Script http-favicon

Script types: portrule
Categories: default, discovery, safe

Script Summary

Gets the favicon ("favorites icon") from a web page and matches it against a database of the icons of known web applications. If there is a match, the name of the application is printed; otherwise the MD5 hash of the icon data is printed.

If the script argument favicon.uri is given, that relative URI is always used to find the favicon. Otherwise, first the page at the root of the web server is retrieved and parsed for a <link rel="icon"> element. If that fails, the icon is looked for in /favicon.ico. If a <link> favicon points to a different host or port, it is ignored.

Script Arguments


Web server path to search for favicon.


URI that will be requested for favicon.


See the documentation for the slaxml library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library., http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

Example Usage

nmap --script=http-favicon.nse \
   --script-args favicon.root=<root>,favicon.uri=<uri>

Script Output

|_ http-favicon: Socialtext



  • Vlatko Kosturjak

License: Same as Nmap--See