Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.
MIT License
Note This tool heavily relies on its favicon hash database. If you think you have a new favicon hash that's worth adding or you think there is a wrong hash-service association please open an issue.
brew install favirecon
sudo snap install favirecon
go install github.com/edoardottt/favirecon/cmd/favirecon@latest
Usage:
favirecon [flags]
Flags:
INPUT:
-u, -url string Input domain
-l, -list string File containing input domains
-cidr Interpret input as CIDR
CONFIGURATIONS:
-hash string[] Filter results having these favicon hashes (comma separated)
-c, -concurrency int Concurrency level (default 50)
-t, -timeout int Connection timeout in seconds (default 10)
-rl, -rate-limit int Set a rate limit (per second)
-px, -proxy string Set a proxy server (URL)
OUTPUT:
-o, -output string File to write output results
-v, -verbose Verbose output
-s, -silent Silent output. Print only results
-j, -json JSON output
Identify a single domain
favirecon -u https://www.github.com
echo https://www.github.com | favirecon
Grab all possible results from a list of domains (protocols needed!)
favirecon -l targets.txt
cat targets.txt | favirecon
Grab all possible results belonging to a specific target(s) (protocols needed!)
cat targets.txt | favirecon -hash 708578229
Grab all possible results from single CIDR
favirecon -u 192.168.1.0/24 -cidr
Use a Proxy
favirecon -u https://www.github.com -px http://127.0.0.1:8080
JSON Output
favirecon -u https://www.github.com -j
Detailed changes for each release are documented in the release notes.
Just open an issue / pull request.
Before opening a pull request, download golangci-lint and run
golangci-lint run
If there aren't errors, go ahead :)
This repository is under MIT License. edoardoottavianelli.it to contact me.