Shodan Favicon Module #948
Replies: 3 comments
-
|
That would be great if you can also add the hash to asset inventory file. https://github.com/pielco11/fav-up Thanks 🙏 |
Beta Was this translation helpful? Give feedback.
-
|
a tool to look at when considering implementing this: https://github.com/devanshbatham/FavFreak |
Beta Was this translation helpful? Give feedback.
-
|
Maybe useful: (got from orwagodfather talk. Using Shodan + Fofa https://github.com/phor3nsic/favicon_hash_shodan So, he searches the site on fofa first, select the similar favicons, get the hashes, and search those on shodan.
|
Beta Was this translation helpful? Give feedback.
-
@liquidsec a favicon module might be one of the pieces to building a good cloudflare bypass module. It would take in a favicon from a cloudflare-protected IP and find all the other IP addresses where the same app was deployed. Although we'd need another way to confirm whether any of them were actually the same asset.
As suggested by @amiremami
Beta Was this translation helpful? Give feedback.
All reactions