Calculate Murmur3 hash of a favicon to be used in Shodan

favicon-shodan.rb

# Initial code by Matt Harzewski
# https://gist.github.com/mattvh/6692349
# Read more: http://www.webmaster-source.com/2013/09/25/finding-a-websites-favicon-with-ruby/
# https://github.com/hajimes/mmh3

require "httparty"
require "nokogiri"
require "base64"
require "murmurhash3"

class Favicon

  attr_reader :host
  attr_reader :uri
  attr_reader :base64
  attr_reader :mmh3


  def initialize(host)
    @host = host
    check_for_ico_file
    check_for_html_tag
  end


  # Check /favicon.ico
  def check_for_ico_file
    uri = URI::HTTP.build({:host => @host, :path => '/favicon.ico'}).to_s
    res = HTTParty.get(uri)
    if res.code == 200
      # TIL: In python there is a newline every 76 characters and it end with a newline
      @base64 = Base64.strict_encode64(res.body).gsub!(/.{76}(?=.)/, '\0'+"\n") + "\n"
      @uri = uri
      # Needs to be signed
      @mmh3 = [MurmurHash3::V32.str_hash(@base64)].pack('L').unpack('l').first
    end
  end


  # Check "shortcut icon" tag
  def check_for_html_tag
    uri = URI::HTTP.build({:host => @host, :path => '/'}).to_s
    res = HTTParty.get(uri)
    doc = Nokogiri::HTML(res)
    doc.xpath('//link[@rel="shortcut icon"]').each do |tag|
      taguri = URI(tag['href'])
      unless taguri.host.to_s.length < 1
        iconuri = taguri.to_s
      else
        iconuri = URI.join(uri, taguri).to_s
      end
      res = HTTParty.get(iconuri)
      if res.code == 200
        # TIL: In python there is a newline every 76 characters and it end with a newline
        @base64 = Base64.strict_encode64(res.body).gsub!(/.{76}(?=.)/, '\0'+"\n") + "\n"
        @uri = iconuri
        # Needs to be signed
        @mmh3 = [MurmurHash3::V32.str_hash(@base64)].pack('L').unpack('l').first
      end
    end
  end

end

favicon = Favicon.new(ARGV[0])
puts favicon.uri
puts favicon.host
puts favicon.mmh3
puts "https://www.shodan.io/search?query=http.favicon.hash%3A" + favicon.mmh3.to_s