# T1113 - Screen Capture
## [Description from ATT&CK](https://attack.mitre.org/wiki/Technique/T1113)
<blockquote>Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations.

### Mac

On OSX, the native command <code>screencapture</code> is used to capture screenshots.

### Linux

On Linux, there is the native command <code>xwd</code>. (Citation: Antiquated Mac Malware)</blockquote>

## Atomic Tests

- [Atomic Test #1 - Screencapture](#atomic-test-1---screencapture)

- [Atomic Test #2 - Screencapture (silent)](#atomic-test-2---screencapture-silent)

- [Atomic Test #3 - X Windows Capture](#atomic-test-3---x-windows-capture)

- [Atomic Test #4 - Import](#atomic-test-4---import)


<br/>

## Atomic Test #1 - Screencapture
Use screencapture command to collect a full desktop screenshot

**Supported Platforms:** macOS


#### Inputs
| Name | Description | Type | Default Value | 
|------|-------------|------|---------------|
| output_file | Output file path | Path | desktop.png|

#### Run it with `bash`! 
```
screencapture
```



<br/>
<br/>

## Atomic Test #2 - Screencapture (silent)
Use screencapture command to collect a full desktop screenshot

**Supported Platforms:** macOS


#### Inputs
| Name | Description | Type | Default Value | 
|------|-------------|------|---------------|
| output_file | Output file path | Path | desktop.png|

#### Run it with `bash`! 
```
screencapture -x
```



<br/>
<br/>

## Atomic Test #3 - X Windows Capture
Use xwd command to collect a full desktop screenshot and review file with xwud

**Supported Platforms:** Linux


#### Inputs
| Name | Description | Type | Default Value | 
|------|-------------|------|---------------|
| output_file | Output file path | Path | desktop.xwd|

#### Run it with `bash`! 
```
xwd -root -out #{output_file}
xwud -in #{output_file}
```



<br/>
<br/>

## Atomic Test #4 - Import
Use import command to collect a full desktop screenshot

**Supported Platforms:** Linux


#### Inputs
| Name | Description | Type | Default Value | 
|------|-------------|------|---------------|
| output_file | Output file path | Path | desktop.png|

#### Run it with `bash`! 
```
import -window root
```



<br/>