Merge pull request #486 from edoardottt/devel

v1.0.0

Author: edoardottt

README.md

@@ -3,7 +3,7 @@
   <br>
 </h1>
 
-<h4 align="center">Use favicon.ico to improve your target recon phase</h4>
+<h4 align="center">Use favicons to improve your target recon phase</h4>
 
 <h6 align="center"> Coded with 💙 by edoardottt </h6>
 

go.mod

@@ -3,63 +3,65 @@ module github.com/edoardottt/favirecon
 go 1.23.0
 
 require (
+	github.com/PuerkitoBio/goquery v1.10.3
 	github.com/edoardottt/golazy v0.1.4
 	github.com/projectdiscovery/goflags v0.1.74
 	github.com/projectdiscovery/gologger v1.1.54
 	github.com/projectdiscovery/mapcidr v1.1.34
-	github.com/projectdiscovery/utils v0.4.17
+	github.com/projectdiscovery/utils v0.4.18
 	github.com/stretchr/testify v1.10.0
 	github.com/twmb/murmur3 v1.1.8
 	go.uber.org/ratelimit v0.3.1
 )
 
 require (
-	github.com/STARRY-S/zip v0.2.1 // indirect
+	github.com/STARRY-S/zip v0.2.3 // indirect
 	github.com/andybalholm/brotli v1.1.1 // indirect
+	github.com/andybalholm/cascadia v1.3.3 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
-	github.com/benbjohnson/clock v1.3.0 // indirect
+	github.com/benbjohnson/clock v1.3.5 // indirect
 	github.com/bodgit/plumbing v1.3.0 // indirect
-	github.com/bodgit/sevenzip v1.6.0 // indirect
+	github.com/bodgit/sevenzip v1.6.1 // indirect
 	github.com/bodgit/windows v1.0.1 // indirect
-	github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08 // indirect
+	github.com/cnf/structhash v0.0.0-20250313080605-df4c6cc74a9a // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/gorilla/css v1.0.1 // indirect
-	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.11 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/logrusorgru/aurora v2.0.3+incompatible // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/mholt/archives v0.1.0 // indirect
+	github.com/mholt/archives v0.1.1 // indirect
 	github.com/microcosm-cc/bluemonday v1.0.27 // indirect
-	github.com/miekg/dns v1.1.56 // indirect
+	github.com/miekg/dns v1.1.65 // indirect
+	github.com/minio/minlz v1.0.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/nwaples/rardecode/v2 v2.0.0-beta.4.0.20241112120701-034e449c6e78 // indirect
-	github.com/pierrec/lz4/v4 v4.1.21 // indirect
+	github.com/nwaples/rardecode/v2 v2.1.1 // indirect
+	github.com/pierrec/lz4/v4 v4.1.22 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/projectdiscovery/blackrock v0.0.1 // indirect
 	github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
-	github.com/sorairolake/lzip-go v0.3.5 // indirect
+	github.com/sorairolake/lzip-go v0.3.7 // indirect
+	github.com/spf13/afero v1.14.0 // indirect
 	github.com/therootcompany/xz v1.0.1 // indirect
-	github.com/tidwall/gjson v1.14.4 // indirect
+	github.com/tidwall/gjson v1.18.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/ulikunitz/xz v0.5.12 // indirect
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
-	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
-	golang.org/x/mod v0.17.0 // indirect
-	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/sync v0.12.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
+	golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 // indirect
+	golang.org/x/mod v0.24.0 // indirect
+	golang.org/x/net v0.39.0 // indirect
+	golang.org/x/sync v0.13.0 // indirect
+	golang.org/x/sys v0.32.0 // indirect
+	golang.org/x/text v0.24.0 // indirect
+	golang.org/x/tools v0.32.0 // indirect
 	gopkg.in/djherbis/times.v1 v1.3.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -684,6 +684,7 @@
     "1749354953": "Vantara Pentaho Business Analytics Server",
     "-175177211": "VMware vCenter Converter Standalone",
     "175178334": "Nas4free",
+    "1752776796": "OpenAI",
     "-175283071": "Dell",
     "1756605828": "WebCTRL",
     "1757638479": "Bossgoo",
@@ -1100,6 +1101,7 @@
     "430582574": "SmartPing",
     "-43161126": "Slack",
     "432733105": "Pi Star",
+    "-434501501": "bit.ly",
     "-435817905": "Cambium Networks",
     "-438482901": "Moodle",
     "440258421": "Dolibarr",
@@ -1132,6 +1134,7 @@
     "517158172": "D-Link (router/network)",
     "-519765377": "Parallels Plesk Panel",
     "-520888198": "Blue Iris (Webcam)",
+    "-525583313": "OpenAI",
     "-532394952": "CX",
     "538323054": "NethServer Enterprise",
     "538585915": "Lenel",

pkg/favirecon/db.json

@@ -8,6 +8,7 @@ package favirecon
 
 import (
 	"bufio"
+	"errors"
 	"fmt"
 	"os"
 	"sync"
@@ -126,6 +127,23 @@ func pushInput(r *Runner) {
 	close(r.Input)
 }
 
