Nmap Development mailing list archives

Re: New script - http-favicon.nse

From: David Fifield <david () bamsoftware com>
Date: Mon, 1 Dec 2008 08:59:02 -0700

On Mon, Dec 01, 2008 at 09:37:55AM +0100, Vlatko Kosturjak wrote:

Javier Fernández-Sanguino Peña wrote:

[ Sorry if I break the thread, I'm not subscribed to the list and I cannot
easily extract the Message-ID from the archives to keep the reply 'sane' ]

As the original author of the 'webserver_favicon.nasl' NASL script  [1] I'm
happy to grant permission to use whatever is useful in that old script as a
new (rehashed) NSE script for Nmap.


I have asked Javier to post to this list with permission above.
With this, I hope we finished the saga of http-favicon.nse copyright. I
have included his credit in .nse script as well. Script is included as
attachment, so you can apply it to SVN.

I have also finished crawling the Internet, so I still need to map
popular favicon.ico to each software (which is long and boring job to
do). If you're wondering how I done it, look here:
http://kost.com.hr/favicon.php


That page is great and it shows you have been doing a thorough job.

Maybe you can make your raw data available? (content-p80.md5.url and
content.md5.url.) You don't have to do the "long and boring" job by
yourself. At least then others can check your results and help verify
server versions.

I don't want to add the script until the database is complete with, say,
the top 20 favicons you found. Of course you can look at the
distribution of the data and decide what is a reasonable cutoff for the
number of entries. I don't want to use the current database because we
don't know how common each of the entries is or if any of them are out
of date. The "Google Web Server" entry in the script doesn't appear to
be valid any more. I get

        $ nmap --script=http-favicon.nse www.google.com -p80

        Starting Nmap 4.76 ( http://nmap.org ) at 2008-12-01 08:52 MST
        Warning: Hostname www.google.com resolves to 4 IPs. Using
        209.85.173.104.
        Interesting ports on mh-in-f104.google.com (209.85.173.104):
        PORT   STATE SERVICE
        80/tcp open  http
        |_ http-favicon: Unknown favicon MD5: e6dae5f05216547f21604a4c60505c79

        Nmap done: 1 IP address (1 host up) scanned in 0.73 seconds

With that in mind, it would be good to have version numbers for each
server/CMS whenever possible.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: New script - http-favicon.nse, (continued)
- - Re: New script - http-favicon.nse Vlatko Kosturjak (Nov 06)
    - Re: New script - http-favicon.nse Kris Katterjohn (Nov 06)
    - Re: New script - http-favicon.nse Vlatko Kosturjak (Nov 06)
  - Re: New script - http-favicon.nse Fyodor (Nov 06)
    - Re: New script - http-favicon.nse Kris Katterjohn (Nov 06)
    - Re: New script - http-favicon.nse Vlatko Kosturjak (Nov 06)
    - Re: New script - http-favicon.nse Brandon Enright (Nov 06)
    - Re: New script - http-favicon.nse Vlatko Kosturjak (Nov 07)
- Re: New script - http-favicon.nse Javier Fernández-Sanguino Peña (Nov 29)
  - Re: New script - http-favicon.nse Vlatko Kosturjak (Dec 01)
    - Re: New script - http-favicon.nse David Fifield (Dec 01)