favirecon
by edoardottt
favirecon leverages favicon hashes to enhance reconnaissance by quickly identifying technologies, WAFs, exposed panels, and known services on target domains.
Use favicons to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.
Primary Use Case
This tool is primarily used during the reconnaissance phase of penetration testing and red teaming to gather intelligence about target web assets by analyzing their favicons. Security professionals and bug bounty hunters use favirecon to detect underlying technologies and security mechanisms efficiently, helping to identify potential attack vectors early in an engagement.
- Identification of technologies and WAFs via favicon hashes
- Detection of exposed admin panels and known services
- Supports input as single domains, lists of domains, or CIDR ranges
- Concurrency and rate limiting for efficient scanning
- Proxy support for anonymized or routed scanning
- Multiple output formats including JSON and verbose/silent modes
- Open database for favicon hash-service associations allowing community contributions
Installation
- Install via Homebrew: brew install favirecon
- Install via Snap: sudo snap install favirecon
- Install via Go: go install github.com/edoardottt/favirecon/cmd/favirecon@latest
Usage
>_ favirecon -u https://www.github.comIdentify technologies and services for a single domain
>_ echo https://www.github.com | favireconPipe a single domain URL into favirecon for scanning
>_ favirecon -l targets.txtScan multiple domains listed in a file
>_ cat targets.txt | favireconPipe a list of domains from a file into favirecon
>_ cat targets.txt | favirecon -hash 708578229Filter results by a specific favicon hash from a list of domains
>_ favirecon -u 192.168.1.0/24 -cidrScan all IPs within a specified CIDR range
>_ favirecon -u https://www.github.com -px http://127.0.0.1:8080Use a proxy server for scanning
>_ favirecon -u https://www.github.com -jOutput results in JSON format
- Integrate favirecon outputs with vulnerability scanners to prioritize targets based on detected technologies and WAF presence.
- Use in red team engagements to quickly identify exposed admin panels and known services, accelerating initial access attempts.
- Incorporate into blue team threat hunting workflows to detect unauthorized or unexpected technologies in the environment.
- Leverage proxy support to conduct stealthy reconnaissance, minimizing detection by defensive monitoring tools.
- Automate continuous reconnaissance in CI/CD pipelines to detect technology stack changes that may introduce new vulnerabilities.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about favirecon. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
Awesome-Hacking
Hack-with-Github/Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
hackingtool
Z4nzu/hackingtool
ALL IN ONE Hacking Tool For Hackers
mitmproxy
mitmproxy/mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
sqlmap
sqlmapproject/sqlmap
Automatic SQL injection and database takeover tool
metasploit-framework
rapid7/metasploit-framework
Metasploit Framework
h4cker
The-Art-of-Hacking/h4cker
This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vulnerability research, exploit development, reverse engineering, and more. 🔥 Also check: https://hackertraining.org