description = [[
Gets the favicon ("favorites icon") from a web page and matches it against a
database of the icons of known web applications. If there is a match, the name
of the application is printed; otherwise the MD5 hash of the icon data is
printed.
If the script argument favicon.uri is given, that relative URI is
always used to find the favicon. Otherwise, first the page at the root of the
web server is retrieved and parsed for a
element. If that fails, the icon is looked for in /favicon.ico. If
a favicon points to a different host or port, it is ignored.
]]
---
-- @args favicon.uri URI that will be requested for favicon.
-- @args favicon.root Web server path to search for favicon.
--
-- @usage
-- nmap --script=http-favicon.nse \
-- --script-args favicon.root=,favicon.uri=
-- @output
-- |_ http-favicon: Socialtext
-- HTTP default favicon enumeration script
-- rev 1.2 (2009-03-11)
-- Original NASL script by Javier Fernandez-Sanguino Pena
author = "Vlatko Kosturjak"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}
require "shortport"
require "http"
require "stdnse"
require "datafiles"
require "nsedebug"
require "openssl"
portrule = shortport.http
action = function(host, port)
local md5sum,answer
local match
local status, favicondb
local result= ""
local favicondbfile="nselib/data/favicon-db"
local index, icon
local root = ""
status, favicondb = datafiles.parse_file( favicondbfile, {["^%s*([^%s#:]+)[%s:]+"] = "^%s*[^%s#:]+[%s:]+(.*)"})
if not status then
stdnse.print_debug( 1, "Could not open file: %s", favicondbfile )
return
end
if(nmap.registry.args['favicon.root']) then
root = nmap.registry.args['favicon.root']
end
if(nmap.registry.args['favicon.uri']) then
-- If we got a script arg URI, always use that.
answer = http.get( host, port, root .. "/" .. nmap.registry.args['favicon.uri'])
stdnse.print_debug( 4, "Using URI %s", nmap.registry.args['favicon.uri'])
else
-- Otherwise, first try parsing the home page.
index = http.get( host, port, root .. "/" )
if index.status == 200 or index.status == 503 then
-- find the favicon pattern
icon = parseIcon( index.body )
-- if we find a pattern
if icon then
local hostname = host.targetname or (host.name ~= "" and host.name) or host.ip
stdnse.print_debug(1, "Got icon URL %s.", icon)
local icon_host, icon_port, icon_path = parse_url_relative(icon, hostname, port.number, root)
if (icon_host == host.ip or
icon_host == host.targetname or
icon_host == (host.name ~= '' and host.name)) and
icon_port == port.number then
-- request the favicon
answer = http.get( icon_host, icon_port, icon_path )
else
answer = nil
end
else
answer = nil
end
end
-- If that didn't work, try /favicon.ico.
if not answer or answer.status ~= 200 then
answer = http.get( host, port, root .. "/favicon.ico" )
stdnse.print_debug( 4, "Using default URI.")
end
end
--- check for 200 response code
if answer and answer.status == 200 then
md5sum=string.upper(stdnse.tohex(openssl.md5(answer.body)))
match=favicondb[md5sum]
if match then
result = match
else
if nmap.verbosity() > 0 then
result = "Unknown favicon MD5: " .. md5sum
end
end
else
stdnse.print_debug( 1, "No favicon found.")
return
end --- status == 200
return result
end
local function dirname(path)
local dir
dir = string.match(path, "^(.*)/")
return dir or ""
end
-- Return a URL's host, port, and path, filling in the results with the given
-- host, port, and path if the URL is relative. Return nil if the scheme is not
-- "http" or "https".
function parse_url_relative(u, host, port, path)
local defaultport, scheme, abspath
u = url.parse(u)
scheme = u.scheme or "http"
if scheme == "http" then
defaultport = 80
elseif scheme == "https" then
defaultport = 443
else
return nil
end
abspath = u.path or ""
if not string.find(abspath, "^/") then
abspath = dirname(path) .. "/" .. abspath
end
return u.host or host, u.port or defaultport, abspath
end
function parseIcon( body )
local _, i, j
local rel, href, word
-- Loop through link elements.
i = 0
while i do
_, i = string.find(body, "<%s*[Ll][Ii][Nn][Kk]%s", i + 1)
if not i then
return nil
end
-- Loop through attributes.
j = i
while true do
local name, quote, value
_, j, name, quote, value = string.find(body, "^%s*(%w+)%s*=%s*([\"'])(.-)%2", j + 1)
if not j then
break
end
if string.lower(name) == "rel" then
rel = value
elseif string.lower(name) == "href" then
href = value
end
end
for word in string.gmatch(rel or "", "%S+") do
if string.lower(word) == "icon" then
return href
end
end
end
end