ghost
commented
8 years ago Will have a look later and will add if https://github.com/sullo/nikto/issues/333 has been sorted out.
Closed ghost closed 8 years ago
ghost
commented
8 years ago Will have a look later and will add if https://github.com/sullo/nikto/issues/333 has been sorted out.
sullo
commented
8 years ago See https://github.com/sullo/nikto/commit/33a315e95231ec880e18635866d47f3ab75933b6
Made a ton of changes to the nikto_favicon.plugin file to do a much better job. It will check for /favicon.(png|ico|gif) and /favicons/favicon.(png|ico|gif) now. It will also better parse tags and check for hashes on all of them (based on www.apache.org). I fixed a few bugs as well.
We should figure out some support for http://www.apache.org/favicons/manifest.json but I'm not yet sure how much this is used.
We should decide if we should check for Apache's /favicons/$file by default... I don't have a newer Apache nearby to see if all those are default.
Not sure if #333 is still a problem or not--please retest.
sullo
commented
8 years ago ghost
commented
8 years ago Hey, great work!
I'm not sure about the /favicons/$file by default, manifest.json and browserconfig.xml. Havn't seen them that much. The question is how much work this is and the benefits from them as they are probably only Apache specific?
Not sure if #333 is still a problem or not--please retest.
Will do, thanks again!
sullo
commented
8 years ago Closing as I think we've run this to ground. I don't think the apache browserconfig.xml is terribly helpful.
Hi,
it could be possible that the <link tag also contains .gif or .ico icons according to:
https://en.wikipedia.org/wiki/Favicon#How_to_use
Not quite sure if those filetypes also should be added to the favicon plugin?