Nmap Development mailing list archives
Re: New script - http-favicon.nse
From: Vlatko Kosturjak <kost () linux hr>
Date: Mon, 01 Dec 2008 09:37:55 +0100
Javier Fernández-Sanguino Peña wrote:
[ Sorry if I break the thread, I'm not subscribed to the list and I cannot easily extract the Message-ID from the archives to keep the reply 'sane' ] As the original author of the 'webserver_favicon.nasl' NASL script [1] I'm happy to grant permission to use whatever is useful in that old script as a new (rehashed) NSE script for Nmap.
I have asked Javier to post to this list with permission above. With this, I hope we finished the saga of http-favicon.nse copyright. I have included his credit in .nse script as well. Script is included as attachment, so you can apply it to SVN. I have also finished crawling the Internet, so I still need to map popular favicon.ico to each software (which is long and boring job to do). If you're wondering how I done it, look here: http://kost.com.hr/favicon.php Note that I did not want to do only DMOZ gathering or only nmap -iR gathering. With only DMOZ favicon gathering, I would lose favicons from network devices and appliance(s) as usually they are not entered into DMOZ. And with only nmap -iR gathering, I would lose virtual hosts as there is no easy way of enumerating of all virtual hosts behind specific IP. So, I was doing it both because I wanted to cover all possible cases. Kost
description = [[ Gets the favicon.ico from the root of a web service and tries to enumerate it ]] --- -- @output -- |_ http-favicon: Found favicon from Socialtext -- HTTP default favicon enumeration script -- rev 1.0 (2008-12-01) -- Original NASL script by Javier Fernandez-Sanguino Pena author = "Vlatko Kosturjak <kost () linux hr>" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"default", "discovery"} require "shortport" require "http" require "stdnse" portrule = shortport.port_or_service({80, 443, 8080}, {"http","https"}) action = function(host, port) local md5sum,i,answer local result= "" local HAVE_SSL = false local favicons = { {md5="4987120f4fb1dc454f889e8c92f6dabe", name="Google Web Server"}, {md5="71e30c507ca3fa005e2d1322a5aa8fb2", name="Apache on Redhat"}, {md5="a28ebcac852795fe30d8e99a23d377c1", name="SunOne 6.1"}, {md5="41e2c893098b3ed9fc14b821a2e14e73", name="Netscape 6.0 (AOL)"}, {md5="b25dbe60830705d98ba3aaf0568c456a", name="Netscape iPlanet 6.0"}, {md5="226ffc5e483b85ec261654fe255e60be", name="Netscape 4.1"}, {md5="f1876a80546b3986dbb79bad727b0374", name="NetScreen WebUI"}, {md5="d41d8cd98f00b204e9800998ecf8427e", name="Drupal cms"}, {md5="389a8816c5b87685de7d8d5fec96c85b", name="XOOPS cms"}, {md5="506190fc55ceaa132f1bc305ed8472ca", name="SocialText"}, {md5="2cc15cfae55e2bb2d85b57e5b5bc3371", name="PHPwiki"} } if pcall(require,'openssl') then HAVE_SSL = true else result = "No openSSL support in nmap. Script not executed." end if HAVE_SSL == true then answer = http.get( host, port, "/favicon.ico" ) --- check for 200 response code if answer.status == 200 then md5sum=stdnse.tohex(openssl.md5(answer.body)) for i = 1, #favicons, 1 do if md5sum == favicons[i].md5 then result = result .. "Found favicon from " .. favicons[i].name .. "." end end if result == "" then result="Unknown favicon MD5: " .. md5sum end else result = "No favicon found on root of web server." end --- status == 200 return result end --- HAVE_SSL end
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: New script - http-favicon.nse, (continued)
- Re: New script - http-favicon.nse Vlatko Kosturjak (Nov 06)
- Re: New script - http-favicon.nse Vlatko Kosturjak (Nov 06)
- Re: New script - http-favicon.nse Kris Katterjohn (Nov 06)
- Re: New script - http-favicon.nse Vlatko Kosturjak (Nov 06)
- Re: New script - http-favicon.nse Fyodor (Nov 06)
- Re: New script - http-favicon.nse Kris Katterjohn (Nov 06)
- Re: New script - http-favicon.nse Vlatko Kosturjak (Nov 06)
- Re: New script - http-favicon.nse Brandon Enright (Nov 06)
- Re: New script - http-favicon.nse Vlatko Kosturjak (Nov 07)
- Re: New script - http-favicon.nse Vlatko Kosturjak (Dec 01)
- Re: New script - http-favicon.nse David Fifield (Dec 01)