Driftnet API

A comprehensive RESTful JSON API.


Favicon Fingerprints


Overview

Favicons are the small icons displayed to the side of your browser"s address bar, or used as touch icons on some devices.

Driftnet collects Favicons from every web server it encounters.

Searching by Hash or URL

Favicon fingerprints can be looked by SHA1 hash:

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/scan/favicons?sha1=93dd5954bcdc8990bcb0bded60713b10702ee497' \
  | jq . \
  | less -S

...by SHA256 hash:

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/scan/favicons?sha256=6eb6de385e2bde8472be2d52eee4e155e0d63b5ca9fbbd9c73410687a589eddf' \
  | jq . \
  | less -S

...by MD5 hash:

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/scan/favicons?md5=cbc0168713777ee346ab9548f44f4f05' \
  | jq . \
  | less -S

...by Murmur3 (32-bit) hash:

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/scan/favicons?murmur3=613284182' \
  | jq . \
  | less -S

...or by URL (including hostnames within URLs):

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/scan/favicons?field=url:dns.google' \
  | jq . \
  | less -S
{
  "page": 0,
  "pages": 18,
  "result_count": 1758,
  "results": [
    {
      "date": "2019-05-13",
      "id": "vA3PVcnJQOqcgr5884j5Lw",
      "items": [
        {
          "context": "",
          "is_metadata": true,
          "type": "url",
          "value": "https://dns.google/static/93dd5954/favicon.png"
        },
        ...

Results are in the same "report" format described in the Internet Scans section.

The scan/favicons endpoint also accepts the page=, from= / to=, filter= and host_in_url= parameters. These work in exactly the same way as described in the Internet Scans section.

To see only the most recent lookup results for a URL, set the most_recent=true parameter.

Retrieving Content

To retrieve the content of a specific favicon, find the the item with type obj-sha1 in the return from a scan/favicons call. Take the value of this item, and the date on which it was seen, and then call:

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/scan/favicons/body?hash=93dd5954bcdc8990bcb0bded60713b10702ee497&date=2019-05-13' \
  | jq -rc '.body' | base64 -d \
  > result.png
example favicon

On Mac, use base64 -D instead of base64 -d.