Vlakto, Have you checked the Nikto db_favicon file? It contains a few fingerprints. Get first auth. from the Nikto project.
Cheers, -- Raul Siles www.raulsiles.com On Fri, Oct 16, 2009 at 5:50 PM, Vlatko Kosturjak <k...@linux.hr> wrote: > Andres Riancho wrote: >> >> I love this plugin! I loved the idea when you told me about it in >> France, and I love it much more now that I see how simple the code is. > > Thanks, it was great to meet you at Besancon. > >> These are the things I modified in the plugin before commiting it to >> the trunk: >> - There were lines with tab indentation instead of the PEP-8 >> recommended 4-space indentation. I changed them. > > OK. Now, I know what you prefer for patches. > >> - Changed the reporting a little bit. Now an information object is >> only saved to the kb if the favicon.ico is actually identified. > > I had different idea. Usually, assessor/tester of the target site should be > aware if there's favicon there. Maybe we could not identify it > automatically, but assessor could see that there is favicon.ico, so he can > see it visually and get some clue about the website/CMS/... As it tests for > 404, it will display only existing favicon.ico. > Also, it would ease the contribution of MD5 back to the project... > It's my point of view which could be wrong... > >> - Removed the unused "self._fuzzableRequests = []" and "dirs = []" > > There's few things to implement in future versions. First of all, support > for different dirs. i.e. on single web site, there could be different > software versions, e.g.: > http://website/phpbb > http://website/drupal > So, it would be good to have it run after the crawler, so it can identify > different versions. Here I would need your help. Also, > it would be good to implement parsing of <link rel icon> tag, so plugin can > identify favicon.ico in not-usual locations... > >> - I added a test script named >> "scripts/script-favicon_identification.w3af" that helps test the >> plugin you created by running "./w3af_console -s >> scripts/script-favicon_identification.w3af" > > Just checked it and i'm sending patch to fix it as it has some leftovers. > >> To sum up, I did nothing and you did a great job ;) If you perform a >> "svn up" of w3af's trunk, you'll find your plugin there. > > Thanks. I plan and hope I will contribute more (plugins & code). > >>> In order to learn more about it to, refer to: >>> http://kost.com.hr/favicon.phpiimplement mplement > > My error, link should be: http://kost.com.hr/favicon.php > >> I see that you guys are trying to expand this database by running >> "Internet wide" scans. I have a server that could be used for this >> purpose, if you send me a couple of commands that you need me to run, >> I'll be more than happy to run them and then send you the response. >> Maybe you could assign me the address range for Argentina, Chile, >> Uruguay, Bolivia and Paraguay, and I would the results back to you? > > Sure. As I have donated all my work to OWASP and we're just building it as > OWASP project, feel free to join the mailing list at: > https://lists.owasp.org/mailman/listinfo/owasp-favicon-database > > Current process of crawling is described here: > http://www.owasp.org/index.php/OWASP_favicon_database_crawl > ...and scripts can be downloaded here: > http://kost.com.hr/favicon.php > > Although, I'm not sure that we can separate it per country (in terms of nmap > -iR), but any idea on performing the internet wide survey is welcomed! > >> Thank you for supporting w3af, and other open source projects like >> openvas and nessus! > > You're welcome. As we talk about OpenVAS, maybe it's good time and place to > ask about it. My plan is to write OpenVAS NVT (NASL) script which would run > w3af automatically if http(s) port(s) is found (similar to nikto NASL > plugin). I think this mailing list is best place (and you Andres) to ask > what is the best command line for w3af for automatic vulnerability > discovery? i.e. so NASL can launch w3af and parse the results and report it > through standard OpenVAS reporting mechanism. Any help would be appreciated. > > Also if you (or anyone else) have some ideas about other OpenVAS<=>w3af > cooperation/partnership, let me know! > > Kost > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > > ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
