Re: New script - http-favicon.nse

[dave-san <dave () subverted org>]

Vlatko Kosturjak wrote:
> > > I think this idea is very cool, and I notice your NSE script seems to be based
> > > on a Nessus script[1].  I just want to make sure there are no copyright issues
> > > here, since your script seems to have more in common than just the idea (MD5s
> > > and names for the first six look like verbatim copies).  Correct me if I'm
> > > wrong, but I don't see even a mention of this in your email or script.
> > This also exists in a Nikto database. That stated, it's still cool as an NSE script.
> > http://www.cirt.net/nikto/UPDATES/2.03/db_favicon
>
> Too bad that license of this favicon database is not permissive enough:
> "This file may not be used with any software product without written
> permission from CIRT, Inc."
> Maybe they are willing to contribute it to nmap?

I'd say it is likely, though it is probably unecessary.

> But, if it's issue to use even MD5 db from OpenVAS we can rebuild the db
> ourselves on the mailing list (with help from other people who use some
> of these products). As I don't see any other problem beside MD5 sigs
> (which I see everbody have). Implementation is mine, Idea is general and
> already in multiple products: Nessus, OpenVAS, Nikto, etc...

Agreed. Certainly the "idea" of having a hash database for favicons is a reusable one, and there are certainly lots 
more web servers
that could be added to the list.

Dave

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org