Download
FavFreak is an open source reconnaissance tool designed to assist security researchers, bug bounty hunters, and penetration testers in identifying web technologies using favicon hashes. It works by taking one or more URLs as input and automatically retrieving the favicon.ico file associated with each target website. After fetching the favicon, it calculates a hash value and organizes the scanned domains, subdomains, or IP addresses according to these hashes. FavFreak then compares the generated hashes against a predefined fingerprint dictionary that maps known favicon hashes to specific technologies or services. If a match is found, it displays the corresponding technology information in the output, helping researchers quickly identify potential targets or related infrastructure. This approach is particularly useful during reconnaissance phases of security assessments because many web services share identical favicon hashes.
Features
- Favicon hash extraction from target websites to identify services and technologies
- Bulk URL processing by accepting lists of domains, subdomains, or IP addresses
- Fingerprint matching system that compares generated hashes with a dictionary of known technology fingerprints
- Sorted results by favicon hash to group related assets sharing the same favicon
- Shodan dork generation to help locate additional assets using the same favicon hash
- Custom fingerprint support, allowing users to extend the dictionary with new technology hashes
Project Samples
