Nmap Development mailing list archives
Re: favicon survey script
From: David Fifield <david () bamsoftware com>
Date: Thu, 6 Aug 2009 11:49:03 -0600
On Thu, Aug 06, 2009 at 08:27:24AM +0200, Vlatko Kosturjak wrote:
David Fifield wrote:Vlatko, did you ever finish mapping the hashes back to favicons in your research?Yes, I did. But extracted only top 10 from each survey done (dmoz,80,443) and have summarized that into favicon-db (just updated favicon-db in attachment to reflect survey done). 09b565a51e14b721a323f0ba44b2982a:Google web server 506190fc55ceaa132f1bc305ed8472ca:SocialText 2cc15cfae55e2bb2d85b57e5b5bc3371:PHPwiki 389a8816c5b87685de7d8d5fec96c85b:XOOPS cms e6a9dc66179d8c9f34288b16a02f987e:Drupal cms f1876a80546b3986dbb79bad727b0374:NetScreen WebUI 226ffc5e483b85ec261654fe255e60be:Netscape 4.1 b25dbe60830705d98ba3aaf0568c456a:Netscape iPlanet 6.0 41e2c893098b3ed9fc14b821a2e14e73:Netscape 6.0 (AOL) a28ebcac852795fe30d8e99a23d377c1:SunOne 6.1 71e30c507ca3fa005e2d1322a5aa8fb2:Apache on Redhat d41d8cd98f00b204e9800998ecf8427e:Zero byte favicon dcea02a5797ce9e36f19b7590752563e:Apache (seen on CentOS/Debian/Fedora) 6f767458b952d4755a795af0e4e0aa17:Yahoo! 5b0e3b33aa166c88cee57f83de1d4e55:DotNetNuke (http://www.dotnetnuke.com) 7dbe9acc2ab6e64d59fa67637b1239df:Lotus-Domino fa54dbf2f61bd2e0188e47f5f578f736:Wordpress 6cec5a9c106d45e458fc680f70df91b0:Wordpress - obsolete version 81ed5fa6453cf406d1d82233ba355b9a:E-zekiel ecaa88f7fa0bf610a5a26cf545dcd3aa:3-byte invalid favicon: domain sellers 4eb846f1286ab4e7a399c851d7d84cca:Plone cms c1201c47c81081c7f0930503cae7f71a:vBulletin forum edaaef7bbd3072a3a0c3fb3b29900bcb:Powered by Reynolds Web Solutions (Car sales CMS) d99217782f41e71bcaa8e663e6302473:Apache on Red Hat/Fedora 4644f2d45601037b8423d45e13194c93:Apache Tomcat a8fe5b8ae2c445a33ac41b33ccc9a120:Cannot find server(Access to this web page is currently unavailable.). Let us know - please submit! d16a0da12074dae41980a6918d33f031:ST 605 befcded36aec1e59ea624582fcb3225c:SpeedTouch e4a509e78afca846cd0e6c0672797de5:i3micro VRG
Awesome. I would prefer to keep only the hashes that we have measured to be common. João Correa is going to do some scanning and Brandon Enright has been scanning as well. The hash A8FE5B8AE2C445A33AC41B33CCC9A120 is by far the most common one I found in my scanning, and I think in Brandon's too. Just like you noted, it is really HTML text: <html><head><title>Cannot find server</title></head><body> <br>Access to this web page is currently unavailable.<P><HR></BODY></HTML> It would be good to know what software produces this. There's an entry in nmap-service-probes that matches it, for "Arris cm450 cable modem http config". My guess is that it's probably broader than that, given its prevalence. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- favicon survey script David Fifield (Aug 04)
- Re: favicon survey script Brandon Enright (Aug 04)
- Re: favicon survey script Vlatko Kosturjak (Aug 05)
- Re: favicon survey script Vlatko Kosturjak (Aug 05)
- Re: favicon survey script Vlatko Kosturjak (Aug 05)
- Re: favicon survey script David Fifield (Aug 05)
- Re: favicon survey script Vlatko Kosturjak (Aug 05)
- Re: favicon survey script David Fifield (Aug 06)
- Re: favicon survey script Brandon Enright (Aug 06)
- Re: favicon survey script Vlatko Kosturjak (Aug 06)
- Scanning DNS names fast (was Re: favicon survey script) Brandon Enright (Aug 06)
- Re: favicon survey script David Fifield (Aug 06)
- Re: favicon survey script kx (Aug 06)
- Re: favicon survey script Joao Correa (Aug 06)
- Re: favicon survey script Joao Correa (Aug 09)
- Re: favicon survey script Joao Correa (Aug 09)
- Re: favicon survey script Fyodor (Aug 10)
- Re: favicon survey script Joao Correa (Aug 10)
- Re: favicon survey script Vlatko Kosturjak (Aug 05)
- Re: favicon survey script Brandon Enright (Aug 04)