'favicon.ico' Based Fingerprinting (HTTP)

# SPDX-FileCopyrightText: 2005 Javier Fernandez-Sanguino
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.20108");
  script_version("2023-08-01T13:29:10+0000");
  script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
  script_tag(name:"creation_date", value:"2006-03-26 17:55:15 +0200 (Sun, 26 Mar 2006)");
  script_tag(name:"cvss_base", value:"0.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
  script_name("'favicon.ico' Based Fingerprinting (HTTP)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2005 Javier Fernandez-Sanguino");
  script_family("Web application abuses");
  script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl", "DDI_Directory_Scanner.nasl", "global_settings.nasl");
  script_require_ports("Services/www", 80);
  script_exclude_keys("Settings/disable_cgi_scanning");

  script_tag(name:"summary", value:"HTTP based fingerprinting of web applications based on an
  exposed 'favicon.ico' file.");

  script_tag(name:"qod_type", value:"remote_banner");

  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");
include("misc_func.inc");

global_var found, foundList, server;

# Known favicons list:
# Google Web Server, should not be seen outside Google, and servers as
# a way to test the script
# Various popular CMS, Wikis, ...

# Favicons from OWASP Favicon project: (Last synced on 2015-12-02)
# http://www.owasp.org/index.php/Category:OWASP_Favicon_Database_Project
# awk -F':' '{print "server[\""$1"\"]=\""$2"\";"}' favicon-md5

