Reconfavicon - Automated Hash generator for favicons

by sumanrox 8 months ago

GNU/Linux ◆ xterm-256color ◆ zsh 311 views

reconfavicon - Advanced Favicon Reconnaissance Tool

Languages used

reconfavicon is an advanced Favicon Investigation Toolkit designed to analyze and gather information about website favicons.

😎 About

reconfavicon is a powerful tool for investigating website favicons. It extracts and analyzes favicon data, including MD5 and MMH3 hashes. The tool allows searching for these hashes in online databases and provides queries for Shodan and ZoomEye to further investigate websites using these favicons.

💯 Features

🚀 🥵 Extract MD5 and MMH3 hashes of favicons

🔥 👀 Search for favicon hashes in online databases

🔐 🔑 Generate queries for Shodan and ZoomEye

🥳 🎊 Multiple url support via files, generates mmh3 and md5 hashes for now (no analysis)

🎉 🚀 Faster execution via multi-threading

Getting Started

🚀 Installation

One line install command

curl -sL https://raw.githubusercontent.com/sumanrox/reconfavicon/main/install.sh | sudo bash

Make an alias (zsh)

# Create alias in ~/.zshrc or inside ~/.bashrc
alias reconfavicon="python3 /opt/reconfavicon/reconfavicon.py"

Source it
```
source ~/.zshrc
# Or
source ~/.bashrc
```

⚠️ Caution

The installer makes /var/opt/reconfavicon/shared folder writeable for everyone
You may want to take the ownership rather than giving it root privileges

Remedy

sudo chown -R $(whoami) /opt/reconfavicon
chmod 700 /opt/reconfavicon/shared

📡 Usage

For doing recon on single target
```
reconfavicon -u https://example.com
```
For doing recon on multiple targets, (Generates a CSV File)
```
reconfavicon -f urls.txt
```

More parameters

  -h, --help            show this help message and exit
  --url URL, -u URL     Server URL or IP, eg : http://example.com
  --port PORT, -p PORT  Server Port, eg: 8080
  --no-banner, -n       Prevents the Banner from loading
  --file URLLISTS, -f URLLISTS
                        File containing list of urls, fetches only hashes, will ignore other switches
  --threads THREADS, -t THREADS
                        Used with -f switch, will ignore other switches # (Default 20 Threads)
  --update, -up         Update Lookup Table

🚧 Uninstall

Very simple uninstallation process

sudo rm /usr/local/bin/reconfavicon -rf

Remove the alias from bashrc

alias reconfavicon="python3 /usr/local/bin/reconfavicon/reconfavicon.py"

🏗️ Contributing

Contributions are welcome! If you have any improvements or suggestions, feel free to open an issue or create a pull request.

🪪 License

This project is licensed under the MIT License

Made with ❤️ by Suman Roy

More by sumanrox

Side Quest 3 Automated Exploit - Vim to RCE by Team Snowmen 00:33

by sumanrox 8 months ago

Side Quest 4 Automated Exploit - SQLi to SSRF to Root RCE by Team Snowmen 00:43

by sumanrox 8 months ago

ISITUP - Rapid probing domains 00:57

by sumanrox 8 months ago

Get the Side Quest 2 Flags from exploiting a webcam running ARM Processor, via Remote Code Execution 01:03

by sumanrox 8 months ago

See all

You can download this recording in asciicast v2 format, as a .cast file.

Download

Replay in terminal

You can replay the downloaded recording in your terminal using the asciinema play command:

asciinema play 630811.cast

If you don't have asciinema CLI installed then see installation instructions.

Use with stand-alone player on your website

Download asciinema player from the releases page (you only need .js and .css file), then use it like this:

<!DOCTYPE html>
<html>
<head>
  <link rel="stylesheet" type="text/css" href="asciinema-player.css" />
</head>
<body>
  <div id="player"></div>
  <script src="asciinema-player.min.js"></script>
  <script>
    AsciinemaPlayer.create(
      '/assets/630811.cast',
      document.getElementById('player'),
      { cols: 148, rows: 24 }
    );
  </script>
</body>
</html>

See asciinema player quick-start guide for full usage instructions.

While this site doesn't provide GIF conversion at the moment, you can still do it yourself with the help of asciinema GIF generator utility - agg.

Once you have it installed, generate a GIF with the following command:

agg https://asciinema.org/a/630811 demo.gif

Or, if you already downloaded the recording file:

agg demo.cast demo.gif

Check agg --help for all available options. You can change font family and size, select color theme, adjust speed and more.

See agg manual for full usage instructions.

Reconfavicon - Automated Hash generator for favicons

reconfavicon - Advanced Favicon Reconnaissance Tool

Languages used

version - 2024

Table of Contents

😎 About

💯 Features

🚀 🥵 Extract MD5 and MMH3 hashes of favicons

🔥 👀 Search for favicon hashes in online databases

🔐 🔑 Generate queries for Shodan and ZoomEye

🥳 🎊 Multiple url support via files, generates mmh3 and md5 hashes for now (no analysis)

🎉 🚀 Faster execution via multi-threading

Getting Started

🚀 Installation

One line install command

Make an alias (zsh)

Source it

⚠️ Caution

Remedy

📡 Usage

For doing recon on single target

For doing recon on multiple targets, (Generates a CSV File)

More parameters

🚧 Uninstall

🏗️ Contributing

🪪 License

Made with ❤️ by Suman Roy

More by sumanrox

Side Quest 3 Automated Exploit - Vim to RCE by Team Snowmen 00:33

Side Quest 4 Automated Exploit - SQLi to SSRF to Root RCE by Team Snowmen 00:43

ISITUP - Rapid probing domains 00:57

Get the Side Quest 2 Flags from exploiting a webcam running ARM Processor, via Remote Code Execution 01:03