GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → pielco11 → Fav Up

pielco11 / Fav Up

Licence: mit
IP lookup by favicon using Shodan

Programming Languages

python
139335 projects - #7 most used programming language

Labels

osintcloudflareshodan

Projects that are alternatives of or similar to Fav Up

Osint San
Framework для сбора данных из открытых источников. В Framework используется большое количество API, их необходимо зарегистрировать самому.​
Stars: ✭ 99 (-82%)
Mutual labels:  osint, shodan
Mihari
A helper to run OSINT queries & manage results continuously
Stars: ✭ 239 (-56.55%)
Mutual labels:  osint, shodan
Infoga
Infoga - Email OSINT
Stars: ✭ 947 (+72.18%)
Mutual labels:  osint, shodan
Reconspider
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
Stars: ✭ 621 (+12.91%)
Mutual labels:  osint, shodan
mmhdan
Calculate fingerprints of a website for OSINT search
Stars: ✭ 35 (-93.64%)
Mutual labels:  shodan, osint
Shogun
Shodan.io Command Line Interface
Stars: ✭ 42 (-92.36%)
Mutual labels:  shodan, osint
Xray
XRay is a tool for recon, mapping and OSINT gathering from public networks.
Stars: ✭ 1,666 (+202.91%)
Mutual labels:  osint, shodan
Urlextractor
Information gathering & website reconnaissance | https://phishstats.info/
Stars: ✭ 341 (-38%)
Mutual labels:  osint, shodan
common-osint-model
Converting data from services like Censys and Shodan to a common data model
Stars: ✭ 35 (-93.64%)
Mutual labels:  shodan, osint
osint-combiner
Combining OSINT sources in Elastic Stack
Stars: ✭ 77 (-86%)
Mutual labels:  shodan, osint
Threatpinchlookup
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (-53.27%)
Mutual labels:  osint, shodan
Gosint
OSINT Swiss Army Knife
Stars: ✭ 401 (-27.09%)
Mutual labels:  osint, shodan
Docker Cloudflare Ddns
A small amd64/ARM/ARM64 Docker image that allows you to use CloudFlare as a DDNS / DynDNS Provider.
Stars: ✭ 467 (-15.09%)
Mutual labels:  cloudflare
Bugcrowd Levelup Subdomain Enumeration
This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
Stars: ✭ 513 (-6.73%)
Mutual labels:  osint
Encrypted Dns
Configuration profiles for DNS HTTPS and DNS over TLS for iOS 14 and MacOS Big Sur
Stars: ✭ 455 (-17.27%)
Mutual labels:  cloudflare
React Starter Kit
React Starter Kit — front-end starter kit using React, Relay, GraphQL, and JAM stack architecture
Stars: ✭ 21,060 (+3729.09%)
Mutual labels:  cloudflare
Osrframework
OSRFramework, the Open Sources Research Framework is a AGPLv3+ project by i3visio focused on providing API and tools to perform more accurate online researches.
Stars: ✭ 534 (-2.91%)
Mutual labels:  osint
Operative Framework
operative framework is a OSINT investigation framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or results, interact with RESTFul API, write your own modules.
Stars: ✭ 511 (-7.09%)
Mutual labels:  osint
Nginx Autoinstall
Compile Nginx from source with custom modules on Debian and Ubuntu
Stars: ✭ 443 (-19.45%)
Mutual labels:  cloudflare
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (-20.18%)
Mutual labels:  osint
View All Similar Projects ➔

Fav-up

Lookups for real IP starting from the favicon icon and using Shodan.

img img2

Installation

  • pip3 install -r requirements.txt
  • Shodan API key (not the free one)

Usage

CLI

First define how you pass the API key:

  • -k or --key to pass the key to the stdin
  • -kf or --key-file to pass the filename which get the key from
  • -sc or --shodan-cli to get the key from Shodan CLI (if you initialized it)

As of now, this tool can be used in three different ways:

  • -ff or --favicon-file: you store locally a favicon icon which you want to lookup
  • -fu or --favicon-url: you don't store locally the favicon icon, but you know the exact url where it resides
  • -w or --web: you don't know the URL of the favicon icon, but you still know that's there
  • -fh or --favicon-hash: you know the hash and want to search the entire internet.

You can specify input files which may contain urls to domain, to favicon icons, or simply locations of locally stored icons:

  • -fl, --favicon-list: the file contains the full path of all the icons which you want to lookup
  • -ul, --url-list: the file contains the full URL of all the icons which you want to lookup
  • -wl, --web-list: the contains all the domains which you want to lookup

You can also save the results to a CSV/JSON file:

  • -o, --output: specify the output and the format, e.g.: results.csv will save to a CSV file (the type is automatically recognized by the extension of the output file)

Examples

Favicon-file

python3 favUp.py --favicon-file favicon.ico -sc

Favicon-url

python3 favUp.py --favicon-url https://domain.behind.cloudflare/assets/favicon.ico -sc

Web

python3 favUp.py --web domain.behind.cloudflare -sc

Module

from favUp import FavUp

f = FavUp()          
f.shodanCLI = True
f.web = "domain.behind.cloudflare"
f.show = True 
f.run()

for result in f.faviconsList:
    print(f"Real-IP: {result['found_ips']}")
    print(f"Hash: {result['favhash']}")

All attributes

Variable Type
FavUp.show bool
FavUp.key str
FavUp.keyFile str
FavUp.shodanCLI bool
FavUp.faviconFile str
FavUp.faviconURL str
FavUp.web str
FavUp.shodan Shodan class
FavUp.faviconsList list[dict]

FavUp.faviconsList stores all the results, the key fields depend by the type of the lookup you want to do.

In case of --favicon-file or --favicon-list:

  • favhash stores the hash of the favicon icon
  • file stores the path

In case of --favicon-url or --url-list:

  • favhash stores the hash of the favicon icon
  • url stores the URL of the favicon icon
  • domain stores the domain name
  • maskIP stores the "fake" IP (e.g. the Cloudflare one)
  • maskISP store the ISP name associated to the maskIP

In case of --web or --web-list:

  • favhash stores the hash of the favicon icon
  • domain stores the domain name
  • maskIP stores the "fake" IP (e.g. the Cloudflare one)
  • maskISP store the ISP name associated to the maskIP

(in this case the URL of the favicon icon is returned by the href attribute of <link rel='icon'> HTML element)

If, while searching for the favicon icon, nothing useful is found, not-found will be returned.

In all three cases, found_ips field is added for every checked entry. If no IP(s) have been found, not-found will be returned.

Compatibility

At least python3.6 is required due to spicy syntax.

Feedback/Suggestion

Feel free to open any issue, your feedback and suggestions are always welcome <3

Publications

Unveiling IPs behind Cloudflare by @noneprivacy

Disclaimer

This tool is for educational purposes only. The authors and contributors don't take any responsibility for the misuse of this tool. Use It At Your Own Risk!

Credits

Conceived by Francesco Poldi noneprivacy, build with Aan Wahyu Petruknisme

stanley_HAL told me how Shodan calculates the favicon hash.

What is Murmur3?

More about Murmur3 and Shodan

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].