server["6399cc480d494bf1fcd7d16c42b1c11b"]="penguin";
server["09b565a51e14b721a323f0ba44b2982a"]="Google web server";
server["506190fc55ceaa132f1bc305ed8472ca"]="SocialText";
server["2cc15cfae55e2bb2d85b57e5b5bc3371"]="PHPwiki (1.3.14) / gforge (4.6.99+svn6496) - wiki";
server["389a8816c5b87685de7d8d5fec96c85b"]="XOOPS cms";
server["f1876a80546b3986dbb79bad727b0374"]="NetScreen WebUI or 3Com Router";
server["226ffc5e483b85ec261654fe255e60be"]="Netscape 4.1";
server["b25dbe60830705d98ba3aaf0568c456a"]="Netscape iPlanet 6.0";
server["41e2c893098b3ed9fc14b821a2e14e73"]="Netscape 6.0 (AOL)";
server["a28ebcac852795fe30d8e99a23d377c1"]="SunOne 6.1";
server["71e30c507ca3fa005e2d1322a5aa8fb2"]="Apache on Redhat";
server["d41d8cd98f00b204e9800998ecf8427e"]="Zero byte favicon";
server["dcea02a5797ce9e36f19b7590752563e"]="Parallels Plesk ";
server["6f767458b952d4755a795af0e4e0aa17"]="Yahoo!";
server["5b0e3b33aa166c88cee57f83de1d4e55"]="DotNetNuke (http://www.dotnetnuke.com)";
server["7dbe9acc2ab6e64d59fa67637b1239df"]="Lotus-Domino";
server["fa54dbf2f61bd2e0188e47f5f578f736"]="WordPress";
server["6cec5a9c106d45e458fc680f70df91b0"]="WordPress - obsolete version";
server["81ed5fa6453cf406d1d82233ba355b9a"]="E-zekiel";
server["ecaa88f7fa0bf610a5a26cf545dcd3aa"]="3-byte invalid favicon";
server["c1201c47c81081c7f0930503cae7f71a"]="vBulletin forum";
server["edaaef7bbd3072a3a0c3fb3b29900bcb"]="Powered by Reynolds Web Solutions (Car sales CMS)";
server["d99217782f41e71bcaa8e663e6302473"]="Apache on Red Hat/Fedora";
server["a8fe5b8ae2c445a33ac41b33ccc9a120"]="Arris Touchstone Device";
server["d16a0da12074dae41980a6918d33f031"]="ST 605";
server["befcded36aec1e59ea624582fcb3225c"]="SpeedTouch";
server["e4a509e78afca846cd0e6c0672797de5"]="i3micro VRG";
server["3541a8ed03d7a4911679009961a82675"]="status.net";
server["fa2b274fab800af436ee688e97da4ac4"]="Etherpad";
server["83245b21512cc0a0e7a67c72c3a3f501"]="OpenXPKI";
server["85138f44d577b03dfc738d3f27e04992"]="Gitweb";
server["70625a6e60529a85cc51ad7da2d5580d"]="SSLstrip ";
server["99306a52c76e19e3c298a46616c5899c"]="aMule (2.2.2)";
server["31c16dd034e6985b4ba929e251200580"]="Stephen Turner Analog (6.0)";
server["2d4cca83cf14d1adae178ad013bdf65b"]="Ant docs manual (1.7.1)";
server["032ecc47c22a91e7f3f1d28a45d7f7bc"]="Ant docs (1.7.1) / libjakarta-poi-java (3.0.2)";
server["31aa07fe236ee504c890a61d1f7f0a97"]="apache2 (2.2.9) docs-manual";
server["c0c4e7c0ac4da24ab8fc842d7f96723c"]="xsp (1.9.1)";
server["d6923071afcee9cebcebc785da40b226"]="autopsy (2.08)";
server["7513f4cf4802f546518f26ab5cfa1cad"]="axyl (2.6.0)";
server["de68f0ad7b37001b8241bce3887593c7"]="b2evolution (2.4.2)";
server["140e3eb3e173bfb8d15778a578a213aa"]="bmpx (0.40.14)";
server["4f12cccd3c42a4a478f067337fe92794"]="cacti (0.8.7b)";
server["c0533ae5d0ed638ba3fb3485d8250a28"]="CakePHP (1.1.x)";
server["66b3119d379aee26ba668fef49188dd3"]="cakephp (1.2.x-1.3x)";
server["09f5ea65a2d31da8976b9b9fd2bf853c"]="caudium (1.4.12)";
server["f276b19aabcb4ae8cda4d22625c6735f"]="cgiirc (0.5.9)";
server["a18421fbf34123c03fb8b3082e9d33c8"]="chora2 (2.0.2) ";
server["23426658f03969934b758b7eb9e8f602"]="chronicle (2.9) theme-steve";
server["75069c2c6701b2be250c05ec494b1b31"]="chronicle (2.9) theme-blog.mail-scanning.com";
server["27c3b07523efd6c318a201cac58008ba"]="cimg (1.2.0.1) ";
server["ae59960e866e2730e99799ac034eacf7"]="webcit (7.37)";
server["2ab2aae806e8393b70970b2eaace82e0"]="couchdb (0.8.0-0.9.1)";
