.png)
2 months ago
27 BOOK THIS SPACE FOR AD
ARTICLE AD
FavFreak — The Ultimate Favicon Hash Recon Tool for Bug Bounty Hunters
Effective reconnaissance is key to uncovering hidden assets, forgotten services, and potential vulnerabilities in bug bounty hunting. FavFreak, a tool inspired by Devansh batham, takes this a step further by using favicon hashes to perform targeted searches across platforms like Shodan, ZoomEye, and Censys. Originally written in Python, I’ve rebuilt FavFreak in Golang to enhance its efficiency and multithreading capabilities, adding support for ZoomEye and Censys.
FavFreak is a powerful, multithreaded tool written in Golang, built for high-performance reconnaissance. It extracts the favicon from a given website, computes hashes, and then generates dorks (search queries) for platforms like Shodan, ZoomEye, and Censys. These dorks allow you to identify related hosts or services using the same favicon, uncovering new assets, including those hidden behind legacy systems or isolated network segments.
Multithreading is key to FavFreak’s performance. Written in Go, FavFreak takes advantage of Go’s goroutines to process multiple URLs concurrently. This means you can handle a long list of URLs, and FavFreak will fetch the favicons, compute the hashes, and generate dorks for each one in parallel, drastically reducing processing time.
Here’s why that matters:
Speed: Run your recon faster by processing multiple URLs at once.Scalability: Whether you’re dealing with 10 or 10,000 URLs, FavFreak scales efficiently with Go’s concurrency model.Efficiency: Bug bounty hunters need tools that work fast. With multithreading, FavFreak ensures you’re not waiting around to gather your intel.Below is a screenshot of FavFreak in action, generating search dorks for a list of URLs:
This example demonstrates how FavFreak processes each URL, extracts the favicon, computes both MMH3 and MD5 hashes, and generates search queries that you can directly use on Shodan, ZoomEye, and Censys.
You can install FavFreak on your local machine with a few simple steps:
1. Prerequisites
FavFreak is written in Go, so you need to have Go installed on your system. If you don’t have it installed, follow these steps:
# Install Go (Linux/WSL)sudo apt update
sudo apt install golang-go# Verify Go installation
go version
2. Installation
Install the tool with the following command
go install github.com/Hadiasemi/favfreak@latest3. Run FavFreak
Once you’ve installed the tool, you can now use it to generate favicon hashes and perform searches.
cat file.txt | favfreak -shodan -fingerprint '{"99395752": "slack-instance", "878647854": "atlasian"}'You can also pass in a fingerprint file with hashes and names:
favfreak -fingerprint fingerprints.jsonHere’s how you can get the most out of FavFreak:
1. Generate Favicon Hashes
Start by fetching the favicon from a target website, then generate its MMH3 and MD5 hashes using FavFreak. For example:
cat urls.txt | favfreak -all2. Search for Similar Targets
FavFreak provides dorks for Shodan, ZoomEye, and Censys, allowing you to search for other hosts with the same favicon. This can help you find additional targets or shadow IT assets.
For example, the Shodan dork might look like this:
https://www.shodan.io/search?query=http.favicon.hash:<MMH3_HASH>Similarly, you can use ZoomEye or Censys dorks to search across other platforms.
3. Map the Target Infrastructure
Once you identify multiple services using the same favicon, you can start mapping the infrastructure of the company or target you’re hunting. You might discover legacy or forgotten systems that are more vulnerable to attacks.
4. Leverage Fingerprint-Based Detection
One of the core features of FavFreak is fingerprint-based detection. You can provide a JSON file with known hashes of common technologies or services (like “slack-instance”), and FavFreak will automatically count and categorize the matches it finds.
favfreak -fingerprint fingerprints.jsonThis will display a result like:
================= Favicon Hash Results =================[MMH3 Hash] 708578229
https://google.com
Shodan: https://www.shodan.io/search?query=http.favicon.hash:708578229
ZoomEye: https://www.zoomeye.org/searchResult?q=iconhash:708578229
Censys: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=services.http.response.favicons.md5_hash:f3418a443e7d841097c714d69ec4bcb8
[MMH3 Hash] 99395752
https://slack.com
Shodan: https://www.shodan.io/search?query=http.favicon.hash:99395752
ZoomEye: https://www.zoomeye.org/searchResult?q=iconhash:99395752
Censys: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=services.http.response.favicons.md5_hash:d761676f45743f2870388fa7c5cab5c3
================= [FingerPrint Based Detection Results] =================
[slack-instance] - count: 1
Bug bounty hunters need every edge they can get, and tools like FavFreak provide a unique angle for discovering hidden or forgotten assets. By tapping into the vast data available through search engines like Shodan, ZoomEye, and Censys, you can drastically improve your chances of finding vulnerable systems that others might miss.
With FavFreak, you’ll enhance your reconnaissance and expand your attack surface, giving you more opportunities to discover and report critical vulnerabilities.
FavFreak is a tool that embodies the spirit of modern bug bounty hunting — creative, efficient, and thorough. Whether you’re a seasoned bug bounty veteran or just getting started, FavFreak will help you explore new avenues of recon and uncover hidden assets that could lead to your next big find.
So, give FavFreak a try, integrate it into your workflow, and let it guide you to your next bug bounty success!
Happy hacking, and may your dorks always lead you to treasure!
Bengali (Bangladesh) · 
English (United States) ·