Andres/Matt 2009/11/23 Andres Riancho <andres.rian...@gmail.com>: > Matt, > > On Mon, Nov 23, 2009 at 5:30 PM, Matt Tesauro <mtesa...@gmail.com> wrote: >> How about starting an OWASP project on this? OWASP is a nice neutral >> 3rd party. > > I agree, that could be a nice idea. > >> OWASP already has a wiki where anyone can add hashes to the list. > > +1 > >> About all the project lead would need to do is set a watch on that page >> and re-generate archive of the list after any new ones are added >> or >> you could just scrape that wiki page. The printable view would be cake >> to scrape. > > +1, but "the creator" of the favicon thing is Vlatko, and he should be > the one that decides what to do with that, >
+1 There are a wiki page [1] about this topic and the Project Leader is Vlatko Kosturjak =) [1] http://www.owasp.org/index.php?title=GPC_Project_Details/OWASP_Favicon_Database_Project&setlang=es ....and a maling list... (https://lists.owasp.org/mailman/listinfo/owasp-favicon-database) > Cheers, > >> My 2 cents. >> >> - >> -- Matt Tesauro >> OWASP Live CD Project Lead >> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project >> http://AppSecLive.org - Community and Download site >> >> >> On Mon, 2009-11-23 at 17:24 -0300, Andres Riancho wrote: >>> Vlatko, >>> >>> On Mon, Nov 23, 2009 at 4:26 PM, Ulises2k <ulise...@gmail.com> wrote: >>> > more md5´s >>> > >>> > http://nmap.org/nsedoc/scripts/http-favicon.html >>> > http://nmap.org/svn/nselib/data/favicon-db >>> >>> I think that you should somehow centralize the efforts to keep an >>> updated database. If every piece of software keeps its own database, >>> we'll be wasting our times. What do you think about keeping it in your >>> website, and then everybody can download the latest from there? >>> >>> Cheers, >>> >>> > >>> > On Thu, Oct 22, 2009 at 12:29, Ulises2k <ulise...@gmail.com> wrote: >>> >> >>> >> I found the same md5sum as the following one in Plex Favicon: >>> >> - dcea02a5797ce9e36f19b7590752563e:Apache (seen on CentOS/Debian/Fedora) >>> >> >>> >> Plex Favicon: >>> >> $ wget https://plesk86.demo.parallels.com:8443/favicon.ico >>> >> --no-check-certificate >>> >> $ md5sum favicon.ico >>> >> dcea02a5797ce9e36f19b7590752563e favicon.ico >>> >> >>> >> Can you check if the md5sum of the Apache favicon is ok? >>> >> >>> >> >>> >> On Thu, Oct 22, 2009 at 07:06, Raul Siles <raul.si...@gmail.com> wrote: >>> >> > Vlakto, >>> >> > Have you checked the Nikto db_favicon file? It contains a few >>> >> > fingerprints. >>> >> > Get first auth. from the Nikto project. >>> >> > >>> >> > Cheers, >>> >> > -- >>> >> > Raul Siles >>> >> > www.raulsiles.com >>> >> > >>> >> > >>> >> > >>> >> > On Fri, Oct 16, 2009 at 5:50 PM, Vlatko Kosturjak <k...@linux.hr> >>> >> > wrote: >>> >> >> Andres Riancho wrote: >>> >> >>> >>> >> >>> I love this plugin! I loved the idea when you told me about it in >>> >> >>> France, and I love it much more now that I see how simple the code >>> >> >>> is. >>> >> >> >>> >> >> Thanks, it was great to meet you at Besancon. >>> >> >> >>> >> >>> These are the things I modified in the plugin before commiting it to >>> >> >>> the trunk: >>> >> >>> - There were lines with tab indentation instead of the PEP-8 >>> >> >>> recommended 4-space indentation. I changed them. >>> >> >> >>> >> >> OK. Now, I know what you prefer for patches. >>> >> >> >>> >> >>> - Changed the reporting a little bit. Now an information object is >>> >> >>> only saved to the kb if the favicon.ico is actually identified. >>> >> >> >>> >> >> I had different idea. Usually, assessor/tester of the target site >>> >> >> should be >>> >> >> aware if there's favicon there. Maybe we could not identify it >>> >> >> automatically, but assessor could see that there is favicon.ico, so he >>> >> >> can >>> >> >> see it visually and get some clue about the website/CMS/... As it >>> >> >> tests >>> >> >> for >>> >> >> 404, it will display only existing favicon.ico. >>> >> >> Also, it would ease the contribution of MD5 back to the project... >>> >> >> It's my point of view which could be wrong... >>> >> >> >>> >> >>> - Removed the unused "self._fuzzableRequests = []" and "dirs = []" >>> >> >> >>> >> >> There's few things to implement in future versions. First of all, >>> >> >> support >>> >> >> for different dirs. i.e. on single web site, there could be different >>> >> >> software versions, e.g.: >>> >> >> http://website/phpbb >>> >> >> http://website/drupal >>> >> >> So, it would be good to have it run after the crawler, so it can >>> >> >> identify >>> >> >> different versions. Here I would need your help. Also, >>> >> >> it would be good to implement parsing of <link rel icon> tag, so >>> >> >> plugin >>> >> >> can >>> >> >> identify favicon.ico in not-usual locations... >>> >> >> >>> >> >>> - I added a test script named >>> >> >>> "scripts/script-favicon_identification.w3af" that helps test the >>> >> >>> plugin you created by running "./w3af_console -s >>> >> >>> scripts/script-favicon_identification.w3af" >>> >> >> >>> >> >> Just checked it and i'm sending patch to fix it as it has some >>> >> >> leftovers. >>> >> >> >>> >> >>> To sum up, I did nothing and you did a great job ;) If you perform a >>> >> >>> "svn up" of w3af's trunk, you'll find your plugin there. >>> >> >> >>> >> >> Thanks. I plan and hope I will contribute