server["ddd76f1cfe31499ce3db6702991cbc45"]="cream (0.41)";
server["74120b5bbc7be340887466ff6cfe66c6"]="cups (1.3.9) - doc";
server["abeea75cf3c1bac42bbd0e96803c72b9"]="doc-iana-20080601";
server["3ef81fad2a3deaeb19f02c9cf67ed8eb"]="dokuwiki (0.0.20080505) ";
server["e6a9dc66179d8c9f34288b16a02f987e"]="Drupal CMS (5.10) ";
server["bba9f1c29f100d265865626541b20a50"]="dtc (0.28.10) ";
server["171429057ae2d6ad68e2cd6dcfd4adc1"]="ebug-http (0.31)";
server["f6e9339e652b8655d4e26f3e947cf212"]="eGroupWare (1.0.0.009, 1.4.004-2) (/phpgwapi/templates/idots/images/favicon.ico)";
server["093551287f13e0ee3805fee23c6f0e12"]="freevo (1.8.1) ";
server["56753c5386a70edba6190d49252f00bb"]="gallery (1.5.8)";
server["54b299f2f1c8b56c8c495f2ded6e3e0b"]="garlic-doc (1.6) ";
server["857281e82ea34abbb79b9b9c752e33d2"]="gforge (4.6.99+svn6496) - webcalendar";
server["27a097ec0dbffb7db436384635d50415"]="gforge (4.6.99+svn6496) - images";
server["0e14c2f52b93613b5d1527802523b23f"]="gforge (4.6.99+svn6496) ";
server["c9339a2ecde0980f40ba22c2d237b94b"]="glpi (0.70.2)";
server["db1e3fe4a9ba1be201e913f9a401d794"]="gollem (1.0.3)";
server["921042508f011ae477d5d91b2a90d03f"]="gonzui (1.2+cvs20070129) ";
server["ecab73f909ddd28e482ababe810447c8"]="gosa (2.5.16.1)";
server["c16b0a5c9eb3bfd831349739d89704ec"]="gramps (3.0.1)";
server["63d5627fc659adfdd5b902ecafe9100f"]="gsoap (2.7.9l) ";
server["462794b1165c44409861fcad7e185631"]="hercules (3.05) ";
server["3995c585b76bd5aa67cb6385431d378a"]="horde-sam (0.1+cvs20080316) - silver";
server["ee3d6a9227e27a5bc72db3184dab8303"]="horde-sam (0.1+cvs20080316) - graphics";
server["7cc1a052c86cc3d487957f7092a6d8c3"]="horde (3.2.1) - graphics/tango";
server["5e99522b02f6ecadbb3665202357d775"]="hplip (2.8.7) - installer";
server["39308a30527336e59d1d166d48c7742c"]="Hewlett-Packard HPLIP (2.8.7) - doc";
server["43d4aa56dc796067b442c95976a864fd"]="hunchentoot (0.15.7) ";
server["32bf63ac2d3cfe82425ce8836c9ce87c"]="ikiwiki (2.56ubuntu1)";
server["f567fd4927f9693a7a2d6cacf21b51b6"]="Horde IMP (4.1.4 - 4.1.6, also used in Horde Groupware Webmail 1.0.1))";
server["919e132a62ea07fce13881470ba70293"]="Horde Groupware Webmail 1.0.1 (Ingo Theme, 1.1.5)";
server["ed7d5c39c69262f4ba95418d4f909b10"]="jetty (5.1.14)";
server["6900fab05a50a99d284405f46e5bc7f6"]="k3d (0.6.7.0) ";
server["24d1e355c00e79dc13b84d5455534fe7"]="kdelibs (3.5.10-4.1.4) ";
server["8ab2f1a55bcb0cac227828afd5927d39"]="kdenetwork (4.1.4)";
server["54667bea91124121e98da49e55244935"]="kolab-webadmin (2.1.0-20070510)";
server["a5b126cdeaa3081f77a22b3e43730942"]="Horde Groupware Webmail 1.0.1 (Kronolith Theme, 2.1.8)";
server["d00d85c8fb3a11170c1280c454398d51"]="ktorrent (3.1.2) ";
server["fa21ab1b1e1b4c9516afbd63e91275a9"]="lastfmproxy (1.3b) ";
server["663ee93a41000b8959d6145f0603f599"]="ldap-account-manager (2.3.0) ";
server["ea84a69cb146a947fac2ac7af3946297"]="boost (1.34.1) ";
server["eb3e307f44581916d9f1197df2fc9de3"]="flac (1.2.1) ";
server["669bc10baf11b43391294aac3e1b8c52"]="libitpp (4.0.4)";
server["b8fe2ec1fcc0477c0d0f00084d824071"]="lucene (2.3.2) ";
server["12225e325909cee70c31f5a7ab2ee194"]="ramaze-ruby (0.3.9.1) ";
server["6be5ebd07e37d0b415ec83396a077312"]="ramaze-ruby (0.3.9.1) - dispatcher";
server["20e208bb83f3eeed7c1aa8a6d9d3229d"]="libswarmcache-java (1.0RC2+cvs20071027)";
server["5f8b52715c08dfc7826dad181c71dec8"]="mahara (1.0.4)";
server["ebe293e1746858d2548bca99c43e4969"]="Mantis Bug Tracker (1.1.2, /bugs/images/favicon.ico)";
