search

byt3bl33d3r / WitnessMe

Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
GNU General Public License v3.0
734 stars 109 forks source link

Signature Based on Favicon #27

Open decidedlygray opened 3 years ago

decidedlygray commented 3 years ago

There's been a few times on engagements where I only see a blank page, and even X-Powered-By and Server headers are suppressed, but the favicon for the product deployed to the server is still available. I was wondering what you think about adding the ability to signature based on favicons?

I'm thinking it could either be done by a quick MD5 or maybe even CRC32 to help keep performance up. I wanted to get your input on it before I try to code anything up and submit a PR

byt3bl33d3r commented 3 years ago

I like this, i think the best way to do this would be to use MurmurHash to "hash" the favicons as its computationally less expensive. (Shodan uses this for their favicon hashing as well.).

byt3bl33d3r commented 3 years ago

I'm not exactly sure where to get a goo "data set" of favicons tho. Something to look into

decidedlygray commented 3 years ago

Ok excellent. I’ll see if I can throw something together. Thanks for the tip on MurmurHash! My plan was to start with a small set of “typical” stuff like Tomcat, WebLogic, etc. And maybe also use this as a starting point: https://github.com/nmap/nmap/blob/master/nselib/data/favicon-db

byt3bl33d3r commented 3 years ago

Ah that's a perfect start! Can't wait for the PR!

Cheers