[Nikto-discuss] OWASP favicon and nikto

[Sullo]

On Thu, Jun 9, 2011 at 4:57 PM, Vlatko Kosturjak <kost at linux.hr> wrote:

> I'm not sure if you aware of the OWASP favicon project located here:
> https://www.owasp.org/index.php/Category:OWASP_Favicon_Database_Project

I wasn't aware of this project, but I am glad to see it.

> In short, it is idea to have central database of favicon hashes. So,
> most of open source projects can have benefit of them.

I don't see any licensing information on the database--what is it
being released under?

> I would like to invite nikto to update its database from there. Also,
> if there's anything the database miss - please help and add.

Would certainly like to contribute & use the database--how exactly
depends on the licensing (either inclusion in nikto's database, or
loading a distinct file). At some point nikto's database was
incorporated into the nmap nse so it's likely almost all are found in
there already.

>
> We're also preparing for new round of internet wide scan, so post your
> ideas before it's too late! In this new scan, we plan to support
> apple-touch-icon as well.

This is always a worthwhile effort, but the difficult part is of
course sifting through the data when it's gathered, and identifying
the product that an icon ties back to. I have done this previously
with a crawler with quite a bit of success, but weeding out site icons
vs products was a challenge that required a web app. Probably a
discussion for the other list though!

Thanks for making us aware of the project and I look forward to see
how the survey progresses.

-Sullo

-- 

http://www.cirt.net     |      http://www.osvdb.org/