Merge pull request #340 from un-fmunozs/favicon

Recon using favicon
2020-08-24 12:02:00 +05:30 · 2020-08-24 12:02:00 +05:30 · 85065e916a
parent ff5777369d bd6b6bb7fc
commit 85065e916a
1 changed files with 71 additions and 0 deletions
--- a/technologies/favicon-detection.yaml
+++ b/technologies/favicon-detection.yaml
@ -0,0 +1,71 @@
+id: favicon-detection
+
+info:
+  name: favicon
+  author: un-fmunozs
+  severity: info
+
+  # 946,0488faca4c19046b94d07c3ee83cf9d6,springboot
+  # 2336,02f4db63a9cfb650c05ffd82956cbfd6,proxmox
+  # 21630,4644f2d45601037b8423d45e13194c93,tomcat
+  # 6518,3e7f8aa6768bba07751fe8570d7a244c,airwatch
+  # 30894,6eb4a43cb64c97f76562af703893c8fd,xampp
+  # 765,e16377344d2d52a15e735041b3eb2c5a,kibana
+  # 17542,e16377344d2d52a15e735041b3eb2c5a,jenkins
+  # 1150,6d2adf39ca320265830403dfc030033a,liferay
+  # 3638,59a0c7b6e4848ccdabcea0636efda02b,blogger
+  # 198,59a0c7b6e4848ccdabcea0636efda02b,wordpress
+  # 5430,59a0c7b6e4848ccdabcea0636efda02b,wordpress
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/favicon.ico"
+    redirects: true
+    max-redirects: 3
+    matchers-condition: or
+    matchers:
+      - type: dsl
+        name: springboot
+        dsl:
+          - "len(body)==946 && status_code==200 && (\"0488faca4c19046b94d07c3ee83cf9d6\" == md5(body))"
+      - type: dsl
+        name: proxmox
+        dsl:
+          - "len(body)==2336 && status_code==200 && (\"02f4db63a9cfb650c05ffd82956cbfd6\" == md5(body))"
+      - type: dsl
+        name: tomcat
+        dsl:
+          - "len(body)==21630 && status_code==200 && (\"4644f2d45601037b8423d45e13194c93\" == md5(body))"
+      - type: dsl
+        name: airwatch
+        dsl:
+          - "len(body)==6518 && status_code==200 && (\"3e7f8aa6768bba07751fe8570d7a244c\" == md5(body))"
+      - type: dsl
+        name: blogger
+        dsl:
+          - "len(body)==3638 && status_code==200 && (\"59a0c7b6e4848ccdabcea0636efda02b\" == md5(body))"
+      - type: dsl
+        name: xampp
+        dsl:
+          - "len(body)==30894 && status_code==200 && (\"6eb4a43cb64c97f76562af703893c8fd\" == md5(body))"
+      - type: dsl
+        name: kibana
+        dsl:
+          - "len(body)==1150 && status_code==200 && (\"e16377344d2d52a15e735041b3eb2c5a\" == md5(body))"
+      - type: dsl
+        name: liferay
+        dsl:
+          - "len(body)==1150 && status_code==200 && (\"6d2adf39ca320265830403dfc030033a\" == md5(body))"
+      - type: dsl
+        name: jenkins
+        dsl:
+          - "len(body)==17542 && status_code==200 && (\"23e8c7bd78e8cd826c5a6073b15068b1\" == md5(body))"
+      - type: dsl
+        name: wordpress
+        dsl:
+          - "len(body)==198 && status_code==200 && (\"c6acedaff906029fc5455d9ec52c7f42\" == md5(body))"
+      - type: dsl
+        name: wordpress
+        dsl:
+          - "len(body)==5430 && status_code==200 && (\"c291c057816f71ce15ba5c496f1a965a\" == md5(body))"