How about starting an OWASP project on this? OWASP is a nice neutral 3rd party.
OWASP already has a wiki where anyone can add hashes to the list. About all the project lead would need to do is set a watch on that page and re-generate archive of the list after any new ones are added or you could just scrape that wiki page. The printable view would be cake to scrape. My 2 cents. - -- Matt Tesauro OWASP Live CD Project Lead http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project http://AppSecLive.org - Community and Download site On Mon, 2009-11-23 at 17:24 -0300, Andres Riancho wrote: > Vlatko, > > On Mon, Nov 23, 2009 at 4:26 PM, Ulises2k <ulise...@gmail.com> wrote: > > more md5´s > > > > http://nmap.org/nsedoc/scripts/http-favicon.html > > http://nmap.org/svn/nselib/data/favicon-db > > I think that you should somehow centralize the efforts to keep an > updated database. If every piece of software keeps its own database, > we'll be wasting our times. What do you think about keeping it in your > website, and then everybody can download the latest from there? > > Cheers, > > > > > On Thu, Oct 22, 2009 at 12:29, Ulises2k <ulise...@gmail.com> wrote: > >> > >> I found the same md5sum as the following one in Plex Favicon: > >> - dcea02a5797ce9e36f19b7590752563e:Apache (seen on CentOS/Debian/Fedora) > >> > >> Plex Favicon: > >> $ wget https://plesk86.demo.parallels.com:8443/favicon.ico > >> --no-check-certificate > >> $ md5sum favicon.ico > >> dcea02a5797ce9e36f19b7590752563e favicon.ico > >> > >> Can you check if the md5sum of the Apache favicon is ok? > >> > >> > >> On Thu, Oct 22, 2009 at 07:06, Raul Siles <raul.si...@gmail.com> wrote: > >> > Vlakto, > >> > Have you checked the Nikto db_favicon file? It contains a few > >> > fingerprints. > >> > Get first auth. from the Nikto project. > >> > > >> > Cheers, > >> > -- > >> > Raul Siles > >> > www.raulsiles.com > >> > > >> > > >> > > >> > On Fri, Oct 16, 2009 at 5:50 PM, Vlatko Kosturjak <k...@linux.hr> wrote: > >> >> Andres Riancho wrote: > >> >>> > >> >>> I love this plugin! I loved the idea when you told me about it in > >> >>> France, and I love it much more now that I see how simple the code is. > >> >> > >> >> Thanks, it was great to meet you at Besancon. > >> >> > >> >>> These are the things I modified in the plugin before commiting it to > >> >>> the trunk: > >> >>> - There were lines with tab indentation instead of the PEP-8 > >> >>> recommended 4-space indentation. I changed them. > >> >> > >> >> OK. Now, I know what you prefer for patches. > >> >> > >> >>> - Changed the reporting a little bit. Now an information object is > >> >>> only saved to the kb if the favicon.ico is actually identified. > >> >> > >> >> I had different idea. Usually, assessor/tester of the target site > >> >> should be > >> >> aware if there's favicon there. Maybe we could not identify it > >> >> automatically, but assessor could see that there is favicon.ico, so he > >> >> can > >> >> see it visually and get some clue about the website/CMS/... As it tests > >> >> for > >> >> 404, it will display only existing favicon.ico. > >> >> Also, it would ease the contribution of MD5 back to the project... > >> >> It's my point of view which could be wrong... > >> >> > >> >>> - Removed the unused "self._fuzzableRequests = []" and "dirs = []" > >> >> > >> >> There's few things to implement in future versions. First of all, > >> >> support > >> >> for different dirs. i.e. on single web site, there could be different > >> >> software versions, e.g.: > >> >> http://website/phpbb > >> >> http://website/drupal > >> >> So, it would be good to have it run after the crawler, so it can > >> >> identify > >> >> different versions. Here I would need your help. Also, > >> >> it would be good to implement parsing of <link rel icon> tag, so plugin > >> >> can > >> >> identify favicon.ico in not-usual locations... > >> >> > >> >>> - I added a test script named > >> >>> "scripts/script-favicon_identification.w3af" that helps test the > >> >>> plugin you created by running "./w3af_console -s > >> >>> scripts/script-favicon_identification.w3af" > >> >> > >> >> Just checked it and i'm sending patch to fix it as it has some > >> >> leftovers. > >> >> > >> >>> To sum up, I did nothing and you did a great job ;) If you perform a > >> >>> "svn up" of w3af's