Hello!

I'm not sure if you aware of the OWASP favicon project located here:
https://www.owasp.org/index.php/Category:OWASP_Favicon_Database_Project

In short, it is idea to have central database of favicon hashes. So,
most of open source projects can have benefit of them. Database itself
is located on the wiki:
https://www.owasp.org/index.php/OWASP_favicon_database
and everyone is welcomed to contribute (it's wiki!). Also, we're
trying to ease contributors in process of contributions, so we're
accepting the contributions via twitter as well (just send MD5 and
identification to @OWASPfavicon).

I would like to invite nikto to update its database from there. Also,
if there's anything the database miss - please help and add.

We're also preparing for new round of internet wide scan, so post your
ideas before it's too late! In this new scan, we plan to support
apple-touch-icon as well.

Looking forward for the partnership!
--
Vlatko Kosturjak - KoSt
_______________________________________________
Nikto-discuss mailing list
Nikto-
https://attrition.org/mailman/listinfo/nikto-discuss
)

Hello!

I'm not sure if you aware of the OWASP favicon project located here:
https://www.owasp.org/index.php/Category:OWASP_Favicon_Database_Project

In short, it is idea to have central database of favicon hashes. So,
most of open source projects can have benefit of them. Database itself
is located on the wiki:
https://www.owasp.org/index.php/OWASP_favicon_database
and everyone is welcomed to contribute (it's wiki!). Also, we're
trying to ease contributors in process of contributions, so we're
accepting the contributions via twitter as well (just send MD5 and
identification to @OWASPfavicon).

I would like to invite nikto to update its database from there. Also,
if there's anything the database miss - please help and add.

We're also preparing for new round of internet wide scan, so post your
ideas before it's too late! In this new scan, we plan to support
apple-touch-icon as well.

Looking forward for the partnership!
--
Vlatko Kosturjak - KoSt
_______________________________________________
Nikto-discuss mailing list
Nikto-
https://attrition.org/mailman/listinfo/nikto-discuss
)
On Thu, Jun 9, 2011 at 4:57 PM, Vlatko Kosturjak <> wrote:

> I'm not sure if you aware of the OWASP favicon project located here:
> https://www.owasp.org/index.php/Category:OWASP_Favicon_Database_Project

I wasn't aware of this project, but I am glad to see it.

> In short, it is idea to have central database of favicon hashes. So,
> most of open source projects can have benefit of them.

I don't see any licensing information on the database--what is it
being released under?

> I would like to invite nikto to update its database from there. Also,
> if there's anything the database miss - please help and add.

Would certainly like to contribute & use the database--how exactly
depends on the licensing (either inclusion in nikto's database, or
loading a distinct file). At some point nikto's database was
incorporated into the nmap nse so it's likely almost all are found in
there already.

>
> We're also preparing for new round of internet wide scan, so post your
> ideas before it's too late! In this new scan, we plan to support
> apple-touch-icon as well.

This is always a worthwhile effort, but the difficult part is of
course sifting through the data when it's gathered, and identifying
the product that an icon ties back to. I have done this previously
with a crawler with quite a bit of success, but weeding out site icons
vs products was a challenge that required a web app. Probably a
discussion for the other list though!

Thanks for making us aware of the project and I look forward to see
how the survey progresses.

-Sullo

--

http://www.cirt.net     |      http://www.osvdb.org/
_______________________________________________
Nikto-discuss mailing list
Nikto-
https://attrition.org/mailman/listinfo/nikto-discuss
)

Hello!

I'm not sure if you aware of the OWASP favicon project located here:
https://www.owasp.org/index.php/Category:OWASP_Favicon_Database_Project

In short, it is idea to have central database of favicon hashes. So,
most of open source projects can have benefit of them. Database itself
is located on the wiki:
https://www.owasp.org/index.php/OWASP_favicon_database
and everyone is welcomed to contribute (it's wiki!). Also, we're
trying to ease contributors in process of contributions, so we're
accepting the contributions via twitter as well (just send MD5 and
identification to @OWASPfavicon).

I would like to invite nikto to update its database from there. Also,
if there's anything the database miss - please help and add.

We're also preparing for new round of internet wide scan, so post your
ideas before it's too late! In this new scan, we plan to support
apple-touch-icon as well.

Looking forward for the partnership!
--
Vlatko Kosturjak - KoSt
_______________________________________________
Nikto-discuss mailing list
Nikto-
https://attrition.org/mailman/listinfo/nikto-discuss
)
On Thu, Jun 9, 2011 at 4:57 PM, Vlatko Kosturjak <> wrote:

> I'm not sure if you aware of the OWASP favicon project located here:
> https://www.owasp.org/index.php/Category:OWASP_Favicon_Database_Project

I wasn't aware of this project, but I am glad to see it.

