From 621141dae2c5093553f9869a9c30c75b55c2e0e3 Mon Sep 17 00:00:00 2001 From: idealphase Date: Wed, 5 Apr 2023 15:11:22 +0700 Subject: [PATCH 1/6] Updated favicon-detect.yaml Added Sophos Email Appliance favicon --- technologies/favicon-detect.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/technologies/favicon-detect.yaml b/technologies/favicon-detect.yaml index 35de9c1c3f..97f52d586d 100644 --- a/technologies/favicon-detect.yaml +++ b/technologies/favicon-detect.yaml @@ -2655,3 +2655,8 @@ requests: name: "Vue.js" dsl: - "status_code==200 && (\"-1252041730\" == mmh3(base64_py(body)))" + + - type: dsl + name: "Sophos Email Appliance" + dsl: + - "status_code==200 && (\"-830586692\" == mmh3(base64_py(body)))" From e3c5a64c7154d32374f985cc94bf666b5e29cf31 Mon Sep 17 00:00:00 2001 From: idealphase Date: Wed, 5 Apr 2023 15:18:11 +0700 Subject: [PATCH 2/6] Updated favicon-detect.yaml Fixed YAML Lint --- technologies/favicon-detect.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/technologies/favicon-detect.yaml b/technologies/favicon-detect.yaml index 97f52d586d..de4ab6c27c 100644 --- a/technologies/favicon-detect.yaml +++ b/technologies/favicon-detect.yaml @@ -2655,7 +2655,7 @@ requests: name: "Vue.js" dsl: - "status_code==200 && (\"-1252041730\" == mmh3(base64_py(body)))" - + - type: dsl name: "Sophos Email Appliance" dsl: From 72e1ffb177076fd6a3ff6aff7180cfde6436bb62 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Mon, 8 May 2023 20:03:48 +0530 Subject: [PATCH 3/6] Update and rename technologies/favicon-detect.yaml to http/technologies/favicon-detect.yaml --- .../technologies}/favicon-detect.yaml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) rename {technologies => http/technologies}/favicon-detect.yaml (99%) diff --git a/technologies/favicon-detect.yaml b/http/technologies/favicon-detect.yaml similarity index 99% rename from technologies/favicon-detect.yaml rename to http/technologies/favicon-detect.yaml index de4ab6c27c..c4207eb99f 100644 --- a/technologies/favicon-detect.yaml +++ b/http/technologies/favicon-detect.yaml @@ -12,14 +12,18 @@ info: - https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv tags: tech,favicon -requests: +http: - method: GET path: - - "{{BaseURL}}/favicon.ico" + - "{{BaseURL}}/{{path}}favicon.ico" + + payloads: + path: + - + - images/ host-redirects: true max-redirects: 2 - matchers: - type: dsl name: proxmox From 49a845f49655b6fb0c89479fd40e3b85bbde2da6 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Mon, 8 May 2023 20:05:18 +0530 Subject: [PATCH 4/6] added stop-at-first --- http/technologies/favicon-detect.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/http/technologies/favicon-detect.yaml b/http/technologies/favicon-detect.yaml index c4207eb99f..6638c778a6 100644 --- a/http/technologies/favicon-detect.yaml +++ b/http/technologies/favicon-detect.yaml @@ -22,6 +22,7 @@ http: - - images/ + stop-at-first-match: true host-redirects: true max-redirects: 2 matchers: From cc88b320f9d896ec99f5efc51ed4e82479e95112 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 11 May 2023 00:21:03 +0530 Subject: [PATCH 5/6] added max-request --- http/technologies/favicon-detect.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/http/technologies/favicon-detect.yaml b/http/technologies/favicon-detect.yaml index 3fe4fd1a21..d6163bb71b 100644 --- a/http/technologies/favicon-detect.yaml +++ b/http/technologies/favicon-detect.yaml @@ -10,6 +10,8 @@ info: - https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139 - https://github.com/devanshbatham/FavFreak - https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv + metadata: + max-request: 2 tags: tech,favicon http: @@ -2666,4 +2668,4 @@ http: - type: dsl name: "Sophos Email Appliance" dsl: - - "status_code==200 && (\"-830586692\" == mmh3(base64_py(body)))" \ No newline at end of file + - "status_code==200 && (\"-830586692\" == mmh3(base64_py(body)))" From c5c5de1c725c5d97b88544667de098a358d44bb8 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 11 May 2023 00:27:01 +0530 Subject: [PATCH 6/6] Update favicon-detect.yaml --- http/technologies/favicon-detect.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/http/technologies/favicon-detect.yaml b/http/technologies/favicon-detect.yaml index d6163bb71b..a661ef8958 100644 --- a/http/technologies/favicon-detect.yaml +++ b/http/technologies/favicon-detect.yaml @@ -22,7 +22,6 @@ http: payloads: path: - - - images/ stop-at-first-match: true