Matt, On Mon, Nov 23, 2009 at 5:30 PM, Matt Tesauro <mtesa...@gmail.com> wrote: > How about starting an OWASP project on this? OWASP is a nice neutral > 3rd party.
I agree, that could be a nice idea. > OWASP already has a wiki where anyone can add hashes to the list. +1 > About all the project lead would need to do is set a watch on that page > and re-generate archive of the list after any new ones are added > or > you could just scrape that wiki page. The printable view would be cake > to scrape. +1, but "the creator" of the favicon thing is Vlatko, and he should be the one that decides what to do with that, Cheers, > My 2 cents. > > - > -- Matt Tesauro > OWASP Live CD Project Lead > http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project > http://AppSecLive.org - Community and Download site > > > On Mon, 2009-11-23 at 17:24 -0300, Andres Riancho wrote: >> Vlatko, >> >> On Mon, Nov 23, 2009 at 4:26 PM, Ulises2k <ulise...@gmail.com> wrote: >> > more md5´s >> > >> > http://nmap.org/nsedoc/scripts/http-favicon.html >> > http://nmap.org/svn/nselib/data/favicon-db >> >> I think that you should somehow centralize the efforts to keep an >> updated database. If every piece of software keeps its own database, >> we'll be wasting our times. What do you think about keeping it in your >> website, and then everybody can download the latest from there? >> >> Cheers, >> >> > >> > On Thu, Oct 22, 2009 at 12:29, Ulises2k <ulise...@gmail.com> wrote: >> >> >> >> I found the same md5sum as the following one in Plex Favicon: >> >> - dcea02a5797ce9e36f19b7590752563e:Apache (seen on CentOS/Debian/Fedora) >> >> >> >> Plex Favicon: >> >> $ wget https://plesk86.demo.parallels.com:8443/favicon.ico >> >> --no-check-certificate >> >> $ md5sum favicon.ico >> >> dcea02a5797ce9e36f19b7590752563e favicon.ico >> >> >> >> Can you check if the md5sum of the Apache favicon is ok? >> >> >> >> >> >> On Thu, Oct 22, 2009 at 07:06, Raul Siles <raul.si...@gmail.com> wrote: >> >> > Vlakto, >> >> > Have you checked the Nikto db_favicon file? It contains a few >> >> > fingerprints. >> >> > Get first auth. from the Nikto project. >> >> > >> >> > Cheers, >> >> > -- >> >> > Raul Siles >> >> > www.raulsiles.com >> >> > >> >> > >> >> > >> >> > On Fri, Oct 16, 2009 at 5:50 PM, Vlatko Kosturjak <k...@linux.hr> wrote: >> >> >> Andres Riancho wrote: >> >> >>> >> >> >>> I love this plugin! I loved the idea when you told me about it in >> >> >>> France, and I love it much more now that I see how simple the code is. >> >> >> >> >> >> Thanks, it was great to meet you at Besancon. >> >> >> >> >> >>> These are the things I modified in the plugin before commiting it to >> >> >>> the trunk: >> >> >>> - There were lines with tab indentation instead of the PEP-8 >> >> >>> recommended 4-space indentation. I changed them. >> >> >> >> >> >> OK. Now, I know what you prefer for patches. >> >> >> >> >> >>> - Changed the reporting a little bit. Now an information object is >> >> >>> only saved to the kb if the favicon.ico is actually identified. >> >> >> >> >> >> I had different idea. Usually, assessor/tester of the target site >> >> >> should be >> >> >> aware if there's favicon there. Maybe we could not identify it >> >> >> automatically, but assessor could see that there is favicon.ico, so he >> >> >> can >> >> >> see it visually and get some clue about the website/CMS/... As it tests >> >> >> for >> >> >> 404, it will display only existing favicon.ico. >> >> >> Also, it would ease the contribution of MD5 back to the project... >> >> >> It's my point of view which could be wrong... >> >> >> >> >> >>> - Removed the unused "self._fuzzableRequests = []" and "dirs = []" >> >> >> >> >> >> There's few things to implement in future versions. First of all, >> >> >> support >> >> >> for different dirs. i.e. on single web site, there could be different >> >> >> software versions, e.g.: >> >> >> http://website/phpbb >> >> >> http://website/drupal >> >> >> So, it would be good to have it run after the crawler, so it can >> >> >> identify >> >> >> different versions. Here I would need your help. Also, >> >> >> it would be good to implement parsing of <link rel icon> tag, so plugin >> >> >> can >> >> >> identify favicon.ico in not-usual locations... >> >> >> >> >> >>> - I added a test script named >> >> >>> "scripts/script-favicon_identification.w3af" that helps test the >> >> >>> plugin you created by running "./w3af_console -s >> >> >>> scripts/script-favicon_identification.w3af" >> >> >> >> >> >> Just checked it and i'm sending patch to fix it as it has some >> >> >> leftovers. >> >> >> >> >> >>> To sum up, I did nothing and you did a great job ;) If you perform a >> >> >>> "svn up" of w3af's trunk, you'll find your plugin there. >> >> >> >> >> >> Thanks. I plan and hope I will contribute more (plugins & code). >> >> >> >> >> >>>> In