Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/gwen001/favicon-hashtrick
Python script implementing the favicon hash trick to find subdomains.
https://github.com/gwen001/favicon-hashtrick
bugbounty favicon pentesting python security-tools shodan
Last synced: 6 days ago
JSON representation
Python script implementing the favicon hash trick to find subdomains.
- Host: GitHub
- URL: https://github.com/gwen001/favicon-hashtrick
- Owner: gwen001
- License: mit
- Created: 2022-11-08T15:57:32.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2023-03-28T15:47:46.000Z (over 1 year ago)
- Last Synced: 2024-06-21T18:14:08.596Z (5 months ago)
- Topics: bugbounty, favicon, pentesting, python, security-tools, shodan
- Language: Python
- Homepage:
- Size: 786 KB
- Stars: 26
- Watchers: 2
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE.md
Awesome Lists containing this project
README
favicon-hashtrick
Returns the hash of a given favicon file and performs search on Shodan to discover IPs and subdomains.
---
## Description
This Python tool calculates the hash of a given image (a favicon file or url) and then performs a search on Shodan to find webapps that use the same favicon.
This is very useful to find subdomains during the recon process.
## Install
```
git clone https://github.com/gwen001/favicon-hashtrick
cd favicon-hashtrick
pip3 install -r requirements.txt
```
## Usage
```
$ python3 favicon-hashtrick.py -f
$ python3 favicon-hashtrick.py -k xxxxxxxxxxxxxxxxxxxxx -v ip_str,hostnames -u
```
```
usage: favicon-hashtrick.py [-h] [-b FAVFILE64] [-f FAVFILE] [-u FAVURL] [-k SHOKEY] [-v VALUES] [-s]
options:
-h, --help show this help message and exit
-b FAVFILE64, --favfile64 FAVFILE64
favicon source file (base64 format)
-f FAVFILE, --favfile FAVFILE
favicon source file
-u FAVURL, --favurl FAVURL
favicon source url
-k SHOKEY, --shokey SHOKEY
Shodan API key
-v VALUES, --values VALUES
values you want separated by comma, default: ip _str, can by: ip_str,http,data,domains,hash,ssl,timestamp,asn,_shodan,transport,os,isp,port,org,ip,tags,hostnames,location
-s, --silent silent mode, only results displayed
```
---
---
Feel free to [open an issue](/../../issues/) if you have any problem with the script.