server["0d42576d625920bcd121261fc5a6230b"]="mathomatic (14.0.6)";
server["f972c37bf444fb1925a2c97812e2c1eb"]="mediatomb (0.11.0)";
server["f5f2df7eec0d1c3c10b58960f3f8fb26"]="Horde Groupware Webmail 1.0.1 (Mnemo Theme, 2.1.2) ";
server["933a83c6e9e47bd1e38424f3789d121d"]="Moodle (1.8.2, 1.9.x, multiple default themes) ";
server["b6652d5d71f6f04a88a8443a8821510f"]="Moodle (1.8.2, 1.9.x, Cornflower Theme, /theme/cornflower/favicon.ico)";
server["06b60d90ccfb79c2574c7fdc3ac23f05"]="movabletype-opensource (4.2~rc4)";
server["21d80d9730a56b26dc9d252ffabb2987"]="mythplugins (0.21.0+fixes18722) ";
server["81df3601d6dc13cbc6bd8212ef50dd29"]="Horde Groupware Webmail 1.0.1 (Nag Theme, 2.1.4)";
server["1c4201c7da53d6c7e48251d3a9680449"]="nagios (3.0.2)";
server["28015fcdf84ca0d7d382394a82396927"]="nanoblogger (3.3)";
server["868e7b460bba6fe29a37aa0ceff851ba"]="netmrg (0.20)";
server["0b2481ebc335a2d70fcf0cba0b3ce0fc"]="ntop (3.3)";
server["c30bf7e6d4afe1f02969e0f523d7a251"]="nulog (2.0)";
server["9a8035769d7a129b19feb275a33dc5b4"]="ocsinventory-server (1.01)";
server["75aeda7adbd012fa93c4ae80336b4f45"]="parrot (0.4.13) - docs";
server["70777a39f5d1de6d3873ffb309df35dd"]="pathological (1.1.3)";
server["82d746eb54b78b5449fbd583fc046ab2"]="perl-doc-html (5.10.0)";
server["90c244c893a963e3bb193d6043a347bd"]="phpgroupware (0.9.16.012) ";
server["4b30eec86e9910e663b5a9209e9593b6"]="phpldapadmin (1.1.0.5)";
server["02dd7453848213a7b5277556bcc46307"]="phpmyadmin (2.11.8.1) - pmd ";
server["d037ef2f629a22ddadcf438e6be7a325"]="phpmyadmin (2.11.8.1 - 4.2.x)";
server["8190ead2eb45952151ab5065d0e56381"]="pootle (1.1.0)";
server["ba84999dfc070065f37a082ab0e36017"]="prewikka (0.9.14)";
server["0f45c2c79ebe90d6491ddb111e810a56"]="python-cherrypy (2.3.0-3.0.2)";
server["e551b7017a9bd490fc5b76e833d689bf"]="MoinMoin (1.7.1)";
server["275e2e37fc7be50c1f03661ef8b6ce4f"]="myghty (1.1)";
server["68b329da9893e34099c7d8ad5cb9c940"]="myghty (1.1) - zblog ";
server["5488c1c8bf5a2264b8d4c8541e2d5ccd"]="turbogears (1.0.4.4) - genshi/elixir";
server["6927da350550f29bc641138825dff36f"]="python-werkzeug (0.3.1) - docs ";
server["e3f28aab904e9edfd015f64dc93d487d"]="python-werkzeug (0.3.1) - cupoftee-examples";
server["69f8a727f01a7e9b90a258bc30aaae6a"]="quantlib-refman-html (0.9.0)";
server["b01625f4aa4cd64a180e46ef78f34877"]="quickplot (0.8.13)";
server["af83bba99d82ea47ca9dafc8341ec110"]="qwik (0.8.4.4ubuntu2)";
server["e9469705a8ac323e403d74c11425a62b"]="roundcube (0.1.1)";
server["7f57bbd0956976e797b4e8eebdc6d733"]="selfhtml (8.1.1)";
server["69acfcb2659952bc37c54108d52fca70"]="solr (1.2.0) - docs";
server["ffc05799dee87a4f8901c458f7291d73"]="solr (1.2.0) - admin";
server["aa2253a32823c8a5cba8d479fecedd3a"]="sork-forwards-h3 (3.0.1)";
server["a2e38a3b0cdf875cd79017dcaf4f2b55"]="sork-passwd-h3 (3.0)";
server["cb740847c45ea3fbbd80308b9aa4530a"]="sork-vacation-h3 (3.0.1)";
server["7c7b66d305e9377fa1fce9f9a74464d9"]="spe (0.8.4.h)";
server["0e2503a23068aac350f16143d30a1273"]="sql-ledger (2.8.15)";
server["1fd3fafc1d461a3d19e91dbbba03d0aa"]="tea (17.6.1)";
server["4644f2d45601037b8423d45e13194c93"]="Apache Tomcat (5.5.26), Alfresco Community";
server["1de863a5023e7e73f050a496e6b104ab"]="torrentflux (2.4)";
server["83dea3d5d8c6feddec84884522b61850"]="torrentflux (2.4) - themes/G4E/";
server["d1bc9681dce4ad805c17bd1f0f5cee97"]="torrentflux (2.4) - themes/BlueFlux/";
