata, and fingerprints stay within your controlled environment.

Unlimited Scanning Volume: Cloud screenshot APIs typically charge per request and impose rate limits. With self-hosted tools, you can scan thousands or millions of URLs without worrying about per-request costs or hitting API rate limits.

Custom Integration: Self-hosted tools can be integrated directly into your existing security pipeline — SIEM systems, vulnerability scanners, ticketing platforms, and alerting frameworks. For organizations running comprehensive vulnerability management programs, having screenshot data in your own database enables powerful correlation capabilities.

Offline Capability: Reconnaissance operations often need to run in air-gapped or restricted network environments. Self-hosted tools with Docker deployment work without internet connectivity after initial image download.

Performance Comparison

We tested all three tools against a dataset of 500 URLs on identical hardware (4-core CPU, 8GB RAM):

Choosing the Right Tool

• Choose Gowitness if you want a polished, self-contained solution with a built-in web UI and SQLite backend.
• Choose EyeWitness if you need multi-protocol support (RDP, VNC) or authenticated screenshot capture.
• Choose httpx if speed is your priority and you are already using ProjectDiscovery tools in your security pipeline.

FAQ

What is the difference between Gowitness and EyeWitness?

Gowitness is written in Go and uses Chrome Headless, offering faster scanning and a built-in web UI. EyeWitness is written in Python and supports multiple browser engines plus non-HTTP protocols like RDP and VNC.

Can these tools scan internal or private IP addresses?

Yes. All three tools can scan any URL you provide, including internal IPs and private network ranges. This is one of the main advantages of self-hosted scanning over cloud-based services.

Do I need a headless browser installed separately?

No. All three tools bundle or containerize the browser engine. When using Docker, the Chrome headless binary is included in the container image.

How many concurrent threads should I use?

Start with 10-20 threads and increase based on system resources. Each thread launches a headless browser instance consuming significant memory. With 8GB RAM, 20 threads is a safe maximum. For httpx, you can safely use 50+ threads.

Can I schedule automated scans?

Yes. All three tools can be triggered by cron jobs or CI/CD pipelines. Combine them with a URL discovery tool to create a fully automated reconnaissance pipeline. For broader infrastructure visibility, integrate with network monitoring solutions for comprehensive coverage.

Are screenshots stored permanently?

By default, screenshots are saved to a local directory. Gowitness also stores them in SQLite. You should implement a retention policy and rotate old screenshots to manage disk space.