Re: [Plugins-writers] favicon used for web server ID?

• Previous message: George A. Theall: "Re: [Plugins-writers] favicon used for web server ID?"
• In reply to: Jon Passki: "[Plugins-writers] favicon used for web server ID?"
• Next in thread: Javier Fernandez-Sanguino: "Re: [Plugins-writers] favicon used for web server ID?"
• Reply: Javier Fernandez-Sanguino: "Re: [Plugins-writers] favicon used for web server ID?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Oct 14, 2005, at 10:40, Jon Passki wrote:

> Hey All,
>
> Without having to call an external program (such as md5sum or md5),
> would there be any way to grab a favicon.ico file from a web server
> and check it against a list of known favicon.ico files using NASL2?

Sure :

# Fill the list
list["SomeName"] = "3858f62230ac3c915f300c664312c63f";
.....


# Make the request
port = get_http_port(default:80);
req = http_get(item:"/favicon.ico", port:port);
res = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);
if ( res == NULL ) exit(0);
md5 = hexstr(MD5(res));

# Compare the result

foreach key ( keys(list))
{
  if ( list[key] == md5 )
     {
      report = "The remote favico.icn is the " + key + " file";
      security_note(port:port, data:report);
      exit(0);
     }
}



                             -- Renaud
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Previous message: George A. Theall: "Re: [Plugins-writers] favicon used for web server ID?"
• In reply to: Jon Passki: "[Plugins-writers] favicon used for web server ID?"
• Next in thread: Javier Fernandez-Sanguino: "Re: [Plugins-writers] favicon used for web server ID?"
• Reply: Javier Fernandez-Sanguino: "Re: [Plugins-writers] favicon used for web server ID?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Oct 14 2005 - 07:58:32 PDT