BOOK THIS SPACE FOR AD
ARTICLE ADFavFreak is a tool used in penetration testing and bug bounty hunting to analyze a website’s favicon (short for “favorite icon”). Favicons are small icons typically displayed in the browser’s address bar or next to the page title in the browser tab.
FavFreak can be used to:
Obtain the SHA1 hash of a website’s faviconPerform subdomain discovery based on a favicon hashSearch for other websites that use the same faviconExtract metadata from a website’s favicon, including image dimensions, format, and creation dateTake screenshots of a website and save them to a local directoryBy analyzing the favicon of a website, FavFreak can help a penetration tester or bug bounty hunter identify subdomains, potential attack vectors, and other useful information about the target. FavFreak is a useful addition to any reconnaissance or enumeration toolkit.
Here are some example commands for FavFreak:
To find the favicon hash for a single website:
favfreak -u https://example.comTo find the favicon hash for a list of websites in a file:
favfreak -l /path/to/file.txtTo perform a subdomain search based on a favicon hash:
favfreak -f <hash> --subdomainsTo extract metadata from a favicon:
favfreak -u https://example.com -eTo take screenshots of a website and save them to a directory:
favfreak -u https://example.com --screenshots /path/to/screenshots/To search for websites with the same favicon hash as a target website:
favfreak -u https://example.com -sTo perform a search for favicons on a target website and save the results to a file:
favfreak -u https://example.com --search --output /path/to/output/file.txtThese are just a few examples of the commands that can be used with FavFreak. For a complete list of available options, you can run favfreak --help in your terminal.
For more information about this tools, you can visit this github.