server["8d13927efb22bbe7237fa64e858bb523"]="transmission (1.34)";
server["5b015106854dc7be448c14b64867dfa5"]="tulip (3.0.0~B6)";
server["ff260e80f5f9ca4b779fbd34087f13cf"]="Horde Groupware Webmail 1.0.1 (Turba Theme, 2.1.7)";
server["e7fc436d0bf31500ced7a7143067c337"]="twiki (4.1.2) - logos/favicon.ico";
server["9789c9ab400ea0b9ca8fcbd9952133bd"]="twiki (4.1.2) - webpreferences ";
server["2b52c1344164d29dd8fb758db16aadb6"]="vdr-plugin-live (0.2.0)";
server["237f837bbc33cd98a9f47b20b284e2ad"]="vdradmin-am (3.6.1) ";
server["6f7e92fe7e6a62661ac2b41528a78fc6"]="vlc (0.9.4)";
server["2507c0b0a60ecdc816ba45482affaedf"]="webcheck (1.10.2.0) ";
server["ef5169b040925a716359d131afbea033"]="websvn (2.0) ";
server["f6d0a100b6dbeb5899f0975a1203fd85"]="witty (2.1.5)";
server["81feac35654318fb16d1a567b8b941e7"]="yaws (1.77)";
server["33b04fb9f2ec918f5f14b41527e77f6d"]="znc (0.058)";
server["6434232d43f27ef5462ba5ba345e03df"]="znc (0.058, webadmin/skins/default)";
server["e07c0775523271d629035dc8921dffc7"]="zoneminder (1.23.3)";
server["4eb846f1286ab4e7a399c851d7d84cca"]="Plone CMS (3.1.1)";
server["e298e00b2ff6340343ddf2fc6212010b"]="Nessus 4.x Scanner Web Client";
server["240c36cd118aa1ff59986066f21015d4"]="LANCOM Systems";
server["ceb25c12c147093dc93ac8b2c18bebff"]="COMpact 5020 VoIP";
server["05656826682ab3147092991ef5de9ef3"]="RapidShare";
server["e19ffb2bc890f5bdca20f10bfddb288d"]="Rapid7 (NeXpose)";
server["1f8c0b08fb6b556a6587517a8d5f290b"]="owasp.org";
server["73778a17b0d22ffbb7d6c445a7947b92"]="Apache on Mac OS X";
server["799f70b71314a7508326d1d2f68f7519"]="JBoss Server";
server["bd0f7466d35e8ba6cedd9c27110c5c41"]="Serena Collage (4.6, servlet/images/collage_app.ico)";
server["dc0816f371699823e1e03e0078622d75"]="Aruba Network Devices (HTTP(S) login page)";
server["f097f0adf2b9e95a972d21e5e5ab746d"]="Citrix Access Server";
server["28893699241094742c3c2d4196cd1acb"]="Xerox DocuShare";
server["80656aabfafe0f3559f71bb0524c4bb3"]="Macromedia Breeze";
server["48c02490ba335a159b99343b00decd87"]="Octeth Technologies oemPro (3.5.5.1)";
server["eb6d4ce00ec36af7d439ebd4e5a395d7"]="Mailman";
server["04d89d5b7a290334f5ce37c7e8b6a349"]="Atlassian Jira Bug Tracker";
server["d80e364c0d3138c7ecd75bf9896f2cad"]="Apache Tomcat (6.0.18), Alfresco Enterprise Content Management System";
server["a6b55b93bc01a6df076483b69039ba9c"]="Fog Creek Fogbugz (6.1.44)";
server["ee4a637a1257b2430649d6750cda6eba"]="Trimble Device Embedded Web Server";
server["9ceae7a3c88fc451d59e24d8d5f6f166"]="Plesk managed system";
server["69ae01d0c74570d4d221e6c24a06d73b"]="Roku Soundbridge";
server["2e9545474ee33884b5fb8a9a0b8806dd"]="Ampache";
server["639b61409215d770a99667b446c80ea1"]="Lotus Domino Server";
server["be6fb62815509bd707e69ee8dad874a1"]="i.LON server by Echelon";
server["a46bc7fc42979e9b343335bdd86d1c3e"]="NetScout NGenius";
server["192decdad41179599a776494efc3e720"]="JBoss Installation";
server["de2b6edbf7930f5dd0ffe0528b2bbcf4"]="Barracuda Spam/Virus firewall appliance";
server["386211e5c0b7d92efabd41390e0fc250"]="SparkWeb web-based collaboration client. http://www.igniterealtime.org/";
server["f89abd3f358cb964d6b753a5a9da49cf"]="LimeSurvey";
server["a7947b1675701f2247921cf4c2b99a78"]="Alexander Palmo Simple PHP Blog";
server["01febf7c2bd75cd15dae3aa093d80552"]="Atlassian Crucible or Fisheye";
server["1275afc920a53a9679d2d0e8a5c74054"]="Atlassian Crowd";
server["12888a39a499eb041ca42bf456aca285"]="Atlassian Confluence or Crowd";
