MurMurHash : Tool To Calculate A MurmurHash Value Of A Favicon To Hunt Phishing Websites On The Shodan Platform

MurMurHash is a tool used to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

What Is MurMurHash?

MurmurHash is a non-cryptographic hash function suitable for general hash-based lookup. The name comes from two basic operations, multiply (MU) and rotate (R), used in its inner loop. The current version is MurmurHash3 which yields a 32-bit or 128-bit hash value. When using 128-bits, the x86 and x64 versions do not produce the same values, as the algorithms are optimized for their respective platforms. MurmurHash3 was released alongside SMHasher—a hash function test suite.

How To Install?

git clone https://github.com/Viralmaniar/MurMurHash.git
cd MurMurHash
pip install -r requirements.txt
python MurMurHash.py

Hunting Phish Events For Paypal & Tesla

After reading about hunting of phishing websites using favicon hashes I thought to generalise it to accept Favicon URLs for quick analysis on the Shodan.

Looking for a favicon icon file on the orginal website of Paypal:

Using MurMurHash.py file generating hash of the icon: 

Searching on Shodan for Paypal phishing domains/IPs:

https://www.shodan.io/search?query=http.favicon.hash%3A309020573

Now, let’s search for Tesla icon on the original site:

Searching on Shodan for Tesla phishing domains/IPs:

Validating Shodan results:

R K

Recent Posts

SpyAI : Intelligent Malware With Advanced Capabilities

SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…

1 day ago

Proxmark3 : The Ultimate Tool For RFID Security And Analysis

The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…

1 day ago

Awesome Solana Security : Enhancing Program Development

The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…

1 day ago

IngressNightmare-POCs : Understanding The Vulnerability Exploitation Flow

The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…

1 day ago

AdaptixC2 : Enhancing Penetration Testing With Advanced Framework Capabilities

AdaptixC2 is an advanced post-exploitation and adversarial emulation framework designed specifically for penetration testers. It…

1 day ago

Bincrypter : Enhancing Linux Binary Security through Runtime Encryption And Obfuscation

Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to…

1 day ago