Service Fingerprinting
について
このスキルは、発見されたホスト上で動作している特定のサービス、ソフトウェアのバージョン、およびテクノロジーを特定するための技術を提供します。これはホスト発見後に使用され、脆弱性評価のためのテクノロジースタックをマッピングしたり、標的型のエクスプロイト戦略を準備したりするために活用されます。その手法は、正確なフィンガープリンティングのために、アクティブなプロービング、バナーグラブ、および挙動解析を組み合わせています。
クイックインストール
Claude Code
推奨/plugin add https://github.com/macaugh/super-rouge-hunter-skillsgit clone https://github.com/macaugh/super-rouge-hunter-skills.git ~/.claude/skills/Service FingerprintingこのコマンドをClaude Codeにコピー&ペーストしてスキルをインストールします
ドキュメント
Service Fingerprinting
Overview
Service fingerprinting identifies the specific software, version, and configuration of network services. Accurate fingerprinting enables targeted vulnerability assessment, exploit selection, and understanding of the attack surface. This skill combines active probing, banner grabbing, and behavioral analysis.
Core principle: Start passive, escalate to active when needed. Combine multiple techniques for accuracy.
When to Use
- After discovering live hosts (from subdomain enumeration)
- Before vulnerability scanning or exploitation
- When building detailed target intelligence
- During penetration testing reconnaissance phase
Techniques
Port Scanning
# Fast SYN scan of common ports
nmap -sS -F target.com
# Comprehensive scan of all ports
nmap -p- -T4 target.com
# Service version detection
nmap -sV -p 80,443,22,3306 target.com
# OS detection
sudo nmap -O target.com
# Aggressive scan (version, OS, scripts, traceroute)
nmap -A target.com
Banner Grabbing
# Manual banner grab
nc target.com 80
GET / HTTP/1.0
# Automated with nmap
nmap -sV --version-intensity 9 -p 80,443 target.com
# Multiple services
for port in 21 22 25 80 443 3306; do
echo "=== Port $port ==="
nc -w 2 target.com $port
done
HTTP/HTTPS Fingerprinting
# Detailed HTTP headers
curl -I https://target.com
# Technology detection
whatweb -a 3 https://target.com
# Certificate information
echo | openssl s_client -connect target.com:443 2>/dev/null | openssl x509 -noout -text
Specialized Scanners
# Database fingerprinting
nmap -p 3306 --script mysql-info target.com
nmap -p 5432 --script pgsql-info target.com
# SMB enumeration
nmap -p 445 --script smb-os-discovery target.com
# SSH fingerprinting
ssh-audit target.com
Common Services
| Port | Service | Fingerprinting Command |
|---|---|---|
| 21 | FTP | nc target.com 21 |
| 22 | SSH | nc target.com 22 |
| 80/443 | HTTP/HTTPS | curl -I https://target.com |
| 3306 | MySQL | nmap -p 3306 --script mysql-info |
| 5432 | PostgreSQL | nmap -p 5432 --script pgsql-info |
| 6379 | Redis | redis-cli -h target.com info |
| 27017 | MongoDB | nmap -p 27017 --script mongodb-info |
Integration with Other Skills
- skills/reconnaissance/automated-subdomain-enum - Provides targets
- skills/reconnaissance/web-app-recon - Detailed HTTP analysis
- skills/exploitation/* - Informs exploit selection
GitHub リポジトリ
関連スキル
algorithmic-art
メタThis Claude Skill creates original algorithmic art using p5.js with seeded randomness and interactive parameters. It generates .md files for algorithmic philosophies, plus .html and .js files for interactive generative art implementations. Use it when developers need to create flow fields, particle systems, or other computational art while avoiding copyright issues.
subagent-driven-development
開発This skill executes implementation plans by dispatching a fresh subagent for each independent task, with code review between tasks. It enables fast iteration while maintaining quality gates through this review process. Use it when working on mostly independent tasks within the same session to ensure continuous progress with built-in quality checks.
executing-plans
デザインUse the executing-plans skill when you have a complete implementation plan to execute in controlled batches with review checkpoints. It loads and critically reviews the plan, then executes tasks in small batches (default 3 tasks) while reporting progress between each batch for architect review. This ensures systematic implementation with built-in quality control checkpoints.
cost-optimization
その他This Claude Skill helps developers optimize cloud costs through resource rightsizing, tagging strategies, and spending analysis. It provides a framework for reducing cloud expenses and implementing cost governance across AWS, Azure, and GCP. Use it when you need to analyze infrastructure costs, right-size resources, or meet budget constraints.