Nmap Development mailing list archives
Re: favicon survey script
From: Joao Correa <joao () livewire com br>
Date: Fri, 28 Aug 2009 19:46:01 -0300
Hello nmap-dev, The http-favicon.nse script and also the favicon-db are both committed to the main trunk now. The original script was modified in order to accept root argument (to change path of search) and also to parse the initial webpage for favicon related tags when just grabbin /favicon.ico fails. Thanks, João On Mon, Aug 17, 2009 at 11:57 PM, Joao Correa<joao () livewire com br> wrote:
Hello nmap-dev, I have improved a lot the list first sent. I've tried to improve description, and also make sure about favicons and respective applications. On some situations it was really hard to make sure about the favicon, and I'm sure that the database will make good use of contributions to make it even better. 68B329DA9893E34099C7D8AD5CB9C940:1 byte invalid Favicon AF999538CD3D4D0370F3EA92E0A6070F:H-Sphere Hosting Control Panel 10BD6AD7B318DF92D9E9BD03104D9B80:Plone CMS A34DEA4BD04BDB816BEA176619C29063:Confixx Hosting Control Panel 2C0067D9382A7F1751FED2D200F38DB7:Point2 Real State Website (Point2 Real State Marketing Solution) 63B982EDDD64D44233BAA25066DB6BC1:Joomla! CMS E9E6C56F63122FB05E6899E1DEDD0734:Worldsoft CMS F30B5ED270A57EABEA60BEB935E2B800:FC2 Blog/.fc2.com domain/hosted website EC49973C1991BF39FCDB53260467F39F:Parallels H-Sphere Hosting Control Panel 292B586171617B56E77EE694485B1052:hover costumer (www.hover.com) E52C40433AA5F9256E521D7C139A05BD:GovOffice (Governmental Office CMS) 4644F2D45601037B8423D45E13194C93:Apache Tomcat 2C338C26309E13987D315D85F499D7F2:e107 CMS BEFCDED36AEC1E59EA624582FCB3225C:Thomson/Speedtouch Device 61E029C99ABC5CF058ABC77562A69F98:SchoolCenter Pro (Schoolar CMS) D16A0DA12074DAE41980A6918D33F031:Thomson/Speedtouch 605 Device EDAAEF7BBD3072A3A0C3FB3B29900BCB:Powered by Reynolds Web Solutions (Car sales CMS) A31552D4FCC0EA68D69153E458FE6AB2:Google pages Favicon 73778A17B0D22FFBB7D6C445A7947B92:Apple's Favicon 7194D8AFD9E3A6DD0048149C3F66D60A:Blank Favicon D99217782F41E71BCAA8E663E6302473:Parallels Plesk Hosting Control Panel CA79ABA701B8ED97D4505BCD766DF6F3:Favicon seen on Spam Websites B25DBE60830705D98BA3AAF0568C456A:Netscape iPlanet 6.0 Web Server 325472601571F31E1BF00674C368D335:XSite by a la mode, inc. (Web Site Sollution) 0C46689B7D84E977E3C3683C6F316122:phpBB hosted in Free Forum Services (forumotion.com, forumactif.fr and others) 81ED5FA6453CF406D1D82233BA355B9A:E-zekiel (Church CMS) 226FFC5E483B85EC261654FE255E60BE:Netscape Favicon FF2C8612B75B5F9A6175E016FE4AA609:Apache Web Server (seen on SuSE, Linux Tux Favicon) 639B61409215D770A99667B446C80EA1:IBM Lotus Notes Collaboration Software 4EB846F1286AB4E7A399C851D7D84CCA:Plone CMS FA54DBF2F61BD2E0188E47F5F578F736:Wordpress Publishing Plataform (Blog CMS) C1201C47C81081C7F0930503CAE7F71A:vBulletin Forum Sollution 389A8816C5B87685DE7D8D5FEC96C85B:XOOPS CMS A5220EF442813C2FC6EE8CF13560278F:.republika.pl domain/hosted website 59A0C7B6E4848CCDABCEA0636EFDA02B:Blogger Favicon B7EBD6E8609ECBF0F053BAF5F550CB04:Blank Favicon A28EBCAC852795FE30D8E99A23D377C1:SunOne Web Server 4EE75CA12A52425B9514EE6DE25D23FE:Hostmonster hosted website 6F767458B952D4755A795AF0E4E0AA17:Yahoo! Favicon 7DBE9ACC2AB6E64D59FA67637B1239DF:IBM Lotus Domino Collaboration Software ECAA88F7FA0BF610A5A26CF545DCD3AA:3 bytes invalid favicon: Domain Sellers Websites 5B0E3B33AA166C88CEE57F83DE1D4E55:DotNetNuke CMS and Framework for ASP.NET 1CE0C63F8BD1E5D3376EC0AE95A41C08:Parallels Plesk Hosting Control Panel E1E8BDC3CE87340AB6EBE467519CF245:bluehost hosted website A8FE5B8AE2C445A33AC41B33CCC9A120:Arris Touchstone Device 5E1E9CC940D3BFAA59F51282D9FEC510:.free.fr domain/hosted website 64CA706A50715E421B6C2FA0B32ED7EC:Parallels Plesk Hosting Control Panel DCEA02A5797CE9E36F19B7590752563E:Parallels Plesk Hosting Control Panel 9CEAE7A3C88FC451D59E24D8D5F6F166:Parallels Plesk Hosting Control Panel D41D8CD98F00B204E9800998ECF8427E:Zero byte invalid Favicon Thanks, Joao On Tue, Aug 11, 2009 at 1:50 AM, Joao Correa<joao () livewire com br> wrote:Hi Guys, I've written a small patch to Kost's script. This patch makes the script parse the initial page looking for a favicon tag inside of the html, in cases where just grabbing /favicon.ico doesn't work. The lines