Re: favicon survey script

[Vlatko Kosturjak <kost () linux hr>]

David Fifield wrote:
> Hi,
> There was a project to build a NSE script that would identify web server
> software by hashing favicon.ico and looking it up in a database. In fact
> the script exists, but the database is small and the relevance of its
> entries is not known.
> Last year Vlatko Kosturjak did large Internet scans and cataloged the
> frequency of favicons. However for some reason this was never built into
> a database and a script, as far as I know.
> http://seclists.org/nmap-dev/2008/q4/0397.html
> http://seclists.org/nmap-dev/2008/q4/0586.html
> http://kost.com.hr/favicon.php

Worst job is actually manually finding the correspodent favicon and
server/cms/whatever version. Here's my data of crawling:
http://gandalf.linux.hr/favicon/

> I think the script is a great idea, so I wrote a script to try to
> duplicate Vlatko's results. The script simply downloads /favicon.ico,
> hashes it, then stores the icon itself and a list of hosts using it in
> files named after the hash. To give you an idea:

I have also made new version of the nse script (for distributing with
nmap, not for crawling) which is quite better than the old one (uses
data files for example - instead of having that directly in the script).
Will send to the list in the short time.

I will hapily work with all of you to get favicon into nmap.

Looking forward to hear from you,

Vlatko Kosturjak

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org