more (plugins & code). >>> >> >> >>> >> >>>> In order to learn more about it to, refer to: >>> >> >>>> http://kost.com.hr/favicon.phpiimplement mplement >>> >> >> >>> >> >> My error, link should be: http://kost.com.hr/favicon.php >>> >> >> >>> >> >>> I see that you guys are trying to expand this database by running >>> >> >>> "Internet wide" scans. I have a server that could be used for this >>> >> >>> purpose, if you send me a couple of commands that you need me to run, >>> >> >>> I'll be more than happy to run them and then send you the response. >>> >> >>> Maybe you could assign me the address range for Argentina, Chile, >>> >> >>> Uruguay, Bolivia and Paraguay, and I would the results back to you? >>> >> >> >>> >> >> Sure. As I have donated all my work to OWASP and we're just building >>> >> >> it as >>> >> >> OWASP project, feel free to join the mailing list at: >>> >> >> https://lists.owasp.org/mailman/listinfo/owasp-favicon-database >>> >> >> >>> >> >> Current process of crawling is described here: >>> >> >> http://www.owasp.org/index.php/OWASP_favicon_database_crawl >>> >> >> ...and scripts can be downloaded here: >>> >> >> http://kost.com.hr/favicon.php >>> >> >> >>> >> >> Although, I'm not sure that we can separate it per country (in terms >>> >> >> of >>> >> >> nmap >>> >> >> -iR), but any idea on performing the internet wide survey is welcomed! >>> >> >> >>> >> >>> Thank you for supporting w3af, and other open source projects like >>> >> >>> openvas and nessus! >>> >> >> >>> >> >> You're welcome. As we talk about OpenVAS, maybe it's good time and >>> >> >> place to >>> >> >> ask about it. My plan is to write OpenVAS NVT (NASL) script which >>> >> >> would >>> >> >> run >>> >> >> w3af automatically if http(s) port(s) is found (similar to nikto NASL >>> >> >> plugin). I think this mailing list is best place (and you Andres) to >>> >> >> ask >>> >> >> what is the best command line for w3af for automatic vulnerability >>> >> >> discovery? i.e. so NASL can launch w3af and parse the results and >>> >> >> report it >>> >> >> through standard OpenVAS reporting mechanism. Any help would be >>> >> >> appreciated. >>> >> >> >>> >> >> Also if you (or anyone else) have some ideas about other >>> >> >> OpenVAS<=>w3af >>> >> >> cooperation/partnership, let me know! >>> >> >> >>> >> >> Kost >>> >> >> >>> >> >> >>> >> >> ------------------------------------------------------------------------------ >>> >> >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA >>> >> >> is the only developer event you need to attend this year. Jumpstart >>> >> >> your >>> >> >> developing skills, take BlackBerry mobile applications to market and >>> >> >> stay >>> >> >> ahead of the curve. Join us from November 9 - 12, 2009. Register now! >>> >> >> http://p.sf.net/sfu/devconference >>> >> >> _______________________________________________ >>> >> >> W3af-develop mailing list >>> >> >> W3af-develop@lists.sourceforge.net >>> >> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>> >> >> >>> >> >> >>> >> > >>> >> > >>> >> > ------------------------------------------------------------------------------ >>> >> > Come build with us! The BlackBerry(R) Developer Conference in SF, CA >>> >> > is the only developer event you need to attend this year. Jumpstart >>> >> > your >>> >> > developing skills, take BlackBerry mobile applications to market and >>> >> > stay >>> >> > ahead of the curve. Join us from November 9 - 12, 2009. Register now! >>> >> > http://p.sf.net/sfu/devconference >>> >> > _______________________________________________ >>> >> > W3af-develop mailing list >>> >> > W3af-develop@lists.sourceforge.net >>> >> > https://lists.sourceforge.net/lists/listinfo/w3af-develop >>> >> > >>> >> >>> >> >>> >> >>> >> -- >>> >> -- >>> >> Ulises U. Cuñé >>> >> Web: http://www.ulises2k.com.ar >>> >> >>> > >>> > >>> > >>> > -- >>> > Ulises U. Cuñé >>> > Web: http://www.ulises2k.com.ar >>> > >>> > ------------------------------------------------------------------------------ >>> > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 >>> > 30-Day >>> > trial. Simplify your report design, integration and deployment - and focus >>> > on >>> > what you do best, core application coding. Discover what's new with >>> > Crystal Reports now. http://p.sf.net/sfu/bobj-july >>> > _______________________________________________ >>> > W3af-develop mailing list >>> > W3af-develop@lists.sourceforge.net >>> > https://lists.sourceforge.net/lists/listinfo/w3af-develop >>> > >>> > >>> >>> >>> >>> -- >>> Andrés Riancho >>> Founder, Bonsai - Information Security >>> http://www.bonsai-sec.com/ >>> http://w3af.sf.net/ >>> >>> ------------------------------------------------------------------------------ >>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >>> trial. Simplify your report design, integration and deployment - and focus >>> on >>> what you do best, core application coding. Discover what's new with >>> Crystal Reports now. http://p.sf.net/sfu/bobj-july >>> _______________________________________________ >>> W3af-develop mailing list >>> W3af-develop@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >> > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > -- Martin Tartarelli Linux User #476492 http://owasp.org/index.php/Argentina -- ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