> In short, it is idea to have central database of favicon hashes. So,
> most of open source projects can have benefit of them.

I don't see any licensing information on the database--what is it
being released under?

> I would like to invite nikto to update its database from there. Also,
> if there's anything the database miss - please help and add.

Would certainly like to contribute & use the database--how exactly
depends on the licensing (either inclusion in nikto's database, or
loading a distinct file). At some point nikto's database was
incorporated into the nmap nse so it's likely almost all are found in
there already.

>
> We're also preparing for new round of internet wide scan, so post your
> ideas before it's too late! In this new scan, we plan to support
> apple-touch-icon as well.

This is always a worthwhile effort, but the difficult part is of
course sifting through the data when it's gathered, and identifying
the product that an icon ties back to. I have done this previously
with a crawler with quite a bit of success, but weeding out site icons
vs products was a challenge that required a web app. Probably a
discussion for the other list though!

Thanks for making us aware of the project and I look forward to see
how the survey progresses.

-Sullo

--

http://www.cirt.net     |      http://www.osvdb.org/
_______________________________________________
Nikto-discuss mailing list
Nikto-
https://attrition.org/mailman/listinfo/nikto-discuss
)
First off - more good lists coming from OWASP, which're always good
for the community!

Quoting Sullo <>:
>> I would like to invite nikto to update its database from there. Also,
>> if there's anything the database miss - please help and add.
> Would certainly like to contribute & use the database--how exactly
> depends on the licensing (either inclusion in nikto's database, or
> loading a distinct file). At some point nikto's database was
> incorporated into the nmap nse so it's likely almost all are found in
> there already.

If there's a problem with the licence, then we could always implement
it like we did the directories list from DirBuster - i.e. add support
for the file format to the plugin and allow the user to use it, but
they need to source the list themselves.

Updating directly from OWASP instead of cirt.net also would mean that
we're dependent on an external site that isn't controlled by cirt.net.

The above can be worked around, if necessary by an import script, but
it needs to be though about for a bit. (i.e. do we want our users to
run two scripts, or are we happy that OWASP won't change the URL of
the database etc.).
_______________________________________________
Nikto-discuss mailing list
Nikto-
https://attrition.org/mailman/listinfo/nikto-discuss
)

Hello!

I'm not sure if you aware of the OWASP favicon project located here:
https://www.owasp.org/index.php/Category:OWASP_Favicon_Database_Project

In short, it is idea to have central database of favicon hashes. So,
most of open source projects can have benefit of them. Database itself
is located on the wiki:
https://www.owasp.org/index.php/OWASP_favicon_database
and everyone is welcomed to contribute (it's wiki!). Also, we're
trying to ease contributors in process of contributions, so we're
accepting the contributions via twitter as well (just send MD5 and
identification to @OWASPfavicon).

I would like to invite nikto to update its database from there. Also,
if there's anything the database miss - please help and add.

We're also preparing for new round of internet wide scan, so post your
ideas before it's too late! In this new scan, we plan to support
apple-touch-icon as well.

Looking forward for the partnership!
--
Vlatko Kosturjak - KoSt
_______________________________________________
Nikto-discuss mailing list
Nikto-
https://attrition.org/mailman/listinfo/nikto-discuss
)
On Thu, Jun 9, 2011 at 4:57 PM, Vlatko Kosturjak <> wrote:

> I'm not sure if you aware of the OWASP favicon project located here:
> https://www.owasp.org/index.php/Category:OWASP_Favicon_Database_Project

I wasn't aware of this project, but I am glad to see it.

> In short, it is idea to have central database of favicon hashes. So,
> most of open source projects can have benefit of them.

I don't see any licensing information on the database--what is it
being released under?

> I would like to invite nikto to update its database from there. Also,
> if there's anything the database miss - please help and add.

Would certainly like to contribute & use the database--how exactly
depends on the licensing (either inclusion in nikto's database, or
loading a distinct file). At some point nikto's database was
incorporated into the nmap nse so it's likely almost all are found in
there already.

>
> We're also preparing for new round of internet wide scan, so post your
> ideas before it's too late! In this new scan, we plan to support
> apple-touch-icon as well.

This is always a worthwhile effort, but the difficult part is of
course sifting through the data when it's gathered, and identifying
the product that an icon ties back to. I have done this previously
with a crawler with quite a bit of success, but weeding out site icons
vs products was a challenge that required a web app. Probably a
discussion for the other list though!

