├── .github └── FUNDING.yml ├── LICENSE.md ├── README.md ├── VERSION.md ├── favicon-hashtrick.py ├── preview.png └── requirements.txt /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: [gwen001] 4 | patreon: # Replace with a single Patreon username 5 | open_collective: # Replace with a single Open Collective username 6 | ko_fi: # Replace with a single Ko-fi username 7 | tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel 8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry 9 | liberapay: # Replace with a single Liberapay username 10 | issuehunt: # Replace with a single IssueHunt username 11 | otechie: # Replace with a single Otechie username 12 | custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] 13 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019-2022 Gwendal Le Coguic 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

favicon-hashtrick

2 | 3 |

Returns the hash of a given favicon file and performs search on Shodan to discover IPs and subdomains.

4 | 5 |

6 | python badge 7 | MIT license badge 8 | twitter badge 9 |

10 | 11 | 16 | 17 | --- 18 | 19 | ## Description 20 | 21 | This Python tool calculates the hash of a given image (a favicon file or url) and then performs a search on Shodan to find webapps that use the same favicon. 22 | This is very useful to find subdomains during the recon process. 23 | 24 | ## Install 25 | 26 | ``` 27 | git clone https://github.com/gwen001/favicon-hashtrick 28 | cd favicon-hashtrick 29 | pip3 install -r requirements.txt 30 | ``` 31 | 32 | ## Usage 33 | 34 | ``` 35 | $ python3 favicon-hashtrick.py -f 36 | $ python3 favicon-hashtrick.py -k xxxxxxxxxxxxxxxxxxxxx -v ip_str,hostnames -u 37 | ``` 38 | 39 | ``` 40 | usage: favicon-hashtrick.py [-h] [-b FAVFILE64] [-f FAVFILE] [-u FAVURL] [-k SHOKEY] [-v VALUES] [-s] 41 | 42 | options: 43 | -h, --help show this help message and exit 44 | -b FAVFILE64, --favfile64 FAVFILE64 45 | favicon source file (base64 format) 46 | -f FAVFILE, --favfile FAVFILE 47 | favicon source file 48 | -u FAVURL, --favurl FAVURL 49 | favicon source url 50 | -k SHOKEY, --shokey SHOKEY 51 | Shodan API key 52 | -v VALUES, --values VALUES 53 | values you want separated by comma, default: ip _str, can by: ip_str,http,data,domains,hash,ssl,timestamp,asn,_shodan,transport,os,isp,port,org,ip,tags,hostnames,location 54 | -s, --silent silent mode, only results displayed 55 | ``` 56 | 57 | --- 58 | 59 | 60 | 61 | --- 62 | 63 | Feel free to [open an issue](/../../issues/) if you have any problem with the script. 64 | 65 | -------------------------------------------------------------------------------- /VERSION.md: -------------------------------------------------------------------------------- 1 | 1.1.0 2 | -------------------------------------------------------------------------------- /favicon-hashtrick.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | # Reference: https://twitter.com/noneprivacy/status/1177629325266505728 4 | 5 | import re 6 | import sys 7 | import requests 8 | import base64 9 | import mmh3 10 | import argparse 11 | from shodan import Shodan 12 | from colored import fg, bg, attr 13 | 14 | 15 | # disable "InsecureRequestWarning: Unverified HTTPS request is being made." 16 | from requests.packages.urllib3.exceptions import InsecureRequestWarning 17 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 18 | 19 | 20 | def banner(): 21 | print(""" 22 | __ _ _ _ _ _ _ 23 | / _| __ ___ _(_) ___ ___ _ __ | |__ __ _ ___| |__ | |_ _ __(_) ___| | __ _ __ _ _ 24 | | |_ / _` \ \ / / |/ __/ _ \| '_ \ | '_ \ / _` / __| '_ \| __| '__| |/ __| |/ / | '_ \| | | | 25 | | _| (_| |\ V /| | (_| (_) | | | | | | | | (_| \__ \ | | | |_| | | | (__| < _ | |_) | |_| | 26 | |_| \__,_| \_/ |_|\___\___/|_| |_| |_| |_|\__,_|___/_| |_|\__|_| |_|\___|_|\_\ (_) | .