Favihunter is a reconnaissance and pivoting tool designed to facilitate internet asset discovery by analyzing favicon hashes. It helps Cyber Threat Intelligence (CTI) analysts, Red Teams, and Blue Teams to map an organization’s attack surface and identify potential phishing or fraudulent websites that impersonate its visual identity.

The tool accepts a URL or a list of URLs, extracts the favicon from each page, calculates its hashes compatible with various search engines, and generates ready-to-use search links for platforms like Shodan, FOFA, Silent Push, Censys, Validin, and others. Additionally, Favihunter enables searching for other domains using the same favicon through VirusTotal, enhancing threat investigation capabilities.

� Key Features:
✔ Automated pivoting process, generating direct search links for multiple engines.
✔ Supports multiple favicon formats (ICO, PNG).
✔ Automatic calculation of hashes (MMH3, SHA256, MD5) compatible with each platform.
✔ Searches for domains sharing the same favicon via VirusTotal.
✔ Accepts input as a single URL or a list of URLs.
✔ Helps discover exposed assets, fake websites, and internet threats.

� GitHub Project: https://github.com/eremit4/favihunter
� Available on PyPI: https://pypi.org/project/favihunter/

Some Showcases:
Hunting Supershell C2 panels: https://x.com/_tobir4ma/status/1858612964787388685
Pivoting in Lazarus' Contagious Interview campaign: https://x.com/_tobir4ma/status/1878648216817992022