Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 8 additions & 55 deletions MurMurHash.py
Original file line number Diff line number Diff line change
@@ -1,60 +1,13 @@
import mmh3
import requests
import codecs
import os, sys
#from shodan import Shodan
#import json
import sys

def logo():
banner = '''
___ ___ ___ ___ _ _ _
| \/ | | \/ | | | | | | |
| . . |_ _ _ __| . . |_ _ _ __| |_| | __ _ ___| |__
| |\/| | | | | '__| |\/| | | | | '__| _ |/ _` / __| '_ \
| | | | |_| | | | | | | |_| | | | | | | (_| \__ \ | | |
\_| |_/\__,_|_| \_| |_/\__,_|_| \_| |_/\__,_|___/_| |_|
Author: Viral Maniar
Twitter: @ManiarViral
Org: Preemptive Cyber Security Pty Ltd
Description: This tool is to calculate a MurmurHash value of
a favicon to hunt phishing website on Shodan.
'''
return banner

def cmd_HashGenerator():

URL = input('\nEnter Favicon URL to generate Hash:')
response = requests.get(URL)
#response = requests.get(URL, verify=False)
favicon = codecs.encode(response.content,"base64")
print('\n')
hash = mmh3.hash(favicon)
print('----------')
print(hash)
print('----------')
print('\n')
print('Tip: Use http.favicon.hash:<hash> on Shodan to hunt phishing sites.')

while True:
try:
choice = str(input('\n[?] Do you want to continue? y/n\n> ')).lower()
if choice[0] == 'y':
return cmd_HashGenerator()
if choice[0] == 'n':
sys.exit(0)
break
else:
print('Invalid Input')
except KeyboardInterrupt:
print ('[!] Ctrl + C detected\n[!] Exiting')
sys.exit(0)
except EOFError:
print ('[!] Ctrl + D detected\n[!] Exiting')
sys.exit(0)
if len(sys.argv) != 2:
print("USAGE: MurMurHash FAVICON_URL")
exit(0)

def main():
print (logo())
cmd_HashGenerator()

if __name__ == "__main__":
main()
requests.packages.urllib3.disable_warnings()

response = requests.get(sys.argv[1], verify=False)
print(f"Go to https://www.shodan.io/search?query=http.favicon.hash%3A{mmh3.hash(codecs.encode(response.content,'base64'))}")
12 changes: 9 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
# MurMurHash
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

![image](https://user-images.githubusercontent.com/3501170/116244718-89518780-a7ab-11eb-8072-f64ff34eb54f.png)
```bash
❯ python3 MurMurHash.py https://www.paypalobjects.com/webstatic/icon/pp32.png
Go to https://www.shodan.io/search?query=http.favicon.hash%3A48485760
```

# What is MurMurHash?
MurmurHash is a non-cryptographic hash function suitable for general hash-based lookup. The name comes from two basic operations, multiply (MU) and rotate (R), used in its inner loop. The current version is MurmurHash3 which yields a 32-bit or 128-bit hash value. When using 128-bits, the x86 and x64 versions do not produce the same values, as the algorithms are optimized for their respective platforms. MurmurHash3 was released alongside SMHasher—a hash function test suite.
Expand All @@ -12,7 +15,7 @@ Further reading on: https://en.wikipedia.org/wiki/MurmurHash
<pre>
git clone https://github.com/Viralmaniar/MurMurHash.git
cd MurMurHash
pip install -r requirements.txt
python3 -m pip install -r requirements.txt
python MurMurHash.py
</pre>

Expand All @@ -29,7 +32,10 @@ Looking for a favicon icon file on the orginal website of Paypal:
![image](https://user-images.githubusercontent.com/3501170/116244994-d59cc780-a7ab-11eb-8185-68e5d06b092a.png)

Using `MurMurHash.py` file generating hash of the icon:
![image](https://user-images.githubusercontent.com/3501170/116783246-13ae2a00-aad1-11eb-8ef9-6264369ef68f.png)
```bash
❯ python3 MurMurHash.py https://www.paypalobjects.com/webstatic/icon/pp32.png
Go to https://www.shodan.io/search?query=http.favicon.hash%3A48485760
```

Searching on Shodan for Paypal phishing domains/IPs:
- https://www.shodan.io/search?query=http.favicon.hash%3A309020573
Expand Down