You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem?
The Nmap http-favicon script is pretty unreliable and doesn't produce a result that is easily searchable. Instead it produces a text output based on whether or not that favicon is known in the nse.
Describe the feature you'd like
Build support for the agent to fetch favicons for each http service and store their mmh3 value.
Have you considered alternative ways to get this feature
If I were writing this capability (which I probably will be), I'd do it something like this:
Getting the favicon from <link> tag:
If web_screenshot is enabled then get raw html data from web_screenshot
If web_screenshot is not enabled, requests.get(target)
Look for link tags with rel="icon" attribute. If found:
r = requests.get(href_from_link)
If no link tag, try to fetch default favicon
r = requests.get(f"{target}/favicon.ico")
If r.status_code == 200:
favicon = codecs.encode(r.content, "base64")
hash = mmh3.hash(favicon)
Additional context
This will provide the ability to look for hashes that you might already see in public services such as shodan, and favicons are small enough that a cryptographic hash such as md5 or sha256 would be overkill.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem?
The Nmap http-favicon script is pretty unreliable and doesn't produce a result that is easily searchable. Instead it produces a text output based on whether or not that favicon is known in the nse.
Describe the feature you'd like
Build support for the agent to fetch favicons for each http service and store their mmh3 value.
Have you considered alternative ways to get this feature
If I were writing this capability (which I probably will be), I'd do it something like this:
<link>
tag:requests.get(target)
link
tags withrel="icon"
attribute. If found:r = requests.get(href_from_link)
link
tag, try to fetch default faviconr = requests.get(f"{target}/favicon.ico")
r.status_code == 200
:favicon = codecs.encode(r.content, "base64")
hash = mmh3.hash(favicon)
Additional context
This will provide the ability to look for hashes that you might already see in public services such as shodan, and favicons are small enough that a cryptographic hash such as md5 or sha256 would be overkill.
The text was updated successfully, but these errors were encountered: