more md5´s
http://nmap.org/nsedoc/scripts/http-favicon.html
http://nmap.org/svn/nselib/data/favicon-db
On Thu, Oct 22, 2009 at 12:29, Ulises2k <ulise...@gmail.com> wrote:
> I found the same md5sum as the following one in Plex Favicon:
> - dcea02a5797ce9e36f19b7590752563e:Apache (seen on CentOS/Debian/Fedora)
>
> Plex Favicon:
> $ wget
> https://plesk86.demo.parallels.com:8443/favicon.ico--no-check-certificate
> $ md5sum favicon.ico
> dcea02a5797ce9e36f19b7590752563e favicon.ico
>
> Can you check if the md5sum of the Apache favicon is ok?
>
>
>
> On Thu, Oct 22, 2009 at 07:06, Raul Siles <raul.si...@gmail.com> wrote:
> > Vlakto,
> > Have you checked the Nikto db_favicon file? It contains a few
> fingerprints.
> > Get first auth. from the Nikto project.
> >
> > Cheers,
> > --
> > Raul Siles
> > www.raulsiles.com
> >
> >
> >
> > On Fri, Oct 16, 2009 at 5:50 PM, Vlatko Kosturjak <k...@linux.hr> wrote:
> >> Andres Riancho wrote:
> >>>
> >>> I love this plugin! I loved the idea when you told me about it in
> >>> France, and I love it much more now that I see how simple the code is.
> >>
> >> Thanks, it was great to meet you at Besancon.
> >>
> >>> These are the things I modified in the plugin before commiting it to
> >>> the trunk:
> >>> - There were lines with tab indentation instead of the PEP-8
> >>> recommended 4-space indentation. I changed them.
> >>
> >> OK. Now, I know what you prefer for patches.
> >>
> >>> - Changed the reporting a little bit. Now an information object is
> >>> only saved to the kb if the favicon.ico is actually identified.
> >>
> >> I had different idea. Usually, assessor/tester of the target site should
> be
> >> aware if there's favicon there. Maybe we could not identify it
> >> automatically, but assessor could see that there is favicon.ico, so he
> can
> >> see it visually and get some clue about the website/CMS/... As it tests
> for
> >> 404, it will display only existing favicon.ico.
> >> Also, it would ease the contribution of MD5 back to the project...
> >> It's my point of view which could be wrong...
> >>
> >>> - Removed the unused "self._fuzzableRequests = []" and "dirs = []"
> >>
> >> There's few things to implement in future versions. First of all,
> support
> >> for different dirs. i.e. on single web site, there could be different
> >> software versions, e.g.:
> >> http://website/phpbb
> >> http://website/drupal
> >> So, it would be good to have it run after the crawler, so it can
> identify
> >> different versions. Here I would need your help. Also,
> >> it would be good to implement parsing of <link rel icon> tag, so plugin
> can
> >> identify favicon.ico in not-usual locations...
> >>
> >>> - I added a test script named
> >>> "scripts/script-favicon_identification.w3af" that helps test the
> >>> plugin you created by running "./w3af_console -s
> >>> scripts/script-favicon_identification.w3af"
> >>
> >> Just checked it and i'm sending patch to fix it as it has some
> leftovers.
> >>
> >>> To sum up, I did nothing and you did a great job ;) If you perform a
> >>> "svn up" of w3af's trunk, you'll find your plugin there.
> >>
> >> Thanks. I plan and hope I will contribute more (plugins & code).
> >>
> >>>> In order to learn more about it to, refer to:
> >>>> http://kost.com.hr/favicon.phpiimplement mplement
> >>
> >> My error, link should be: http://kost.com.hr/favicon.php
> >>
> >>> I see that you guys are trying to expand this database by running
> >>> "Internet wide" scans. I have a server that could be used for this
> >>> purpose, if you send me a couple of commands that you need me to run,
> >>> I'll be more than happy to run them and then send you the response.
> >>> Maybe you could assign me the address range for Argentina, Chile,
> >>> Uruguay, Bolivia and Paraguay, and I would the results back to you?
> >>
> >> Sure. As I have donated all my work to OWASP and we're just building it
> as
> >> OWASP project, feel free to join the mailing list at:
> >> https://lists.owasp.org/mailman/listinfo/owasp-favicon-database
> >>
> >> Current process of crawling is described here:
> >> http://www.owasp.org/index.php/OWASP_favicon_database_crawl
> >> ...and scripts can be downloaded here:
> >> http://kost.com.hr/favicon.php
> >>
> >> Although, I'm not sure that we can separate it per country (in terms of
> nmap
> >> -iR), but any idea on performing the internet wide survey is welcomed!
> >>
> >>> Thank you for supporting w3af, and other open source projects like
> >>> openvas and nessus!
> >>
> >> You're welcome. As we talk about OpenVAS, maybe it's good time and place
> to
> >> ask about it. My plan is to write OpenVAS NVT (NASL) script which would
> run
> >> w3af automatically if http(s) port(s) is found (similar to nikto NASL
> >> plugin). I think this mailing list is best place (and you Andres) to ask
> >> what is the best command line for w3af for automatic vulnerability
> >> discovery? i.e. so NASL can launch w3af and parse the results and report
> it
> >> through standard OpenVAS reporting mechanism. Any help would be
> appreciated.
> >>
> >> Also if you (or anyone else) have some ideas about other OpenVAS<=>w3af
> >> cooperation/partnership, let me know!
> >>
> >> Kost
> >>
> >>
> ------------------------------------------------------------------------------
> >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> >> is the only developer event you need to attend this year. Jumpstart your
> >> developing skills, take BlackBerry mobile applications to market and
> stay
> >> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> >> http://p.sf.net/sfu/devconference
> >> _______________________________________________
> >> W3af-develop mailing list
> >> W3af-develop@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >>
> >>
> >
> >
> ------------------------------------------------------------------------------
> > Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> > is the only developer event you need to attend this year. Jumpstart your
> > developing skills, take BlackBerry mobile applications to market and stay
> > ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> > http://p.sf.net/sfu/devconference
> > _______________________________________________
> > W3af-develop mailing list
> > W3af-develop@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
> >
>
>
>
> --
> --
> Ulises U. Cuñé
> Web: http://www.ulises2k.com.ar
>
>
--
Ulises U. Cuñé
Web: http://www.ulises2k.com.ar
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
