Favicon hash generator

Get the favicon hash of a website's favicon for Shodan hunting

Retrieve from URL

Upload file

Use this site programmatically

Retrieve the favicon hash from a URL:

curl https://favicon-hash.kmsec.uk/api/?url=https://www.google.com/favicon.ico | jq

The response JSON contains the location, content-type, favicon hash, md5, and sha256 of the requested resource.

{
  "req_url": "https://google.com/favicon.ico",
  "req_location": "https://www.google.com/favicon.ico",
  "req_content_type": "image/x-icon",
  "favicon_hash": "708578229",
  "md5": "f3418a443e7d841097c714d69ec4bcb8",
  "sha256": "6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770"
}

req_url and req_location are the user-provided URL (contained in the url parameter), and the location the application was redirected to; respectively. Note the above example indicates a redirect from google.com to www.google.com. req_content_type (Content-Type as received by the application when requesting the resource) is exposed for visibility and troubleshooting.

The URL that you want to retrieve the hash for can be URL-encoded to ensure more reliable execution:

curl https://favicon-hash.kmsec.uk/api/?url=https%3A%2F%2Fwww%2Egoogle%2Ecom%2Ffavicon%2Eico

Get the favicon hash from a local file through POST request. The response is a JSON object containing the md5, sha256, and favicon hashes:

# Download a favicon file
wget -O favicon.ico https://example.com/favicon-file-you-want.ico

# POST it to the /file endpoint to get the favicon hash
curl --data-binary @favicon.ico https://favicon-hash.kmsec.uk/file/

The response:

{
  "favicon_hash": "-451606383",
  "md5": "b8f9b8401503b442e22369f9908939b7",
  "sha256": "f0623f69f6f12bf3076d3a1f07c647bb9839a0b9769ea5330e6093fb69c392d7"
}

Generating favicon hashes

"Favicon hashes" are actually MurmurHash3 hashes. Shodan doesn't hash the raw file, but a modified base64-encoded version. See the below code snippet for details.

This is some Python3 code you can use if you would rather generate a favicon hash locally:


import base64
import re
import mmh3 # (pip install mmh3)


with open('favicon.ico', 'rb') as favicon:
    # 1. To base64
    b64 = base64.b64encode(favicon.read())
    # 2. To string
    utf8_b64 = b64.decode('utf-8')
    # 3. !Required to match Shodan! Insert newlines (\n) every 76 characters, and also at the end 
    with_newlines = re.sub("(.{76}|$)", "\\1\n", utf8_b64, 0, re.DOTALL)
    # 4. MMH3 hash
    hash = mmh3.hash(with_newlines)
    
    print(hash)

About this site

This site processes requests at the Cloudflare Edge using Cloudflare Workers. When you request a favicon hash from URL, your browser does not make the request to the resource. Instead, the Worker retrieves the requested resource.

Because this is built with Cloudflare Workers and uses the Fetch Javascript API:

Only domains will work
Only valid certificates will be accepted for HTTPS requests
Only default ports will work (80 and 443 for HTTP and HTTPS, respectively). This is a known bug with Cloudflare Workers

Some sites forbid access from Cloudflare's edge so you may get an error. In these cases, you can download the favicon through other means and then use the hash from file functionality.

The Murmurhash3 x86 32-bit algorithm used by this site is taken from the MurmurHash3 package, but is modified to return a signed integer, as is used in Shodan.