Awesome Open Source
Awesome Open Source

FavFreak - Weaponizing favicon.ico for BugBounties , OSINT and what not

FacFreak

Detailed Description about this can be found here :

Read Blog here : https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139

Introduction

I have created this tool for making my work easier when it comes to recon using Favicon hashes, it takes a list of urls (with https or http protocol) from stdin ,then it fetches favicon.ico and calculates its hash value. It sorts the domains/subdomains/IPs according to their favicon hashes and the most interesting part is , It matches calculated favicon hashes with the favicon hashes present in the fingerprint dictionary , If matched then it will show you the results in the output, there is option to generate shodan dorks as well (that is pretty basic and you can do it manually as well)

How to install and use

Note : Tested with python3.6.9 on Ubuntu/Kali

$ git clone https://github.com/devanshbatham/FavFreak
$ cd FavFreak
$ virtualenv -p python3 env
$ source env/bin/activate
$ python3 -m pip install mmh3
$ cat urls.txt | python3 favfreak.py 

Example Run :

Note : URLs must begin with either http or https

$ cat urls.txt
https://example.com
https://test-example.com
http://hack-example.com
.. .. .. .. 
.. .. .. .. 
AND SO ON 

$ cat urls.txt | python3 favfreak.py -o output

Fetching /favicon.ico and generating hashes :

enter image description here

Subdomains/IPs Sorted according to their Favicon hashes :

favicon hashes

FingerPrint Based favicon Hash detection :

enter image description here

Fingerprint dictionary looks like this : enter image description here

Add your own fingerprints

Edit favfreak.py , you will find a dictionary named 'fingerprint' , 
Add your fingerprints in that dictionary !

Contact

Shoot my DM : @0xAsm0d3us

Want to support my work?

If you think my work has added some value to your existing knowledge, then you can Buy me a Coffee here (and who doesn't loves a good cup of coffee?')

name

Related Awesome Lists
Top Programming Languages
Top Projects

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Python (808,558
Dictionary (11,803
Hash (11,340
Hacking (7,732
Fingerprint (2,172
Subdomain (1,994
Ips (1,721
Osint (1,138
Favicon (1,079
Recon (892
Reconnaissance (589
Web Security (410
Information Gathering (376
Bughunting (57
Webappsec (22