Thanks for making us aware of the project and I look forward to see
how the survey progresses.

-Sullo

--

http://www.cirt.net     |      http://www.osvdb.org/
_______________________________________________
Nikto-discuss mailing list
Nikto-
https://attrition.org/mailman/listinfo/nikto-discuss
)
First off - more good lists coming from OWASP, which're always good
for the community!

Quoting Sullo <>:
>> I would like to invite nikto to update its database from there. Also,
>> if there's anything the database miss - please help and add.
> Would certainly like to contribute & use the database--how exactly
> depends on the licensing (either inclusion in nikto's database, or
> loading a distinct file). At some point nikto's database was
> incorporated into the nmap nse so it's likely almost all are found in
> there already.

If there's a problem with the licence, then we could always implement
it like we did the directories list from DirBuster - i.e. add support
for the file format to the plugin and allow the user to use it, but
they need to source the list themselves.

Updating directly from OWASP instead of cirt.net also would mean that
we're dependent on an external site that isn't controlled by cirt.net.

The above can be worked around, if necessary by an import script, but
it needs to be though about for a bit. (i.e. do we want our users to
run two scripts, or are we happy that OWASP won't change the URL of
the database etc.).
_______________________________________________
Nikto-discuss mailing list
Nikto-
https://attrition.org/mailman/listinfo/nikto-discuss
)
On Thu, Jun 09, 2011 at 08:55:47PM -0400, Sullo wrote:
> On Thu, Jun 9, 2011 at 4:57 PM, Vlatko Kosturjak <> wrote:
> > In short, it is idea to have central database of favicon hashes. So,
> > most of open source projects can have benefit of them.
> I don't see any licensing information on the database--what is it
> being released under?
> Would certainly like to contribute & use the database--how exactly
> depends on the licensing (either inclusion in nikto's database, or
> loading a distinct file). At some point nikto's database was
> incorporated into the nmap nse so it's likely almost all are found in
> there already.

That's another invite - let's talk about licensing!
Scripts I've made to crawl the internet are under GPL 2+ :
https://github.com/kost/owasp-favicon-crawl
Since, I'm only contributor to these scripts, I can dual license it or change
+the script license if there's any problem with that. But personally, I don't
see any problem with GPL 2+ and the scripts are not rocket science!

Regarding database, my personal viewpoint is there is no sense to have 10
different and incomplete databases. And also there is no point in having
database which noone will use. So, yes, cooperation sounds good and let's
see what license is best for OWASP and for open and/or commercial projects
including nikto, w3af, ...

So, what's the best/acceptable licenses for nikto?

> This is always a worthwhile effort, but the difficult part is of
> course sifting through the data when it's gathered, and identifying
> the product that an icon ties back to. I have done this previously
> with a crawler with quite a bit of success, but weeding out site icons
> vs products was a challenge that required a web app. Probably a
> discussion for the other list though!

Absolutely true! Had same experience, but that's where power of community
comes and I tried to make contributions easy as you can edit wiki yourself or
send MD5 via twitter with proper identification.

In short, let's talk!
--
Vlatko Kosturjak - KoSt
_______________________________________________
Nikto-discuss mailing list
Nikto-
https://attrition.org/mailman/listinfo/nikto-discuss
)

Hello!

I'm not sure if you aware of the OWASP favicon project located here:
https://www.owasp.org/index.php/Category:OWASP_Favicon_Database_Project

In short, it is idea to have central database of favicon hashes. So,
most of open source projects can have benefit of them. Database itself
is located on the wiki:
https://www.owasp.org/index.php/OWASP_favicon_database
and everyone is welcomed to contribute (it's wiki!). Also, we're
trying to ease contributors in process of contributions, so we're
accepting the contributions via twitter as well (just send MD5 and
identification to @OWASPfavicon).

I would like to invite nikto to update its database from there. Also,
if there's anything the database miss - please help and add.

We're also preparing for new round of internet wide scan, so post your
ideas before it's too late! In this new scan, we plan to support
apple-touch-icon as well.

Looking forward for the partnership!
--
Vlatko Kosturjak - KoSt
_______________________________________________
Nikto-discuss mailing list
Nikto-
https://attrition.org/mailman/listinfo/nikto-discuss
)
On Thu, Jun 9, 2011 at 4:57 PM, Vlatko Kosturjak <> wrote:

> I'm not sure if you aware of the OWASP favicon project located here:
> https://www.owasp.org/index.php/Category:OWASP_Favicon_Database_Project

I wasn't aware of this project, but I am glad to see it.

> In short, it is idea to have central database of favicon hashes. So,
> most of open source projects can have benefit of them.