+/*
+Try /favicon.ico first. Most common and lightweight check.
+Accept it only if:
+- Status is 200.
+- Content-Type is an image.
+- Body length is > 0 (some sites return 200 but empty).
+If valid, hash and lookup. ✅ Done.
+
+Fallback to parsing <link rel="icon" ...> in the HTML <head>:
+- Fetch original input URL (not with /favicon.ico appended).
+- Parse the HTML.
+- Extract: rel=icon, rel=shortcut icon, rel=apple-touch-icon
+If href is:
+- A relative path → resolve against base URL.
+- A full URL → use as-is.
+- Data URL → decode and hash directly.
+*/
 func execute(r *Runner) {
 	defer r.InWg.Done()
 
@@ -137,38 +155,52 @@ func execute(r *Runner) {
 		go func() {
 			defer r.InWg.Done()
 
+			client, err := customClient(&r.Options)
+			if err != nil {
+				gologger.Error().Msgf("%s", err)
+
+				return
+			}
+
 			for value := range r.Input {
-				targetURL, err := PrepareURL(value)
+				faviconURL, err := PrepareURL(value)
 				if err != nil {
 					gologger.Error().Msgf("%s", err)
 
-					return
+					continue
 				}
 
 				rl.Take()
 
-				client, err := customClient(&r.Options)
+				found, result, err := getFavicon(faviconURL, r.UserAgent, client)
 				if err != nil {
-					gologger.Error().Msgf("%s", err)
-
-					return
+					if errors.Is(err, ErrFaviconNotFound) {
+						gologger.Debug().Msgf("%s for url %s", err.Error(), value)
+					} else {
+						gologger.Error().Msgf("%s", err)
+					}
 				}
 
-				result, err := getFavicon(targetURL, r.UserAgent, client)
-				if err != nil {
-					gologger.Error().Msgf("%s", err)
+				if !found {
+					gologger.Debug().Msgf("Fallback to HTML parsing for %s", value)
 
-					return
+					faviconURL, result, err = extractFaviconFromHTML(value, r.UserAgent, client)
+					if err != nil {
+						gologger.Debug().Msgf("Favicon not found for %s: %s", value, err)
+						continue
+					}
 				}
 
-				found, err := CheckFavicon(result, r.Options.Hash, targetURL)
+				foundDB, err := CheckFavicon(result, r.Options.Hash, faviconURL)
 				if err != nil {
 					if r.Options.Verbose {
 						gologger.Error().Msgf("%s", err)
 					}
-				} else {
-					r.Output <- output.Found{URL: targetURL, Name: found, Hash: result}
+
+					continue
 				}
+
+				r.Output <- output.Found{URL: value, Name: foundDB, Hash: result}
 			}
 		}()
 	}

pkg/favirecon/favirecon.go

@@ -0,0 +1,93 @@
+/*
+favirecon - Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.
+
+This repository is under MIT License https://github.com/edoardottt/favirecon/blob/main/LICENSE
+*/
+
+package favirecon
+
+import (
+	"encoding/base64"
+	"errors"
+	"net/http"
+	"strings"
+
+	"github.com/PuerkitoBio/goquery"
+)
+
+var (
+	ErrFaviconNotFound        = errors.New("favicon not found")
+	ErrFaviconLinkTagNotFound = errors.New("no favicon link tag found")
+	ErrHTMLNotFetched         = errors.New("failed to fetch HTML")
+	ErrInvalidDataURI         = errors.New("invalid data URI")
+)
+
+func extractFaviconFromHTML(pageURL, ua string, client *http.Client) (string, string, error) {
+	req, err := http.NewRequest(http.MethodGet, pageURL, nil)
+	if err != nil {
+		return "", "", err
+	}
+
+	req.Header.Add("User-Agent", ua)
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return "", "", err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return "", "", ErrHTMLNotFetched
+	}
+
+	doc, err := goquery.NewDocumentFromReader(resp.Body)
+	if err != nil {
+		return "", "", err
+	}
+
+	var faviconHref string
+
+	doc.Find("link").EachWithBreak(func(i int, s *goquery.Selection) bool {
+		rel, _ := s.Attr("rel")
+		href, ok := s.Attr("href")
+
+		if ok && strings.Contains(strings.ToLower(rel), "icon") {
+			faviconHref = href
+			return false // break loop
+		}
+
+		return true
+	})
+
+	if faviconHref == "" {
+		return "", "", ErrFaviconLinkTagNotFound
+	}
+
+	// handle base64 data
+	if strings.HasPrefix(faviconHref, "data:image") {
+		base64Data := strings.SplitN(faviconHref, ",", 2)
+		if len(base64Data) != 2 {
+			return "", "", ErrInvalidDataURI
+		}
+
+		decoded, err := base64.StdEncoding.DecodeString(base64Data[1])
+		if err != nil {
+			return "", "", err
+		}
+
+		return faviconHref, GetFaviconHash(decoded), nil
+	}
+
+	faviconURL := resolveURL(pageURL, faviconHref)
+
+	found, favicon, err := getFavicon(faviconURL, ua, client)
+	if err != nil {
+		return faviconURL, "", err
+	}
+
+	if !found {
+		return "", "", ErrFaviconNotFound
+	}
+
+	return faviconURL, favicon, nil
+}