Lookups for real IP starting from the favicon icon and using Shodan.
pip3 install -r requirements.txt
- Shodan API key (not the free one)
First define how you pass the API key:
-k
or--key
to pass the key to the stdin-kf
or--key-file
to pass the filename which get the key from-sc
or--shodan-cli
to get the key from Shodan CLI (if you initialized it)
As of now, this tool can be used in three different ways:
-ff
or--favicon-file
: you store locally a favicon icon which you want to lookup-fu
or--favicon-url
: you don't store locally the favicon icon, but you know the exact url where it resides-w
or--web
: you don't know the URL of the favicon icon, but you still know that's there
python3 favUp.py --favicon-file favicon.ico -sc
python3 favUp.py --favicon-url https://domain.behind.cloudflare/assets/favicon.ico -sc
python3 favUp.py --web domain.behind.cloudflare -sc
from favUp import FavUp
f = FavUp()
f.shodanCLI = True
f.web = "domain.behind.cloudflare"
# if you want to print to stdout
f.show = True
f.run()
# returns the list of the IPs found on Shodan
f.realIPs
# returns the hash of the favicon
f.favhash
Variable | Type |
---|---|
FavUp.show | bool |
FavUp.key | str |
FavUp.keyFile | str |
FavUp.shodanCLI | bool |
FavUp.faviconFile | str |
FavUp.faviconURL | str |
FavUp.web | str |
FavUp.favhash | int |
FavUp.shodan | Shodan class |
FavUp.maskIP | str |
FavUp.maskISP | str |
FavUp.realIPs | list[str] |
At least python3.6
is required due to spicy syntax.
Creator @noneprivacy
Another maintainer is aancw
stanley_HAL told me how Shodan calculates the favicon hash.