Not working in custom favicon directory scenario

[Kr1shna4garwal]

Is your feature request related to a problem? Please describe. Tool is really good, but it seems not working in some scenarios, like if a site has placed it's favicon.ico file in a directory (Example: http://example[.]com/images/favicon.ico), tool will miss out the favicon. So instead of statically requesting just favicon.ico, it is recommend to first locate the path of favicon.ico in the source and then request it.

Describe the solution you'd like The Tool should grep for .ico extension in page source, and then request that path for catching actual favicon.ico file

[edoardottt]

Hi @Kr1shna4garwal , thanks for your contribution!

I thought about that, I was putting the effort in increasing the size of the database . can you provide an example of URLs to test this functionality once implemented?

thanks

[Kr1shna4garwal]

Hi @edoardottt, I have one such example url: https://drata.com/images/favicon.ico Current version is unable to fetch this favicon

[edoardottt]

Thanks :) Do you have any advice on how to obtain html tag values? I'd like to avoid any regex et similia... I'd prefer parsing html and get an exact value.

[Kr1shna4garwal]

Hello @edoardottt,

I'm not a Golang programmer, So I don't much knowledge in Go

But in general, I think steps should be:

1. send a GET request to "/"
2. parse it using golang html library
3. Loop through each token -> extract the attribute's value if attribute's key is href
4. Filter the results to match for .ico extension
5. extract the value
6. request the exact path
7. Then do further processing with that

[edoardottt]

It may not the best solution. Now the tool performs 1 request per target. with that solution all of the targets will get 2 requests, resulting in double time and resources needed. If the vast majority of the domains use /favicon.ico, this is definitely not a good solution.

[Kr1shna4garwal]

That's right, It maybe not the best solution but still we can implement it in different way! Like we can first check for /favicon.ico (Primary option), If found it will process it (1 request). If not found, then it will make 2 requests (1st request to find .ico path in page source, then 2nd to request and process that favicon.ico path). This way I believe tool's efficiency and usefulness both will be maintained. Currently no favicon analysis tool is doing this job.

[edoardottt]

I agree @Kr1shna4garwal . I was thinking the same. issue prioritized:)