added to the script are responsible for fetching the initial web page, parsing it for <link rel="icon"> or <link rel="shortcut icon"> tags, checking if the href field provides a relative or absolute path, parsing and fixing the path if needed, and fetching the referenced favicon. I've also replaced the argument favicon.uri by favicon.root and favicon.name. Having this two arguments have some benefits: When you are trying to retrieve a favicon that is in a subdirectory, you won't need to retype the favicon default name; It gets much easier to fix some parsed favicons from html, because sometimes they are provided as "./fav.ico", and all we need to do is replace . by the root argument; It is also much simpler to build the get request for the initial web page (that is going to be parsed). The obvious problem with this scheme is having two arguments, instead of only one. I don't see favicon.name being widely used (if you don't know which is the application you are scanning, you also won't know the favicon filename, unless you parse the index page). For this reason, I believe that having this two arguments might fit slightly better with everyday use. I've added a few comments, but if anyone has a doubt about anything, I'll be glad to answer. Thanks, Joao. On Mon, Aug 10, 2009 at 11:11 PM, Joao Correa<joao () livewire com br> wrote:On Mon, Aug 10, 2009 at 9:25 PM, Fyodor<fyodor () insecure org> wrote:On Sun, Aug 09, 2009 at 08:08:35AM -0300, Joao Correa wrote:Hi Guys, Here are 14 more common favicons: D8BA35521DFC638F134CF3A64D1A6875:IBM F31837841BADDC72BB5AF80A532A75FA:MicrosoftSo a variety of IBM and Microsoft products use this favicon, or you just mean that the IBM/MS web sites themselves use these?I don't know about any product that use such favicons.D037EF2F629A22DDADCF438E6BE7A325:PHPMyAdmin CA3B716F25AAF139D83CA205B39F6A87:MediaWiki A2C4C351F8BA8EC02C8AEC910E3D0E8C:Sun A9F0F82E141D8543916559BA574D965A:Java CEDDC34CBEC02D74FE40368E2DC1FA90:Mambo 3905C0D2E530753B4C54A18C554B0B42:ZopeWe may want to describe what the products do. e.g. "PHPMyAdmin MySQL web administration" and "Zope content management system". I think our script should accept comments in the list so we can comment on what systems/versions we've found to use these favicons (similar to the comments you'll find in nmap-os-db). Similarly, "Java" is pretty vague. What systems have you seen using this favicon?Just java.com, I've been running the script against a list of common websites. Also, Sun favicon also refers to its website, and not to an application.FF2C8612B75B5F9A6175E016FE4AA609:nmap.org/insecure.org/seclists.org/sectools.orgThose are indeed some of the best sites on the Internet, but I think we should focus on favicons included with platform software (used on many sites) rather than mathcing the custom favicons that most individual sites create. After all, you usually know the name of the site you're scanning. But you might not know the infrastructure information (e.g. what blogging software is running) which can be disclosed by the favicons).I agree with you. I've been motivated to retrieve these favicons because I've seen many Providers/Hosting favicons on Brandon's common list or even in other lists from scripts that do the same. Also, I've seen Google's and Apple's, that are website specific favicons. The only situation I believe that it would help, would be when scanning an IP, that occasionally is the place where the web server is running (and you don't know whose the IP belongs to). Anyway, whois.nse already takes care of this task.Cheers, -FThanks, João
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: favicon survey script, (continued)
- Re: favicon survey script David Fifield (Aug 06)
- Re: favicon survey script kx (Aug 06)
- Re: favicon survey script Joao Correa (Aug 06)
- Re: favicon survey script Joao Correa (Aug 09)
- Re: favicon survey script Joao Correa (Aug 09)
- Re: favicon survey script Fyodor (Aug 10)
- Re: favicon survey script Joao Correa (Aug 10)
- Re: favicon survey script Joao Correa (Aug 10)
- Re: favicon survey script Joao Correa (Aug 17)
- Re: favicon survey script David Fifield (Aug 18)
- Re: favicon survey script Joao Correa (Aug 28)
- Re: favicon survey script Vlatko Kosturjak (Aug 06)
- Re: favicon survey script Vlatko Kosturjak (Aug 05)