server["3341c6d3c67ccdaeb7289180c741a965"]="Atlassian Confluence or Crowd";
server["6c1452e18a09070c0b3ed85ce7cb3917"]="Atlassian Jira";
server["43ba066789e749f9ef591dc086f3cd14"]="Atlassian Bamboo";
server["a83dfece1c0e9e3469588f418e1e4942"]="Atlassian Bamboo";
server["f0ee98b4394dfdab17c16245dd799204"]="Drupal";
server["7b0d4bc0ca1659d54469e5013a08d240"]="Netgear (Infrant) ReadyNAS NV+";
server["cee40c0b35bded5e11545be22a40e363"]="OSSDL.de Openmailadmin";
server["4f88ba9f1298701251180e6b6467d43e"]="Xinit Systems Ltd. Openfiler";
server["4c3373870496151fd02a6f1185b0bb68"]="rPath Appliance Agent";
server["b231ad66a2a9b0eb06f72c4c88973039"]="WordPress";
server["e1e8bdc3ce87340ab6ebe467519cf245"]="WordPress";
server["95103d0eabcd541527a86f23b636e794"]="WordPress Multi-User (MU)";
server["64ca706a50715e421b6c2fa0b32ed7ec"]="Parallels Plesk Control Panel";
server["f425342764f8c356479d05daa7013c2f"]="vBulletin forum";
server["740af61c776a3cb98da3715bdf9d3fc1"]="vBulletin forum";
server["d7ac014e83b5c4a2dea76c50eaeda662"]="vBulletin forum";
server["a47951fb41640e7a2f5862c296e6f218"]="Plone CMS";
server["10bd6ad7b318df92d9e9bd03104d9b80"]="Plone CMS";
server["e08333841cbe40d15b18f49045f26614"]="21publish Blog";
server["e2cac3fad9fa3388f639546f3ba09bc0"]="Invision Power Services IP.Board";
server["5ec8d0ecf7b505bb04ab3ac81535e062"]="Telligent Community Server";
server["83a1fd57a1e1684fafd6d2487290fdf5"]="Pligg";
server["b7f98dd27febe36b7275f22ad73c5e84"]="MoinMoin";
server["63b982eddd64d44233baa25066db6bc1"]="Joomla!";
server["05bc6d56d8df6d668cf7e9e11319f4e6"]="Jive Forums";
server["63740175dae089e479a70c5e6591946c"]="The Lyceum Project";
server["4cbb2cfc30a089b29cd06179f9cc82ff"]="Dragonfly";
server["9187f6607b402df8bbc2aeb69a07bbca"]="XOOPS";
server["a1c686eb6e771878cf6040574a175933"]="CivicPlus";
server["4d7fe200d85000aea4d193a10e550d04"]="Intland Software codeBeamer";
server["1a9a1ec2b8817a2f951c9f1793c9bc54"]="Bitweaver";
server["1cc16c64d0e471607677b036b3f06b6e"]="Roller Weblogger Project";
server["7563f8c3ebd4fd4925f61df7d5ed8129"]="Holger Zimmerman Pi3Web HTTP Server";
server["7f0f918a78ca8d4d5ff21ea84f2bac68"]="SubText";
server["86e3bf076a018a23c12354e512af3b9c"]="Spyce";
server["9c003f40e63df95a2b844c6b61448310"]="DD-WRT Embedded Web Server";
server["9a9ee243bc8d08dac4448a5177882ea9"]="Dvbbs Forum";
server["ee1169dee71a0a53c91f5065295004b7"]="ProjectPier";
server["7214637a176079a335d7ac529011f4e4"]="phpress";
server["1bf954ba2d568ec9771d35c94a6eb2dc"]="WoltLab Burning Board";
server["ff3b533b061cee7cfbca693cc362c34a"]="Kayako SupportSuite";
server["428b23df874b41d904bbae29057bdba5"]="Comsenz Technology Ltd ECShop";
server["8757fcbdbd83b0808955f6735078a287"]="Comsenz Technology Ltd Discuz!";
server["9fac8b45400f794e0799d0d5458c092b"]="Comsenz Technology Ltd Discuz!";
server["4e370f295b96eef85449c357aad90328"]="Comsenz Technology Ltd SupeSite";
server["4cfbb29d0d83685ba99323bc0d4d3513"]="PHPWind Forums 7";
server["2df6edffca360b7a0fadc3bdf2191857"]="PIPS Technology ATZ Executive / Automatic Licence Plate Recognition (ALPR) System";
server["8c291e32e7c7c65124d19eb17bceca87"]="Schneider Electric Modicon 340 / BMX P34 CPU B";
server["6dcab71e60f0242907940f0fcda69ea5"]="Ubiquiti Ubiquiti M Series / AirOS";
server["09a1e50dc3369e031b97f38abddd10c8"]="Ubiquiti Ubiquiti M Series / AirOS";
server["7b345857204926b62951670cd17a08b7"]="AXESS TMC X1 or X2 Terminal";