I don't see any licensing information on the database--what is it
being released under?

> I would like to invite nikto to update its database from there. Also,
> if there's anything the database miss - please help and add.

Would certainly like to contribute & use the database--how exactly
depends on the licensing (either inclusion in nikto's database, or
loading a distinct file). At some point nikto's database was
incorporated into the nmap nse so it's likely almost all are found in
there already.

>
> We're also preparing for new round of internet wide scan, so post your
> ideas before it's too late! In this new scan, we plan to support
> apple-touch-icon as well.

This is always a worthwhile effort, but the difficult part is of
course sifting through the data when it's gathered, and identifying
the product that an icon ties back to. I have done this previously
with a crawler with quite a bit of success, but weeding out site icons
vs products was a challenge that required a web app. Probably a
discussion for the other list though!

Thanks for making us aware of the project and I look forward to see
how the survey progresses.

-Sullo

--

http://www.cirt.net     |      http://www.osvdb.org/
_______________________________________________
Nikto-discuss mailing list
Nikto-
https://attrition.org/mailman/listinfo/nikto-discuss
)
First off - more good lists coming from OWASP, which're always good
for the community!

Quoting Sullo <>:
>> I would like to invite nikto to update its database from there. Also,
>> if there's anything the database miss - please help and add.
> Would certainly like to contribute & use the database--how exactly
> depends on the licensing (either inclusion in nikto's database, or
> loading a distinct file). At some point nikto's database was
> incorporated into the nmap nse so it's likely almost all are found in
> there already.

If there's a problem with the licence, then we could always implement
it like we did the directories list from DirBuster - i.e. add support
for the file format to the plugin and allow the user to use it, but
they need to source the list themselves.

Updating directly from OWASP instead of cirt.net also would mean that
we're dependent on an external site that isn't controlled by cirt.net.

The above can be worked around, if necessary by an import script, but
it needs to be though about for a bit. (i.e. do we want our users to
run two scripts, or are we happy that OWASP won't change the URL of
the database etc.).
_______________________________________________
Nikto-discuss mailing list
Nikto-
https://attrition.org/mailman/listinfo/nikto-discuss
)
On Thu, Jun 09, 2011 at 08:55:47PM -0400, Sullo wrote:
> On Thu, Jun 9, 2011 at 4:57 PM, Vlatko Kosturjak <> wrote:
> > In short, it is idea to have central database of favicon hashes. So,
> > most of open source projects can have benefit of them.
> I don't see any licensing information on the database--what is it
> being released under?
> Would certainly like to contribute & use the database--how exactly
> depends on the licensing (either inclusion in nikto's database, or
> loading a distinct file). At some point nikto's database was
> incorporated into the nmap nse so it's likely almost all are found in
> there already.

That's another invite - let's talk about licensing!
Scripts I've made to crawl the internet are under GPL 2+ :
https://github.com/kost/owasp-favicon-crawl
Since, I'm only contributor to these scripts, I can dual license it or change
+the script license if there's any problem with that. But personally, I don't
see any problem with GPL 2+ and the scripts are not rocket science!

Regarding database, my personal viewpoint is there is no sense to have 10
different and incomplete databases. And also there is no point in having
database which noone will use. So, yes, cooperation sounds good and let's
see what license is best for OWASP and for open and/or commercial projects
including nikto, w3af, ...

So, what's the best/acceptable licenses for nikto?

> This is always a worthwhile effort, but the difficult part is of
> course sifting through the data when it's gathered, and identifying
> the product that an icon ties back to. I have done this previously
> with a crawler with quite a bit of success, but weeding out site icons
> vs products was a challenge that required a web app. Probably a
> discussion for the other list though!

Absolutely true! Had same experience, but that's where power of community
comes and I tried to make contributions easy as you can edit wiki yourself or
send MD5 via twitter with proper identification.

In short, let's talk!
--
Vlatko Kosturjak - KoSt
_______________________________________________
Nikto-discuss mailing list
Nikto-
https://attrition.org/mailman/listinfo/nikto-discuss
)
On 06/15/2011 11:43 PM, Vlatko Kosturjak wrote:
> On Fri, Jun 10, 2011 at 09:54:37AM -0400, wrote:
> I'm also attaching the script which I used for converting from OWASP database
> to Nikto db style if it will help. Don't ask me for the license, it's public
> domain! ;)

That there is no confusion - by public domain, I mean license for this
short&ugly script :)

Kost
_______________________________________________
Nikto-discuss mailing list
Nikto-
https://attrition.org/mailman/listinfo/nikto-discuss
)