Nmap Development mailing list archives
New script - http-favicon.nse
From: Vlatko Kosturjak <kost () linux hr>
Date: Thu, 06 Nov 2008 14:00:22 +0100
Hello! I've just made script which will perform HTTP default favicon enumeration. It will try to grab /favicon.ico and from MD5 try to say what software you are running. Typical output is like this: |_ http-favicon: Found favicon from Socialtext or |_ http-favicon: Unknown favicon MD5: 6399cc480d494bf1fcd7d16c42b1c11b (so you can add MD5 to database) Currently the database of MD5s are not big, but you can always contribute (just generic ones, not custom favicon.ico - of course!). Because there were openssl changes/fixes and this script uses openssl's md5 function, this script will work with SVN version of nmap. it will NOT work with nmap 4.76. Kost
description = [[ Gets the favicon.ico from the root of a web service and tries to enumerate it ]] --- -- @output -- |_ http-favicon: Found favicon from Socialtext -- HTTP default favicon enumeration script -- rev 1.0 (2008-11-06) author = "Vlatko Kosturjak <kost () linux hr>" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"default", "discovery"} require "shortport" require "http" require "stdnse" portrule = shortport.port_or_service({80, 443, 8080}, {"http","https"}) action = function(host, port) local md5sum,i,answer local result= "" local HAVE_SSL = false local favicons = { {md5="4987120f4fb1dc454f889e8c92f6dabe", name="Google Web Server"}, {md5="71e30c507ca3fa005e2d1322a5aa8fb2", name="Apache on Redhat"}, {md5="a28ebcac852795fe30d8e99a23d377c1", name="SunOne 6.1"}, {md5="41e2c893098b3ed9fc14b821a2e14e73", name="Netscape 6.0 (AOL)"}, {md5="b25dbe60830705d98ba3aaf0568c456a", name="Netscape iPlanet 6.0"}, {md5="226ffc5e483b85ec261654fe255e60be", name="Netscape 4.1"}, {md5="f1876a80546b3986dbb79bad727b0374", name="NetScreen WebUI"}, {md5="d41d8cd98f00b204e9800998ecf8427e", name="Drupal cms"}, {md5="389a8816c5b87685de7d8d5fec96c85b", name="XOOPS cms"}, {md5="506190fc55ceaa132f1bc305ed8472ca", name="SocialText"}, {md5="2cc15cfae55e2bb2d85b57e5b5bc3371", name="PHPwiki"} } if pcall(require,'openssl') then HAVE_SSL = true else result = "No openSSL support in nmap. Script not executed." end if HAVE_SSL == true then answer = http.get( host, port, "/favicon.ico" ) --- check for 200 response code if answer.status == 200 then md5sum=stdnse.tohex(openssl.md5(answer.body)) for i = 1, #favicons, 1 do if md5sum == favicons[i].md5 then result = result .. "Found favicon from " .. favicons[i].name .. "." end end if result == "" then result="Unknown favicon MD5: " .. md5sum end else result = "No favicon found on root of web server." end --- status == 200 return result end --- HAVE_SSL end
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- New script - http-favicon.nse Vlatko Kosturjak (Nov 06)
- Re: New script - http-favicon.nse Kris Katterjohn (Nov 06)
- Re: New script - http-favicon.nse dave-san (Nov 06)
- Re: New script - http-favicon.nse Vlatko Kosturjak (Nov 06)
- Re: New script - http-favicon.nse dave-san (Nov 06)
- Re: New script - http-favicon.nse dave-san (Nov 06)
- Re: New script - http-favicon.nse Sullo (Nov 06)
- Re: New script - http-favicon.nse dave-san (Nov 06)
- Re: New script - http-favicon.nse Sullo (Nov 06)
- Re: New script - http-favicon.nse dave-san (Nov 06)
- Re: New script - http-favicon.nse Kris Katterjohn (Nov 06)
- Re: New script - http-favicon.nse Vlatko Kosturjak (Nov 06)