__/ \__, | 27 | |_| |___/ 28 | 29 | by @gwendallecoguic 30 | 31 | """) 32 | pass 33 | 34 | 35 | def faviconHash( data, web ): 36 | if web: 37 | b64data = base64.encodebytes(data).decode() 38 | else: 39 | b64data = base64.encodebytes(data) 40 | 41 | b64data = base64.encodebytes(data).decode() 42 | return mmh3.hash(b64data) 43 | 44 | 45 | parser = argparse.ArgumentParser() 46 | parser.add_argument( "-b","--favfile64",help="favicon source file (base64 format)" ) 47 | parser.add_argument( "-f","--favfile",help="favicon source file" ) 48 | parser.add_argument( "-u","--favurl",help="favicon source url" ) 49 | parser.add_argument( "-k","--shokey",help="Shodan API key" ) 50 | parser.add_argument( "-v","--values",help="values you want separated by comma, default: ip _str, can by: ip_str,http,data,domains,hash,ssl,timestamp,asn,_shodan,transport,os,isp,port,org,ip,tags,hostnames,location" ) 51 | parser.add_argument( "-s","--silent",help="silent mode, only results displayed", action="store_true" ) 52 | 53 | parser.parse_args() 54 | args = parser.parse_args() 55 | 56 | if not args.silent: 57 | banner() 58 | 59 | if args.values: 60 | t_values = args.values.split(',') 61 | else: 62 | t_values = ['ip_str'] 63 | 64 | if args.shokey: 65 | shokey = args.shokey 66 | else: 67 | shokey = False 68 | 69 | if args.favfile64: 70 | favsource = args.favfile64 71 | data = open(favsource).read() 72 | data = data.replace( "\n", '' ) 73 | data = re.sub( 'data:.*;base64,', '', data ) 74 | data = base64.b64decode( data ) 75 | web_src = False 76 | 77 | if args.favfile: 78 | favsource = args.favfile 79 | data = open(favsource,'rb').read() 80 | web_src = False 81 | 82 | if args.favurl: 83 | favsource = args.favurl 84 | try: 85 | r = requests.get( favsource, timeout=3, verify=False ) 86 | except Exception as e: 87 | sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) 88 | exit() 89 | data = r.content 90 | web_src = True 91 | 92 | if not args.favfile64 and not args.favfile and not args.favurl: 93 | parser.error( 'missing favicon' ) 94 | 95 | if not args.silent: 96 | sys.stdout.write( '%s[+] load favicon source: %s%s\n' % (fg('green'),favsource,attr(0)) ) 97 | sys.stdout.write( '[+] favicon size: %d\n' % len(data) ) 98 | 99 | if not len(data): 100 | if not args.silent: 101 | sys.stdout.write( '%s[-] invalid favicon%s\n' % (fg('red'),attr(0)) ) 102 | exit() 103 | 104 | favhash = faviconHash( data, web_src ) 105 | if not args.silent: 106 | sys.stdout.write( '%s[+] hash calculated: %s%s\n' % (fg('green'),str(favhash),attr(0)) ) 107 | 108 | if shokey: 109 | shodan = Shodan( shokey ) 110 | search = 'http.favicon.hash:' + str(favhash) 111 | if not args.silent: 112 | sys.stdout.write( '[+] searching: %s\n' % search ) 113 | 114 | run = True 115 | total_results = 0 116 | current_results = 0 117 | current_page = 1 118 | 119 | while run: 120 | try: 121 | t_results = shodan.search( search, page=current_page ) 122 | # print(t_results['total']) 123 | # print(t_results) 124 | except Exception as e: 125 | sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) 126 | exit() 127 | 128 | if 'matches' in t_results: 129 | current_results = len(t_results['matches']) 130 | total_results = total_results + current_results 131 | 132 | for result in t_results['matches']: 133 | tmp = [] 134 | for v in t_values: 135 | if v in result: 136 | tmp.append( str(result[v]) ) 137 | else: 138 | tmp.append( '' ) 139 | # print( tmp ) 140 | sys.stdout.write( "%s\n" % ' - '.join(tmp) ) 141 | 142 | current_page = current_page + 1 143 | 144 | # yeah i know, it's supposed to be 100! 145 | if current_results < 90: 146 | run = False 147 | else: 148 | run = False 149 | 150 | if not args.silent: 151 | sys.stdout.write( '%s[+] %d results found%s\n' % (fg('green'),total_results,attr(0)) ) 152 | 153 | -------------------------------------------------------------------------------- /preview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gwen001/favicon-hashtrick/74005e1cf336296f11cac0ba36e1eab875aa455f/preview.png -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | argparse 2 | mmh3 3 | requests 4 | shodan 5 | colored 6 | --------------------------------------------------------------------------------