Re: favicon survey script

[Vlatko Kosturjak <kost () linux hr>]

Vlatko Kosturjak wrote:
> I have also made new version of the nse script (for distributing with
> nmap, not for crawling) which is quite better than the old one (uses
> data files for example - instead of having that directly in the script).
> Will send to the list in the short time.

As promised. Here it is.

Changes since last post of this script to this mailing list:
- Implemented David's comments (hash & HAVE_SSL)
- Implemented datafile instead of having data(MD5s) in script
- Implemented script argument for URI, so you can specify URI where
favicon.ico is located (in case you want test for /specific/place/):
--script-args favicon={uri=/somewhere/favicon.ico}

If there's anything else to implement, let me know!

Kost




09b565a51e14b721a323f0ba44b2982a:Google web server
506190fc55ceaa132f1bc305ed8472ca:SocialText
2cc15cfae55e2bb2d85b57e5b5bc3371:PHPwiki
389a8816c5b87685de7d8d5fec96c85b:XOOPS cms
d41d8cd98f00b204e9800998ecf8427e:Drupal cms
f1876a80546b3986dbb79bad727b0374:NetScreen WebUI
226ffc5e483b85ec261654fe255e60be:Netscape 4.1
b25dbe60830705d98ba3aaf0568c456a:Netscape iPlanet 6.0
41e2c893098b3ed9fc14b821a2e14e73:Netscape 6.0 (AOL)
a28ebcac852795fe30d8e99a23d377c1:SunOne 6.1
71e30c507ca3fa005e2d1322a5aa8fb2:Apache on Redhat

description = [[
Gets the favicon.ico from the root of a web service and tries to enumerate it
]]

---
-- @args favicon.uri Uri that will be requested for favicon
-- @output
-- |_ http-favicon: Found favicon from Socialtext

-- HTTP default favicon enumeration script
-- rev 1.2 (2009-03-11)
-- Original NASL script by Javier Fernandez-Sanguino Pena

author = "Vlatko Kosturjak <kost () linux hr>"

license = "Same as Nmap--See http://nmap.org/book/man-legal.html";

categories = {"default", "discovery"}

require "shortport"
require "http"
require "stdnse"
require "datafiles"

portrule = shortport.port_or_service({80, 443, 8080, 8443},
        {"http", "https", "http-alt", "https-alt"})

action = function(host, port)
  local md5sum,answer
  local match
  local status, favicondb
  local result= ""
  local favicondbfile="favicon-db"

  status, favicondb = datafiles.parse_file( favicondbfile, {["^%s*([^%s#:]+)[%s:]+"] = "^%s*[^%s#:]+[%s:]+(.*)"})
  if not status then
        stdnse.print_debug( 1, "Could not open file: %s", favicondbfile )
        return
  end

  if not pcall(require,'openssl') then
        stdnse.print_debug( 3, "Skipping %s script because OpenSSL is missing.", filename )
        return
  end

  if(nmap.registry.args.favicon and nmap.registry.args.favicon.uri) then
        answer = http.get( host, port, "/"..nmap.registry.args.favicon.uri)
        stdnse.print_debug( 4, "Using URI %s", nmap.registry.args.favicon.uri)
  else
        answer = http.get( host, port, "/favicon.ico" )
        stdnse.print_debug( 4, "Using default URI.")
  end

  --- check for 200 response code
  if answer.status == 200 then
        md5sum=stdnse.tohex(openssl.md5(answer.body))
        match=favicondb[md5sum]
        if match then
                result = result .. "Found favicon from " .. match .. "."
        else
                result="Unknown favicon MD5: " .. md5sum 
        end
  else 
        stdnse.print_debug( 1, "No favicon found on root of web server.")
        return
  end --- status == 200
  return result
end


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org