Discover Real IPs with Fav‑up: A Shodan‑Powered Favicon Recon Tool

Overview

Fav-up is an IP enumeration tool that leverages Shodan and website favicons to discover the real IP addresses of target services or devices.

Installation

Ensure Python 3 is installed, then clone the repository and install dependencies:

git clone https://github.com/pielco11/fav-up.git
pip3 install -r requirements.txt

A Shodan API key is also required.

Command‑line interface

Provide the API key using one of the following options:

-k, --key           Pass the key via stdin
-kf, --key-file     Specify a file containing the key
-sc, --shodan-cli   Retrieve the key from the Shodan CLI

After setting the key, you can use various modes:

-f,  --favicon-file   Path to a local favicon file
-fu, --favicon-url    URL of the favicon image
-w,  --web            Target website domain (auto‑detect favicon)
-fh, --favicon-hash   Search the web for the favicon hash

Input lists can be supplied:

-fl, --favicon-list  File with paths to favicons
-ul, --url-list      File with favicon URLs
-wl, --web-list      File with target domains

Results can be saved with:

-o, --output   Output file and format (e.g., csv)

Usage examples

# Favicon file
python3 favUp.py --favicon-file favicon.ico -sc

# Favicon URL
python3 favUp.py --favicon-url https://example.com/favicon.ico -sc

# Web mode
python3 favUp.py --web example.com -sc

Using as a Python module

from favUp import FavUp

f = FavUp()
f.shodanCLI = True
f.web = "example.com"
f.show = True
f.run()

for result in f.faviconsList:
    print(f"Real-IP: {result['found_ips']}")
    print(f"Hash: {result['favhash']}")

Resources

Project repository: https://github.com/pielco11/fav-up