[Nikto-discuss] OWASP favicon and nikto

Vlatko Kosturjak kost at linux.hr
Wed Jun 15 16:28:00 CDT 2011 

On Thu, Jun 09, 2011 at 08:55:47PM -0400, Sullo wrote:
> On Thu, Jun 9, 2011 at 4:57 PM, Vlatko Kosturjak <kost at linux.hr> wrote:
> > In short, it is idea to have central database of favicon hashes. So,
> > most of open source projects can have benefit of them.
> I don't see any licensing information on the database--what is it
> being released under?
> Would certainly like to contribute & use the database--how exactly
> depends on the licensing (either inclusion in nikto's database, or
> loading a distinct file). At some point nikto's database was
> incorporated into the nmap nse so it's likely almost all are found in
> there already.

That's another invite - let's talk about licensing!  
Scripts I've made to crawl the internet are under GPL 2+ :                      
https://github.com/kost/owasp-favicon-crawl                                     
Since, I'm only contributor to these scripts, I can dual license it or change   
+the script license if there's any problem with that. But personally, I don't   
see any problem with GPL 2+ and the scripts are not rocket science!

Regarding database, my personal viewpoint is there is no sense to have 10 
different and incomplete databases. And also there is no point in having 
database which noone will use. So, yes, cooperation sounds good and let's 
see what license is best for OWASP and for open and/or commercial projects 
including nikto, w3af, ...

So, what's the best/acceptable licenses for nikto?

> This is always a worthwhile effort, but the difficult part is of
> course sifting through the data when it's gathered, and identifying
> the product that an icon ties back to. I have done this previously
> with a crawler with quite a bit of success, but weeding out site icons
> vs products was a challenge that required a web app. Probably a
> discussion for the other list though!

Absolutely true! Had same experience, but that's where power of community 
comes and I tried to make contributions easy as you can edit wiki yourself or 
send MD5 via twitter with proper identification. 

In short, let's talk!
-- 
Vlatko Kosturjak - KoSt

More information about the Nikto-discuss mailing list