Open In App

FavFreak – Weaponizing favicon.ico for BugBounties

Last Updated : 28 Nov, 2021
Improve
Improve
Like Article
Like
Save
Share
Report

HTTP favicons are often used by bug bounty hunters and red teamers to identify unprotected services in a target AS or IP range. These hashes can be calculated or detected through automated tools FavFreak tool is an automated tool developed in the Python Language that takes the single URL or list of URLs from text files and calculates its favicon hash value. This value is been matched with the fingerprint dictionary. If there is a match then the results are been shown in the terminal or can be saved in the text file. FavFreak tool is open source and free to use, it’s available on the GitHub platform.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of FavFreak Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/devanshbatham/FavFreak.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd FavFreak

Step 3: You are in the directory of the FavFreak. Now you have to install a dependency of the FavFreak using the following command.

sudo pip install -r requirements.txt

Step 4: All the dependencies have been installed in your Kali Linux operating system.

python3 FavFreak.py -h

Working with FavFreak Tool on Kali Linux OS

Example 1: Single Target domain

echo “http://geeksforgeeks.org” | python3 favfreak.py -o output

In this example, we are extracting the favicon hash for geeksforgeeks.org.

We have got the resultant hash value.

The tool also saves the output in the text file.

Example 2: Multiple Target URLs

cat urls.txt | python3 favfreak.py -o output

In this example, we will be fingerprinting multiple URLs. 

We have started the scan process against the URLs saved in the text file.

We have got the Hash values for each of the target URLs.

We have also got the Programming languages details which are been used for a favicon.

The output for the scan is saved in the text-formatted files.


Like Article
Suggest improvement
Next
Hackbar Extension For Firefox in Kali Linux
Share your thoughts in the comments

G
gauravgandal
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox