Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Favicon hash probing #459

Closed
ehsandeep opened this issue Dec 19, 2021 Discussed in #458 · 1 comment · Fixed by #476 or #486
Closed

Favicon hash probing #459

ehsandeep opened this issue Dec 19, 2021 Discussed in #458 · 1 comment · Fixed by #476 or #486
Assignees
@Mzack9999
Labels
Priority: Medium This issue may be useful, and needs some attention. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Milestone
v1.1.5

Comments

@ehsandeep
Copy link
Member

ehsandeep commented Dec 19, 2021
edited
Loading

Discussed in #458

Please describe your feature request:

chaos -d hackerone.com | ./httpx -favicon -sc

https://api.hackerone.com [1444372553] [200]
https://docs.hackerone.com [1807456141] [200]
https://gslink.hackerone.com [1506877856] [200]
https://mta-sts.hackerone.com [-1700323260] [404]
https://mta-sts.forwarding.hackerone.com [-1700323260] [404]
https://mta-sts.managed.hackerone.com [-1700323260] [404]
https://resources.hackerone.com [-2123925267] [404]
https://support.hackerone.com [-940825619] [404]
https://www.hackerone.com [1052551739] [200]
chaos -d hackerone.com | ./httpx -match-favicon 1444372553

https://api.hackerone.com [1444372553]
chaos -d hackerone.com | ./httpx -filter-favicon '-1700323260' -mc 200

https://api.hackerone.com [1444372553]
https://docs.hackerone.com [1807456141]
https://gslink.hackerone.com [1506877856]
https://www.hackerone.com [1052551739]
{
  "timestamp": "2022-01-03T13:57:33.790084+05:30",
  "scheme": "https",
  "port": "443",
  "path": "/favicon.ico",
  "body-sha256": "ba712982ab0d40a72abb893646db62ade35983fc4bdb83abb9a7ebdcd75f569d",
  "header-sha256": "01b9afd2df1e0ad9fb662b1c4a8ee4216772621c1d472a1e5e4b5364c37c801d",
  "favicon-mmh3": "1052551739",
  "a": [
    "104.16.100.52",
    "104.16.99.52"
  ],
  "url": "https://hackerone.com:443/favicon.ico",
  "input": "hackerone.com",
  "webserver": "cloudflare",
  "content-type": "image/vnd.microsoft.icon",
  "method": "GET",
  "host": "104.16.100.52",
  "content-length": 5426,
  "status-code": 200,
  "csp": {
    "domains": [
      "www.google-analytics.com",
      "errors.hackerone.net",
      "cover-photos.hackerone-user-content.com",
      "hackathon-photos.hackerone-user-content.com",
      "profile-photos.hackerone-user-content.com",
      "hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com",
      "https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d",
      "www.youtube-nocookie.com"
    ]
  },
  "response-time": "2.2161905s",
  "failed": false
}

Flags:

   -favicon     Display Favicon hash
   -mfc, -match-favicon    Match Favicon hash
   -ffc, -filter-favicon    Filter Favicon hash
@ehsandeep ehsandeep added Type: Enhancement Most issues will probably ask for additions or changes. Priority: Medium This issue may be useful, and needs some attention. labels Dec 19, 2021
@ehsandeep
Copy link
Member Author

Hash can be calculated using mmh3 algorithm against /favicon.ico response body.

@ehsandeep ehsandeep added this to the v1.1.5 milestone Dec 19, 2021
@Mzack9999 Mzack9999 self-assigned this Jan 3, 2022
@Mzack9999 Mzack9999 added the Status: In Progress This issue is being worked on, and has someone assigned. label Jan 3, 2022
@Mzack9999 Mzack9999 linked a pull request Jan 3, 2022 that will close this issue
Add support for favicon hash #476
Merged
@Mzack9999 Mzack9999 added Status: Review Needed The issue has a PR attached to it which needs to be reviewed and removed Status: In Progress This issue is being worked on, and has someone assigned. labels Jan 3, 2022
@Mzack9999 Mzack9999 changed the title Favicon hash probbing Favicon hash probing Jan 3, 2022
@ehsandeep ehsandeep added Status: Completed Nothing further to be done with this issue. Awaiting to be closed. and removed Status: Review Needed The issue has a PR attached to it which needs to be reviewed labels Jan 7, 2022
@ehsandeep ehsandeep linked a pull request Jan 10, 2022 that will close this issue
v1.1.5 Release #486
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mzack9999 Mzack9999

Labels
Priority: Medium This issue may be useful, and needs some attention. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
v1.1.5
Development

Successfully merging a pull request may close this issue.

Add support for favicon hash projectdiscovery/httpx
v1.1.5 Release projectdiscovery/httpx
2 participants
@ehsandeep @Mzack9999