# Favicons from https://github.com/pvdl/favicon-database (Last synced on 2015-12-09)
# awk -F'"' '{print "server[\""$2"\"]=\""$4" "$6"\";"}' favicondb.csv

server["28c34462a074c5311492759435549468"]="AContent x";
server["705d63d8f6f485bd40528394722b5c22"]="Atmail x";
server["9f500a24ccbdda88cf8ae3ec7b61fc40"]="Atomic CMS x";
server["5b816961f19da96ed5a2bf15e79093cb"]="ATutor x";
server["f51425ace97f807fe5840c4382580fd5"]="Beehive Forum 1.x";
server["eb05f77bf80d66f0db6b1f682ff08bee"]="Biscom Delivery Server x";
server["5d27143fc38439baba39ba5615cbe9ef"]="Cascade Server x";
server["0c53ef3d151cbac70a8486dd1ebc8b25"]="Chamilo e-learning system x";
server["9939a032a9845e4d931d14e08f5a6c7c"]="Citrix XenApp Logon";
server["6c633b9b92530843c782664cb3f0542d"]="ClipBucket x";
server["a59c6fead5d55050674f327955df3acb"]="CouchPotato 2.x";
server["107579220745d3b21461c23024d6c4a3"]="D-Link x";
server["c86974467c2ac7b6902189944f812b9a"]="Domain Technology Control 0.17.x-0.24.x";
server["d9aa63661d742d5f7c7300d02ac18d69"]="Dreambox WebControl x";
server["a4819787db1dabe1a6b669d5d6df3bfd"]="Drupal 2.x-4.x";
server["b6341dfc213100c61db4fb8775878cec"]="Drupal 7.x";
server["0a99a23f6b1f1bddb94d2a2212598628"]="Maraschino x";
server["51b916bdaf994ce73d3e5e6dfe2a46ee"]="Feng Office 2.3";
server["d134378a39c722e941ac25eed91ca93b"]="FreePBX x";
server["45210ace96ce9c893f8c27c5decab10d"]="Fritz! x";
server["835306119474fefb6b38ae314a37943a"]="Horde Agora (Forum) x";
server["b64a1155b80e0b06272f8b842b83fa57"]="Horde Ansel (Photo Manager) x";
server["0e6a6ed665a9669b368d9a90b87976a9"]="Horde Gollem (File Manager) x";
server["6c18a6e983f64b6a6ed0a32c9e8a19b6"]="HP ProCurve Webserver x";
server["6acfee4c670580ebf06edae40631b946"]="Iomega StorCenter x";
server["1f9c39ef3f740eebb046c900edac4ba5"]="Iomega StorCenter ix2-200 x";
server["37a99d2ddea8b49f701db457b9a8ffed"]="Iomega StorCenter ix4-200d x";
server["e7dce6ac6d8713a0b98407254ca33f80"]="Iomega StorCenter ix4-300d x";
server["f08d232927ab8f2c661616b896928233"]="Iomega StorCenter px2-300d x";
server["9d203fbb74eabf67f48b965ba5acc9a6"]="Iomega StorCenter px4-300d x";
server["fbd140da4eff02b90c9ebcbdb3736322"]="Iomega StorCenter px4-300r x";
server["fd3f689b804ddb7bfab53fdf32bf7c04"]="Iomega StorCenter px6-300d x";
server["8dfab2d881ce47dc41459c6c0c652bcf"]="Iomega StorCenter px12-350r x";
server["66dcdd811a7d8b1c7cd4e15cef9d4406"]="Iomega StorCenter px12-400r x";
server["a7fe149a9f2582f38576d14d9b1f0f55"]="LaCie Dashboard x";
server["2ba9b777483da0a6a8b29c4ab39a10b2"]="MagicMail x";
server["701bb703b31f99da18251ca2e557edf0"]="Mantis Bug Tracker 1.2.9-1.2.15";
server["d4af3be33d952c1f98684d985019757c"]="Moodle 2.0 : Magazine";
server["b88c0eedc72d3bf4e86c2aa0a6ba6f7b"]="NAS4Free 9.0";
server["11abb4301d06dccc36d1b5f6dcad093e"]="ntop 3.3.6-5.0.1";
server["b9d28bd6822d2e09e01aa0af5d7ccc34"]="ocPortal 9.0.5";
server["eec3051d5c356d1798bea1d8a3617c51"]="Octopress x";
server["9c34a7481ba0c153bb3e2a10e0ea811e"]="OpenWebif x";
server["49bf194d1eccb1e5110957d14559d33d"]="OTRS x";
server["d361075db94bb892ff3fb3717714b2da"]="phpMyBackupPro x";
server["a456dd2bae5746beb68814a5ac977048"]="phpSysInfo 3.0.7";
server["6e0c5b7979e9950125c71341e0960f65"]="phpSysInfo 3.0.8-3.0.12";
server["ddcc65196f0bc63a90c885bd88ecbb81"]="phpSysInfo 3.0.12-3.0.20, 3.1.0-3.1.4";
server["ba4bfe5d1deb2b4410e9eb97c5b74c9b"]="Puppet Node Manager x";
server["368c15ac73f0096aa3daff8ff6f719f8"]="Redaxscript 1.0-1.2.1";
server["6d85758acb4f4baa4d242ba451c91026"]="Redmine x, Request Tracker x";
server["228ba3f6d946af4298b080e5c934487c"]="Roundcube Webmail 0.6-0.7 : Default, 0.8-0.9 : Classic, 0.8-0.9 : Larry";
server["ed8cf53ef6836184587ee3a987be074a"]="Ruckus x";
server["f6c5f5e8857ecf561029fc5da005b6e3"]="Sophos Email Appliance x";
server["f682dbd4d0a18dd7699339b8adb28c0f"]="QNAP TurboNAS 3.8.x : Admin";
server["7ff45523a7ee9686d3d391a0a27a0b4f"]="QNAP TurboNAS 4.0.x";
server["a967c8bfde9ea0869637294b679b7251"]="Squid Proxy Server x";
server["bc18566dcc41a0ff503968f461c4995a"]="Subrion CMS x";
server["531e652a15bc0ad59b6af05019b1834a"]="Synology DSM 4.2";
server["0ec12e5820517d3b62e56b9a8f1ee5bc"]="TradingEye x";
server["300b5c3f134d7ec0bca862cf113149d8"]="TVersity x";
server["8718c2998236c796896b725f264092ee"]="Typo3 6.1";
server["7350c3f75cb80e857efa88c2fd136da5"]="Ushahidi x";
server["2e5e985fe125e3f8fca988a86689b127"]="VISEC x";
server["d90cc1762bf724db71d6df86effab63c"]="vtiger CRM x";
server["b14353fafda7c90fb1a2a214c195de50"]="webERP x";
server["18fe76b96d4eae173bf439a9712fa5c1"]="WikiWebHelp x";
server["e44d22b74f7ee4435e22062d5adf4a6a"]="WordPress 2.x";
server["3ead5afa19537170bb980924397b70d6"]="WordPress 3.x : Twenty Ten";
server["28a122aa74f6929b0994fc544555c0b1"]="WordPress 3.2-3.x : Twenty Eleven";
server["e9dd9992d222d67c8f6a4704d2c88bdd"]="Zarafa WebAccess x";
server["c126f7e761813946fea2e90ff7ddb838"]="Zenoss Core x";

#Additional favicons
server["5a77e47fa23554a4166d2303580b0733"]="Sawmill";
server["a4eb4e0aa80740db8d7d951b6d63b2a2"]="ownCloud";
server["531b63a51234bb06c9d77f219eb25553"]="phpmyadmin (4.6.x)";
server["ef9c0362bf20a086bb7c2e8ea346b9f0"]="Roundcube Webmail 1.0.0+, Skins Classic and Larry";
server["f1ac749564d5ba793550ec6bdc472e7c"]="Roundcube Webmail 1.4.0+, Elastic Skin";
server["23e8c7bd78e8cd826c5a6073b15068b1"]="Jenkins";
server["815c37dae156994e59ae6b065aa34705"]="Xerox DocuShare 6.x and probably prior";
server["be70951f0b0ba52fba8b3d2dd9a55e27"]="Xerox DocuShare 7.x and probably later";

function check_md5( res, port, url, debug ) {

  local_var res, port, url, debug;
  local_var md5, report;

  if( ! res || isnull( res ) )
    return;

  md5 = hexstr( MD5( res ) );

  if( server[md5] ) {
    found  = TRUE;
    report = '"' + server[md5] + '" fingerprinted by the file: "' + http_report_vuln_url( port:port, url:url, url_only:TRUE ) + '"';
    # nb: Some favicon.ico might be found twice by direct access to /favicon.ico and indirect access via link rel tag.
    if( ! in_array( search:report, array:foundList ) )
      foundList = make_list( foundList, report );
    return;
  }

  if( debug ) display( "Unknown MD5 found on '" + url + "': " + md5 );
  return;
}

port = http_get_port( default:80 );

found = FALSE;
debug = FALSE; # Enables an output in check_md5() to report unknown favicons on the command line
foundList = make_list();

foreach dir( make_list_unique( "/", http_cgi_dirs( port:port ) ) ) {

  install = dir;
  if( dir == "/" )
    dir = "";

  # nb: Direct request to favicon.ico
  url = dir + "/favicon.ico";
  req = http_get( item:url, port:port );
  res = http_keepalive_send_recv( port:port, data:req, bodyonly:TRUE );

  check_md5( res:res, port:port, url:url, debug:debug );

  # nb: favicon might be referenced via a <link rel= tag
  res = http_get_cache( item:dir + "/", port:port );

  if( match = egrep( pattern:'<link.*rel="(icon|shortcut icon)".*>$', string:res ) ) {

    file = eregmatch( pattern:'href="(.*)"', string:match );

    if( file[1] ) {
      url = file[1];

      # Some webpages have a href like <link rel="shortcut icon" href="skins/larry/images/favicon.ico"/>
      # This means we need to add the current dir here
      # TODO: Maybe move this to webmirror.nasl as it can handle all cases like ../skins/ and ./../skins?
      if( url[0] != "/" || ( url[0] == "." && url[1] == "/" ) )
        url = dir + "/" + url;

      req = http_get( item:url, port:port );
      res = http_keepalive_send_recv( port:port, data:req, bodyonly:TRUE );
      check_md5( res:res, port:port, url:url, debug:debug );
    }
  }
}

if( found ) {

  report = 'The following apps/services were identified:\n\n';

  # Sort to not report changes on delta reports if just the order is different
  foundList = sort( foundList );

  foreach tmpFound( foundList ) {
    report += tmpFound + '\n';
  }

  log_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

# This is a sample script to obtain the list of favicon files from a Webscarab
# directory. Can be useful to add new favicon after a pen-test:
#
##!/bin/sh
#
#pwd=`pwd`
#find . -name "*response*" |
#while read file ; do
#  if grep -q "^Content-type: image/x-icon" $pwd/$file; then
#  # It's an ico file
#
#  server=`grep --binary-files=text "^Server" $pwd/$file`
#  size=`stat -c %B $pwd/$file`
#    if [ ! -n "$server" ]
#    then
#      server=`echo $server | sed -e 's/Server: //'`
#    else
#      server="unknown"
#    fi
#  echo "$server,$file,$size"
#  fi
#done