order to learn more about it to, refer to: >> >> >>>> http://kost.com.hr/favicon.phpiimplement mplement >> >> >> >> >> >> My error, link should be: http://kost.com.hr/favicon.php >> >> >> >> >> >>> I see that you guys are trying to expand this database by running >> >> >>> "Internet wide" scans. I have a server that could be used for this >> >> >>> purpose, if you send me a couple of commands that you need me to run, >> >> >>> I'll be more than happy to run them and then send you the response. >> >> >>> Maybe you could assign me the address range for Argentina, Chile, >> >> >>> Uruguay, Bolivia and Paraguay, and I would the results back to you? >> >> >> >> >> >> Sure. As I have donated all my work to OWASP and we're just building >> >> >> it as >> >> >> OWASP project, feel free to join the mailing list at: >> >> >> https://lists.owasp.org/mailman/listinfo/owasp-favicon-database >> >> >> >> >> >> Current process of crawling is described here: >> >> >> http://www.owasp.org/index.php/OWASP_favicon_database_crawl >> >> >> ...and scripts can be downloaded here: >> >> >> http://kost.com.hr/favicon.php >> >> >> >> >> >> Although, I'm not sure that we can separate it per country (in terms of >> >> >> nmap >> >> >> -iR), but any idea on performing the internet wide survey is welcomed! >> >> >> >> >> >>> Thank you for supporting w3af, and other open source projects like >> >> >>> openvas and nessus! >> >> >> >> >> >> You're welcome. As we talk about OpenVAS, maybe it's good time and >> >> >> place to >> >> >> ask about it. My plan is to write OpenVAS NVT (NASL) script which would >> >> >> run >> >> >> w3af automatically if http(s) port(s) is found (similar to nikto NASL >> >> >> plugin). I think this mailing list is best place (and you Andres) to >> >> >> ask >> >> >> what is the best command line for w3af for automatic vulnerability >> >> >> discovery? i.e. so NASL can launch w3af and parse the results and >> >> >> report it >> >> >> through standard OpenVAS reporting mechanism. Any help would be >> >> >> appreciated. >> >> >> >> >> >> Also if you (or anyone else) have some ideas about other OpenVAS<=>w3af >> >> >> cooperation/partnership, let me know! >> >> >> >> >> >> Kost >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA >> >> >> is the only developer event you need to attend this year. Jumpstart >> >> >> your >> >> >> developing skills, take BlackBerry mobile applications to market and >> >> >> stay >> >> >> ahead of the curve. Join us from November 9 - 12, 2009. Register now! >> >> >> http://p.sf.net/sfu/devconference >> >> >> _______________________________________________ >> >> >> W3af-develop mailing list >> >> >> W3af-develop@lists.sourceforge.net >> >> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >> >> >> >> >> >> >> > >> >> > >> >> > ------------------------------------------------------------------------------ >> >> > Come build with us! The BlackBerry(R) Developer Conference in SF, CA >> >> > is the only developer event you need to attend this year. Jumpstart your >> >> > developing skills, take BlackBerry mobile applications to market and >> >> > stay >> >> > ahead of the curve. Join us from November 9 - 12, 2009. Register now! >> >> > http://p.sf.net/sfu/devconference >> >> > _______________________________________________ >> >> > W3af-develop mailing list >> >> > W3af-develop@lists.sourceforge.net >> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >> > >> >> >> >> >> >> >> >> -- >> >> -- >> >> Ulises U. Cuñé >> >> Web: http://www.ulises2k.com.ar >> >> >> > >> > >> > >> > -- >> > Ulises U. Cuñé >> > Web: http://www.ulises2k.com.ar >> > >> > ------------------------------------------------------------------------------ >> > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >> > trial. Simplify your report design, integration and deployment - and focus >> > on >> > what you do best, core application coding. Discover what's new with >> > Crystal Reports now. http://p.sf.net/sfu/bobj-july >> > _______________________________________________ >> > W3af-develop mailing list >> > W3af-develop@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop >> > >> > >> >> >> >> -- >> Andrés Riancho >> Founder, Bonsai - Information Security >> http://www.bonsai-sec.com/ >> http://w3af.sf.net/ >> >> ------------------------------------------------------------------------------ >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >> trial. Simplify your report design, integration and deployment - and focus on >> what you do best, core application coding. Discover what's new with >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> _______________________________________________ >> W3af-develop mailing list >> W3af-develop@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/w3af-develop > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop