All Projects → devanshbatham → Favfreak

devanshbatham / Favfreak

Licence: mit
Making Favicon.ico based Recon Great again !

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Favfreak

Bbrecon
Python library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-70.04%)
Mutual labels:  osint, hacking, recon, web-security, bugbounty
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+501.24%)
Mutual labels:  osint, hacking, reconnaissance, information-gathering, bugbounty
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-24.29%)
Mutual labels:  osint, hacking, reconnaissance, recon, bugbounty
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+509.75%)
Mutual labels:  osint, reconnaissance, recon, information-gathering, bugbounty
Discover
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Stars: ✭ 2,548 (+351.77%)
Mutual labels:  osint, reconnaissance, recon, information-gathering
Raccoon
A high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+309.93%)
Mutual labels:  osint, hacking, reconnaissance, information-gathering
Vajra
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Stars: ✭ 269 (-52.3%)
Mutual labels:  osint, hacking, recon, information-gathering
Oneforall
OneForAll是一款功能强大的子域收集工具
Stars: ✭ 4,202 (+645.04%)
Mutual labels:  osint, recon, information-gathering, bugbounty
Osint Tools
👀 Some of my favorite OSINT tools.
Stars: ✭ 155 (-72.52%)
Mutual labels:  osint, reconnaissance, recon, information-gathering
Sitedorks
Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term with a default set of websites, bug bounty programs or a custom collection.
Stars: ✭ 221 (-60.82%)
Mutual labels:  osint, hacking, recon, bugbounty
Osint tips
OSINT
Stars: ✭ 322 (-42.91%)
Mutual labels:  osint, hacking, reconnaissance, bugbounty
Bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (-4.08%)
Mutual labels:  osint, reconnaissance, recon, bugbounty
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-74.82%)
Mutual labels:  recon, bugbounty, information-gathering, reconnaissance
flydns
Related subdomains finder
Stars: ✭ 29 (-94.86%)
Mutual labels:  osint, recon, bugbounty, reconnaissance
Pdlist
A passive subdomain finder
Stars: ✭ 204 (-63.83%)
Mutual labels:  osint, reconnaissance, information-gathering, bugbounty
querytool
Querytool is an OSINT framework based on Google Spreadsheets. With this tool you can perform complex search of terms, people, email addresses, files and many more.
Stars: ✭ 104 (-81.56%)
Mutual labels:  osint, recon, information-gathering, reconnaissance
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+1492.38%)
Mutual labels:  osint, hacking, information-gathering, bugbounty
Deadtrap
An OSINT tool to gather information about the real owner of a phone number
Stars: ✭ 73 (-87.06%)
Mutual labels:  osint, hacking, reconnaissance, information-gathering
Ntlmrecon
Enumerate information from NTLM authentication enabled web endpoints 🔎
Stars: ✭ 252 (-55.32%)
Mutual labels:  osint, hacking, reconnaissance, recon
Reconky-Automated Bash Script
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (-70.39%)
Mutual labels:  osint, recon, bugbounty, reconnaissance

FavFreak - Weaponizing favicon.ico for BugBounties , OSINT and what not

FacFreak

Detailed Description about this can be found here :

Read Blog here : https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139

Introduction

I have created this tool for making my work easier when it comes to recon using Favicon hashes, it takes a list of urls (with https or http protocol) from stdin ,then it fetches favicon.ico and calculates its hash value. It sorts the domains/subdomains/IPs according to their favicon hashes and the most interesting part is , It matches calculated favicon hashes with the favicon hashes present in the fingerprint dictionary , If matched then it will show you the results in the output, there is option to generate shodan dorks as well (that is pretty basic and you can do it manually as well)

How to install and use

Note : Tested with python3.6.9 on Ubuntu/Kali

$ git clone https://github.com/devanshbatham/FavFreak
$ cd FavFreak
$ virtualenv -p python3 env
$ source env/bin/activate
$ python3 -m pip install mmh3
$ cat urls.txt | python3 favfreak.py 

Example Run :

Note : URLs must begin with either http or https

$ cat urls.txt
https://example.com
https://test-example.com
http://hack-example.com
.. .. .. .. 
.. .. .. .. 
AND SO ON 

$ cat urls.txt | python3 favfreak.py -o output

Fetching /favicon.ico and generating hashes :

enter image description here

Subdomains/IPs Sorted according to their Favicon hashes :

favicon hashes

FingerPrint Based favicon Hash detection :

enter image description here

Fingerprint dictionary looks like this : enter image description here

Add your own fingerprints

Edit favfreak.py , you will find a dictionary named 'fingerprint' , 
Add your fingerprints in that dictionary !

Contact

Shoot my DM : @0xAsm0d3us

Offtopic but Important

This COVID pandemic affected animals too (in an indirect way) . I will be more than happy if you will show some love for Animals by donating to Animal Aid Unlimited ,Animal Aid Unlimited saves animals through street animal rescue, spay/neuter and education. Their mission is dedicated to the day when all living beings are treated with compassion and love. ✨

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].