forked from destan0098/makehash4shodan
-
Notifications
You must be signed in to change notification settings - Fork 0
/
makehash4shodan.go
152 lines (124 loc) · 3.47 KB
/
makehash4shodan.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
package main
import (
"bytes"
"crypto/tls"
"encoding/base64"
"flag"
"fmt"
"github.com/twmb/murmur3"
"io/ioutil"
"net/http"
"os"
"strings"
)
func main() {
// Replace this with the website URL you want to fetch the favicon from
var url *string
var faviconURL string
var err error
url = flag.String("u", "https://example.com", "URL")
flag.Parse()
faviconURL = *url
if *url == "https://example.com" {
fmt.Println("[!] Error!")
fmt.Printf("[-] Use: makehash4shodan -u http://example.com/favicon.ico\n")
fmt.Println("[i] Get all hosts with the same favicon!")
os.Exit(1)
}
if !strings.HasSuffix(*url, "/favicon.ico") {
faviconURL, err = getFaviconURL(*url)
if err != nil {
fmt.Println("Error fetching favicon URL:", err)
return
}
}
// Fetch the website's favicon
// Fetch the favicon file
// fmt.Println(faviconURL)
if !strings.HasPrefix(faviconURL, "https://") {
if !strings.HasPrefix(faviconURL, "http://") {
faviconURL = fmt.Sprintf(*url+"%s", faviconURL)
}
}
// fmt.Println(faviconURL)
faviconBytes := fetchFavicon(faviconURL)
if err != nil {
fmt.Println("Error fetching favicon:", err)
return
}
// Calculate the Shodan favicon hash
//fmt.Println("[!] Shodan Favicon Hash:", faviconBytes)
fmt.Println("[!] http.favicon.hash:", faviconBytes)
fmt.Printf("[*] View Results:\n> https://www.shodan.io/search?query=http.favicon.hash%%3A%d\n", faviconBytes)
}
// getFaviconURL fetches the website's HTML and extracts the favicon URL.
func getFaviconURL(websiteURL string) (string, error) {
// Allow insecure TLS connections for websites without SSL/TLS
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
client := &http.Client{Transport: tr}
response, err := client.Get(websiteURL)
if err != nil {
return "", err
}
defer response.Body.Close()
body, err := ioutil.ReadAll(response.Body)
if err != nil {
return "", err
}
// Search for the favicon URL in the HTML
faviconURL := findFaviconURL(body)
return faviconURL, nil
}
// findFaviconURL extracts the favicon URL from the HTML.
func findFaviconURL(html []byte) string {
// Search for the favicon link tag in the HTML
const faviconTag = `<link rel="icon" href="`
startIndex := bytes.Index(html, []byte(faviconTag))
if startIndex == -1 {
return ""
}
// Find the end of the URL
endIndex := bytes.Index(html[startIndex+len(faviconTag):], []byte(`"`))
if endIndex == -1 {
return ""
}
// Extract the URL
faviconURL := html[startIndex+len(faviconTag) : startIndex+len(faviconTag)+endIndex]
// Convert to string
return string(faviconURL)
}
// fetchFavicon fetches the favicon file using the given URL.
func fetchFavicon(url string) int32 {
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
final := ""
fix := 76
s := make([]string, 0)
f, errs := http.Get(url)
if errs != nil {
fmt.Println("[-] Error On Loading Page ", errs)
}
content, err := ioutil.ReadAll(f.Body)
if err != nil {
fmt.Println("[-] Error On Loading Page Contents", errs)
}
str := base64.StdEncoding.EncodeToString(content)
// slice up string
for i := 0; i*fix+fix < len(str); i++ {
it := str[i*fix : i*fix+fix]
s = append(s, it)
}
// find last piece of string
findlen := len(s) * fix
last := str[findlen:] + "\n"
// put it all together
for _, s := range s {
final = final + s + "\n"
}
str = final + last
// do murmurhash3 stuff
mm3 := murmur3.StringSum32(str)
// convert uint32 to int32
return int32(mm3)
}