Re: New script - http-favicon.nse

[Vlatko Kosturjak <kost () linux hr>]

> On Thu, Nov 06, 2008 at 10:32:54AM -0600, Kris Katterjohn wrote:
> Great catch!  It is very important that we credit our sources.

Intentionally did not want to do md5sums again to save time, but
unintentionally did not credit sources. My mistake. Will pay attention
on this in the future.

> I do think the script itself has potential.  What would be
> particularly useful is if someone did an -iR scan (-p80 -n -PN) with
> the script and collected all the favicon fingerprints.  Then you could
> reverse-sort them by frequency and figure out the software behind the
> most common ones (and add it to the DB).  Neither the Nessus plugin
> nor the Nikto one seem very comprehensive.

Thanks on suggestion! Started doing the random scan. Actually, two of
them on two different machines/IPs. One scans for fingerprints on port
80 and the other on port 443. Hopefully, database will be populated very
soon.

> From your experience, how long is good enough to keep the scans going?
(I said unlimited to both of them, so I can stop them in any time)

Kost

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org