Skip to content

Instantly share code, notes, and snippets.

@Techbrunch
Created December 2, 2019 15:22

Revisions

  1. Techbrunch renamed this gist Dec 2, 2019. 1 changed file with 2 additions and 1 deletion.
    3 changes: 2 additions & 1 deletion favicon.rb → favicon-shodan.rb
    Original file line number Diff line number Diff line change
    @@ -65,4 +65,5 @@ def check_for_html_tag
    favicon = Favicon.new(ARGV[0])
    puts favicon.uri
    puts favicon.host
    puts favicon.mmh3
    puts favicon.mmh3
    puts "https://www.shodan.io/search?query=http.favicon.hash%3A" + favicon.mmh3.to_s
  2. Techbrunch created this gist Dec 2, 2019.
    68 changes: 68 additions & 0 deletions favicon.rb
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,68 @@
    # Initial code by Matt Harzewski
    # https://gist.github.com/mattvh/6692349
    # Read more: http://www.webmaster-source.com/2013/09/25/finding-a-websites-favicon-with-ruby/
    # https://github.com/hajimes/mmh3

    require "httparty"
    require "nokogiri"
    require "base64"
    require "murmurhash3"

    class Favicon

    attr_reader :host
    attr_reader :uri
    attr_reader :base64
    attr_reader :mmh3


    def initialize(host)
    @host = host
    check_for_ico_file
    check_for_html_tag
    end


    # Check /favicon.ico
    def check_for_ico_file
    uri = URI::HTTP.build({:host => @host, :path => '/favicon.ico'}).to_s
    res = HTTParty.get(uri)
    if res.code == 200
    # TIL: In python there is a newline every 76 characters and it end with a newline
    @base64 = Base64.strict_encode64(res.body).gsub!(/.{76}(?=.)/, '\0'+"\n") + "\n"
    @uri = uri
    # Needs to be signed
    @mmh3 = [MurmurHash3::V32.str_hash(@base64)].pack('L').unpack('l').first
    end
    end


    # Check "shortcut icon" tag
    def check_for_html_tag
    uri = URI::HTTP.build({:host => @host, :path => '/'}).to_s
    res = HTTParty.get(uri)
    doc = Nokogiri::HTML(res)
    doc.xpath('//link[@rel="shortcut icon"]').each do |tag|
    taguri = URI(tag['href'])
    unless taguri.host.to_s.length < 1
    iconuri = taguri.to_s
    else
    iconuri = URI.join(uri, taguri).to_s
    end
    res = HTTParty.get(iconuri)
    if res.code == 200
    # TIL: In python there is a newline every 76 characters and it end with a newline
    @base64 = Base64.strict_encode64(res.body).gsub!(/.{76}(?=.)/, '\0'+"\n") + "\n"
    @uri = iconuri
    # Needs to be signed
    @mmh3 = [MurmurHash3::V32.str_hash(@base64)].pack('L').unpack('l').first
    end
    end
    end

    end

    favicon = Favicon.new(ARGV[0])
    puts favicon.uri
    puts favicon.host
    puts favicon.mmh3