trunk, you'll find your plugin there. > >> >> > >> >> Thanks. I plan and hope I will contribute more (plugins & code). > >> >> > >> >>>> In order to learn more about it to, refer to: > >> >>>> http://kost.com.hr/favicon.phpiimplement mplement > >> >> > >> >> My error, link should be: http://kost.com.hr/favicon.php > >> >> > >> >>> I see that you guys are trying to expand this database by running > >> >>> "Internet wide" scans. I have a server that could be used for this > >> >>> purpose, if you send me a couple of commands that you need me to run, > >> >>> I'll be more than happy to run them and then send you the response. > >> >>> Maybe you could assign me the address range for Argentina, Chile, > >> >>> Uruguay, Bolivia and Paraguay, and I would the results back to you? > >> >> > >> >> Sure. As I have donated all my work to OWASP and we're just building > >> >> it as > >> >> OWASP project, feel free to join the mailing list at: > >> >> https://lists.owasp.org/mailman/listinfo/owasp-favicon-database > >> >> > >> >> Current process of crawling is described here: > >> >> http://www.owasp.org/index.php/OWASP_favicon_database_crawl > >> >> ...and scripts can be downloaded here: > >> >> http://kost.com.hr/favicon.php > >> >> > >> >> Although, I'm not sure that we can separate it per country (in terms of > >> >> nmap > >> >> -iR), but any idea on performing the internet wide survey is welcomed! > >> >> > >> >>> Thank you for supporting w3af, and other open source projects like > >> >>> openvas and nessus! > >> >> > >> >> You're welcome. As we talk about OpenVAS, maybe it's good time and > >> >> place to > >> >> ask about it. My plan is to write OpenVAS NVT (NASL) script which would > >> >> run > >> >> w3af automatically if http(s) port(s) is found (similar to nikto NASL > >> >> plugin). I think this mailing list is best place (and you Andres) to > >> >> ask > >> >> what is the best command line for w3af for automatic vulnerability > >> >> discovery? i.e. so NASL can launch w3af and parse the results and > >> >> report it > >> >> through standard OpenVAS reporting mechanism. Any help would be > >> >> appreciated. > >> >> > >> >> Also if you (or anyone else) have some ideas about other OpenVAS<=>w3af > >> >> cooperation/partnership, let me know! > >> >> > >> >> Kost > >> >> > >> >> > >> >> ------------------------------------------------------------------------------ > >> >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA > >> >> is the only developer event you need to attend this year. Jumpstart > >> >> your > >> >> developing skills, take BlackBerry mobile applications to market and > >> >> stay > >> >> ahead of the curve. Join us from November 9 - 12, 2009. Register now! > >> >> http://p.sf.net/sfu/devconference > >> >> _______________________________________________ > >> >> W3af-develop mailing list > >> >> W3af-develop@lists.sourceforge.net > >> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop > >> >> > >> >> > >> > > >> > > >> > ------------------------------------------------------------------------------ > >> > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > >> > is the only developer event you need to attend this year. Jumpstart your > >> > developing skills, take BlackBerry mobile applications to market and > >> > stay > >> > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > >> > http://p.sf.net/sfu/devconference > >> > _______________________________________________ > >> > W3af-develop mailing list > >> > W3af-develop@lists.sourceforge.net > >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop > >> > > >> > >> > >> > >> -- > >> -- > >> Ulises U. Cuñé > >> Web: http://www.ulises2k.com.ar > >> > > > > > > > > -- > > Ulises U. Cuñé > > Web: http://www.ulises2k.com.ar > > > > ------------------------------------------------------------------------------ > > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > > trial. Simplify your report design, integration and deployment - and focus > > on > > what you do best, core application coding. Discover what's new with > > Crystal Reports now. http://p.sf.net/sfu/bobj-july > > _______________________________________________ > > W3af-develop mailing list > > W3af-develop@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/w3af-develop > > > > > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
