Nmap Development mailing list archives
Re: favicon survey script
From: Joao Correa <joao () livewire com br>
Date: Tue, 11 Aug 2009 01:50:25 -0300
Hi Guys, I've written a small patch to Kost's script. This patch makes the script parse the initial page looking for a favicon tag inside of the html, in cases where just grabbing /favicon.ico doesn't work. The lines added to the script are responsible for fetching the initial web page, parsing it for <link rel="icon"> or <link rel="shortcut icon"> tags, checking if the href field provides a relative or absolute path, parsing and fixing the path if needed, and fetching the referenced favicon. I've also replaced the argument favicon.uri by favicon.root and favicon.name. Having this two arguments have some benefits: When you are trying to retrieve a favicon that is in a subdirectory, you won't need to retype the favicon default name; It gets much easier to fix some parsed favicons from html, because sometimes they are provided as "./fav.ico", and all we need to do is replace . by the root argument; It is also much simpler to build the get request for the initial web page (that is going to be parsed). The obvious problem with this scheme is having two arguments, instead of only one. I don't see favicon.name being widely used (if you don't know which is the application you are scanning, you also won't know the favicon filename, unless you parse the index page). For this reason, I believe that having this two arguments might fit slightly better with everyday use. I've added a few comments, but if anyone has a doubt about anything, I'll be glad to answer. Thanks, Joao. On Mon, Aug 10, 2009 at 11:11 PM, Joao Correa<joao () livewire com br> wrote:
On Mon, Aug 10, 2009 at 9:25 PM, Fyodor<fyodor () insecure org> wrote:On Sun, Aug 09, 2009 at 08:08:35AM -0300, Joao Correa wrote:Hi Guys, Here are 14 more common favicons: D8BA35521DFC638F134CF3A64D1A6875:IBM F31837841BADDC72BB5AF80A532A75FA:MicrosoftSo a variety of IBM and Microsoft products use this favicon, or you just mean that the IBM/MS web sites themselves use these?I don't know about any product that use such favicons.D037EF2F629A22DDADCF438E6BE7A325:PHPMyAdmin CA3B716F25AAF139D83CA205B39F6A87:MediaWiki A2C4C351F8BA8EC02C8AEC910E3D0E8C:Sun A9F0F82E141D8543916559BA574D965A:Java CEDDC34CBEC02D74FE40368E2DC1FA90:Mambo 3905C0D2E530753B4C54A18C554B0B42:ZopeWe may want to describe what the products do. e.g. "PHPMyAdmin MySQL web administration" and "Zope content management system". I think our script should accept comments in the list so we can comment on what systems/versions we've found to use these favicons (similar to the comments you'll find in nmap-os-db). Similarly, "Java" is pretty vague. What systems have you seen using this favicon?Just java.com, I've been running the script against a list of common websites. Also, Sun favicon also refers to its website, and not to an application.FF2C8612B75B5F9A6175E016FE4AA609:nmap.org/insecure.org/seclists.org/sectools.orgThose are indeed some of the best sites on the Internet, but I think we should focus on favicons included with platform software (used on many sites) rather than mathcing the custom favicons that most individual sites create. After all, you usually know the name of the site you're scanning. But you might not know the infrastructure information (e.g. what blogging software is running) which can be disclosed by the favicons).I agree with you. I've been motivated to retrieve these favicons because I've seen many Providers/Hosting favicons on Brandon's common list or even in other lists from scripts that do the same. Also, I've seen Google's and Apple's, that are website specific favicons. The only situation I believe that it would help, would be when scanning an IP, that occasionally is the place where the web server is running (and you don't know whose the IP belongs to). Anyway, whois.nse already takes care of this task.Cheers, -FThanks, João
Attachment:
http-favicon-parsing.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: favicon survey script, (continued)
- Re: favicon survey script Brandon Enright (Aug 06)
- Re: favicon survey script Vlatko Kosturjak (Aug 06)
- Scanning DNS names fast (was Re: favicon survey script) Brandon Enright (Aug 06)
- Re: favicon survey script David Fifield (Aug 06)
- Re: favicon survey script kx (Aug 06)
- Re: favicon survey script Joao Correa (Aug 06)
- Re: favicon survey script Joao Correa (Aug 09)
- Re: favicon survey script Joao Correa (Aug 09)
- Re: favicon survey script Fyodor (Aug 10)
- Re: favicon survey script Joao Correa (Aug 10)
- Re: favicon survey script Joao Correa (Aug 10)
- Re: favicon survey script Joao Correa (Aug 17)
- Re: favicon survey script David Fifield (Aug 18)
- Re: favicon survey script Joao Correa (Aug 28)
- Re: favicon survey script Vlatko Kosturjak (Aug 06)
- Re: favicon survey script Vlatko Kosturjak (Aug 05)