Home

Awesome

Fav-up

Lookups for real IP starting from the favicon icon and using Shodan.

img img2

Installation

Usage

CLI

First define how you pass the API key:

As of now, this tool can be used in three different ways:

You can specify input files which may contain urls to domain, to favicon icons, or simply locations of locally stored icons:

You can also save the results to a CSV/JSON file:

Examples

Favicon-file

python3 favUp.py --favicon-file favicon.ico -sc

Favicon-url

python3 favUp.py --favicon-url https://domain.behind.cloudflare/assets/favicon.ico -sc

Web

python3 favUp.py --web domain.behind.cloudflare -sc

Module

from favUp import FavUp

f = FavUp()          
f.shodanCLI = True
f.web = "domain.behind.cloudflare"
f.show = True 
f.run()

for result in f.faviconsList:
    print(f"Real-IP: {result['found_ips']}")
    print(f"Hash: {result['favhash']}")

All attributes

VariableType
FavUp.showbool
FavUp.keystr
FavUp.keyFilestr
FavUp.shodanCLIbool
FavUp.faviconFilestr
FavUp.faviconURLstr
FavUp.webstr
FavUp.shodanShodan class
FavUp.faviconsListlist[dict]

FavUp.faviconsList stores all the results, the key fields depend by the type of the lookup you want to do.

In case of --favicon-file or --favicon-list:

In case of --favicon-url or --url-list:

In case of --web or --web-list:

(in this case the URL of the favicon icon is returned by the href attribute of <link rel='icon'> HTML element)

If, while searching for the favicon icon, nothing useful is found, not-found will be returned.

In all three cases, found_ips field is added for every checked entry. If no IP(s) have been found, not-found will be returned.

Compatibility

At least python3.6 is required due to spicy syntax.

Feedback/Suggestion

Feel free to open any issue, your feedback and suggestions are always welcome <3

Publications

Unveiling IPs behind Cloudflare by @noneprivacy

Disclaimer

This tool is for educational purposes only. The authors and contributors don't take any responsibility for the misuse of this tool. Use It At Your Own Risk!

Credits

Conceived by Francesco Poldi noneprivacy, build with Aan Wahyu Petruknisme

stanley_HAL told me how Shodan calculates the favicon hash.

What is Murmur3?

More about Murmur3 and Shodan