MCP HubMCP Hub
Back to Skills

Service Fingerprinting

macaugh
Updated Today
69 views
2
2
View on GitHub
Othergeneral

About

This skill provides techniques to identify the specific services, software versions, and technologies running on discovered hosts. It is used after host discovery to map the technology stack for vulnerability assessment or to prepare targeted exploitation strategies. The methods combine active probing, banner grabbing, and behavioral analysis for accurate fingerprinting.

Quick Install

Claude Code

Recommended
Plugin CommandRecommended
/plugin add https://github.com/macaugh/super-rouge-hunter-skills
Git CloneAlternative
git clone https://github.com/macaugh/super-rouge-hunter-skills.git ~/.claude/skills/Service Fingerprinting

Copy and paste this command in Claude Code to install this skill

Documentation

Service Fingerprinting

Overview

Service fingerprinting identifies the specific software, version, and configuration of network services. Accurate fingerprinting enables targeted vulnerability assessment, exploit selection, and understanding of the attack surface. This skill combines active probing, banner grabbing, and behavioral analysis.

Core principle: Start passive, escalate to active when needed. Combine multiple techniques for accuracy.

When to Use

  • After discovering live hosts (from subdomain enumeration)
  • Before vulnerability scanning or exploitation
  • When building detailed target intelligence
  • During penetration testing reconnaissance phase

Techniques

Port Scanning

# Fast SYN scan of common ports
nmap -sS -F target.com

# Comprehensive scan of all ports
nmap -p- -T4 target.com

# Service version detection
nmap -sV -p 80,443,22,3306 target.com

# OS detection
sudo nmap -O target.com

# Aggressive scan (version, OS, scripts, traceroute)
nmap -A target.com

Banner Grabbing

# Manual banner grab
nc target.com 80
GET / HTTP/1.0

# Automated with nmap
nmap -sV --version-intensity 9 -p 80,443 target.com

# Multiple services
for port in 21 22 25 80 443 3306; do
  echo "=== Port $port ===" 
  nc -w 2 target.com $port
done

HTTP/HTTPS Fingerprinting

# Detailed HTTP headers
curl -I https://target.com

# Technology detection
whatweb -a 3 https://target.com

# Certificate information
echo | openssl s_client -connect target.com:443 2>/dev/null | openssl x509 -noout -text

Specialized Scanners

# Database fingerprinting
nmap -p 3306 --script mysql-info target.com
nmap -p 5432 --script pgsql-info target.com

# SMB enumeration
nmap -p 445 --script smb-os-discovery target.com

# SSH fingerprinting
ssh-audit target.com

Common Services

PortServiceFingerprinting Command
21FTPnc target.com 21
22SSHnc target.com 22
80/443HTTP/HTTPScurl -I https://target.com
3306MySQLnmap -p 3306 --script mysql-info
5432PostgreSQLnmap -p 5432 --script pgsql-info
6379Redisredis-cli -h target.com info
27017MongoDBnmap -p 27017 --script mongodb-info

Integration with Other Skills

  • skills/reconnaissance/automated-subdomain-enum - Provides targets
  • skills/reconnaissance/web-app-recon - Detailed HTTP analysis
  • skills/exploitation/* - Informs exploit selection

GitHub Repository

macaugh/super-rouge-hunter-skills
Path: skills/reconnaissance/service-fingerprinting

Related Skills

subagent-driven-development

Development

This skill executes implementation plans by dispatching a fresh subagent for each independent task, with code review between tasks. It enables fast iteration while maintaining quality gates through this review process. Use it when working on mostly independent tasks within the same session to ensure continuous progress with built-in quality checks.

View skill

algorithmic-art

Meta

This Claude Skill creates original algorithmic art using p5.js with seeded randomness and interactive parameters. It generates .md files for algorithmic philosophies, plus .html and .js files for interactive generative art implementations. Use it when developers need to create flow fields, particle systems, or other computational art while avoiding copyright issues.

View skill

executing-plans

Design

Use the executing-plans skill when you have a complete implementation plan to execute in controlled batches with review checkpoints. It loads and critically reviews the plan, then executes tasks in small batches (default 3 tasks) while reporting progress between each batch for architect review. This ensures systematic implementation with built-in quality control checkpoints.

View skill

cost-optimization

Other

This Claude Skill helps developers optimize cloud costs through resource rightsizing, tagging strategies, and spending analysis. It provides a framework for reducing cloud expenses and implementing cost governance across AWS, Azure, and GCP. Use it when you need to analyze infrastructure costs, right-size resources, or meet budget constraints.

View skill