Nmap Development mailing list archives
Re: New script - http-favicon.nse
From: David Fifield <david () bamsoftware com>
Date: Mon, 1 Dec 2008 08:59:02 -0700
On Mon, Dec 01, 2008 at 09:37:55AM +0100, Vlatko Kosturjak wrote:
Javier Fernández-Sanguino Peña wrote:[ Sorry if I break the thread, I'm not subscribed to the list and I cannot easily extract the Message-ID from the archives to keep the reply 'sane' ] As the original author of the 'webserver_favicon.nasl' NASL script [1] I'm happy to grant permission to use whatever is useful in that old script as a new (rehashed) NSE script for Nmap.I have asked Javier to post to this list with permission above. With this, I hope we finished the saga of http-favicon.nse copyright. I have included his credit in .nse script as well. Script is included as attachment, so you can apply it to SVN. I have also finished crawling the Internet, so I still need to map popular favicon.ico to each software (which is long and boring job to do). If you're wondering how I done it, look here: http://kost.com.hr/favicon.php
That page is great and it shows you have been doing a thorough job. Maybe you can make your raw data available? (content-p80.md5.url and content.md5.url.) You don't have to do the "long and boring" job by yourself. At least then others can check your results and help verify server versions. I don't want to add the script until the database is complete with, say, the top 20 favicons you found. Of course you can look at the distribution of the data and decide what is a reasonable cutoff for the number of entries. I don't want to use the current database because we don't know how common each of the entries is or if any of them are out of date. The "Google Web Server" entry in the script doesn't appear to be valid any more. I get $ nmap --script=http-favicon.nse www.google.com -p80 Starting Nmap 4.76 ( http://nmap.org ) at 2008-12-01 08:52 MST Warning: Hostname www.google.com resolves to 4 IPs. Using 209.85.173.104. Interesting ports on mh-in-f104.google.com (209.85.173.104): PORT STATE SERVICE 80/tcp open http |_ http-favicon: Unknown favicon MD5: e6dae5f05216547f21604a4c60505c79 Nmap done: 1 IP address (1 host up) scanned in 0.73 seconds With that in mind, it would be good to have version numbers for each server/CMS whenever possible. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: New script - http-favicon.nse, (continued)
- Re: New script - http-favicon.nse Vlatko Kosturjak (Nov 06)
- Re: New script - http-favicon.nse Kris Katterjohn (Nov 06)
- Re: New script - http-favicon.nse Vlatko Kosturjak (Nov 06)
- Re: New script - http-favicon.nse Vlatko Kosturjak (Nov 06)
- Re: New script - http-favicon.nse Fyodor (Nov 06)
- Re: New script - http-favicon.nse Kris Katterjohn (Nov 06)
- Re: New script - http-favicon.nse Vlatko Kosturjak (Nov 06)
- Re: New script - http-favicon.nse Brandon Enright (Nov 06)
- Re: New script - http-favicon.nse Vlatko Kosturjak (Nov 07)
- Re: New script - http-favicon.nse Vlatko Kosturjak (Dec 01)
- Re: New script - http-favicon.nse David Fifield (Dec 01)