Service Fingerprinting
关于
This skill provides techniques to identify the specific services, software versions, and technologies running on discovered hosts. It is used after host discovery to map the technology stack for vulnerability assessment or to prepare targeted exploitation strategies. The methods combine active probing, banner grabbing, and behavioral analysis for accurate fingerprinting.
技能文档
Service Fingerprinting
Overview
Service fingerprinting identifies the specific software, version, and configuration of network services. Accurate fingerprinting enables targeted vulnerability assessment, exploit selection, and understanding of the attack surface. This skill combines active probing, banner grabbing, and behavioral analysis.
Core principle: Start passive, escalate to active when needed. Combine multiple techniques for accuracy.
When to Use
- After discovering live hosts (from subdomain enumeration)
- Before vulnerability scanning or exploitation
- When building detailed target intelligence
- During penetration testing reconnaissance phase
Techniques
Port Scanning
# Fast SYN scan of common ports
nmap -sS -F target.com
# Comprehensive scan of all ports
nmap -p- -T4 target.com
# Service version detection
nmap -sV -p 80,443,22,3306 target.com
# OS detection
sudo nmap -O target.com
# Aggressive scan (version, OS, scripts, traceroute)
nmap -A target.com
Banner Grabbing
# Manual banner grab
nc target.com 80
GET / HTTP/1.0
# Automated with nmap
nmap -sV --version-intensity 9 -p 80,443 target.com
# Multiple services
for port in 21 22 25 80 443 3306; do
echo "=== Port $port ==="
nc -w 2 target.com $port
done
HTTP/HTTPS Fingerprinting
# Detailed HTTP headers
curl -I https://target.com
# Technology detection
whatweb -a 3 https://target.com
# Certificate information
echo | openssl s_client -connect target.com:443 2>/dev/null | openssl x509 -noout -text
Specialized Scanners
# Database fingerprinting
nmap -p 3306 --script mysql-info target.com
nmap -p 5432 --script pgsql-info target.com
# SMB enumeration
nmap -p 445 --script smb-os-discovery target.com
# SSH fingerprinting
ssh-audit target.com
Common Services
| Port | Service | Fingerprinting Command |
|---|---|---|
| 21 | FTP | nc target.com 21 |
| 22 | SSH | nc target.com 22 |
| 80/443 | HTTP/HTTPS | curl -I https://target.com |
| 3306 | MySQL | nmap -p 3306 --script mysql-info |
| 5432 | PostgreSQL | nmap -p 5432 --script pgsql-info |
| 6379 | Redis | redis-cli -h target.com info |
| 27017 | MongoDB | nmap -p 27017 --script mongodb-info |
Integration with Other Skills
- skills/reconnaissance/automated-subdomain-enum - Provides targets
- skills/reconnaissance/web-app-recon - Detailed HTTP analysis
- skills/exploitation/* - Informs exploit selection
快速安装
/plugin add https://github.com/macaugh/super-rouge-hunter-skills/tree/main/service-fingerprinting在 Claude Code 中复制并粘贴此命令以安装该技能
GitHub 仓库
相关推荐技能
analyzing-dependencies
元这个Claude Skill能自动分析项目依赖的安全漏洞、过时包和许可证合规问题。它支持npm、pip、composer、gem和go modules等多种包管理器,帮助开发者识别潜在风险。当您需要检查依赖安全性、更新过时包或确保许可证兼容时,可使用"check dependencies"等触发短语来调用。
work-execution-principles
其他这个Claude Skill为开发者提供了一套通用的工作执行原则,涵盖任务分解、范围确定、测试策略和依赖管理。它确保开发活动中的一致质量标准,适用于代码审查、工作规划和架构决策等场景。该技能与所有编程语言和框架兼容,帮助开发者系统化地组织代码结构和定义工作边界。
Git Commit Helper
元Git Commit Helper能通过分析git diff自动生成规范的提交信息,适用于开发者编写提交消息或审查暂存区变更时。它能识别代码变更类型并自动匹配Conventional Commits规范,提供包含功能类型、作用域和描述的标准化消息。开发者只需提供git diff内容即可获得即用型的提交消息建议。
nextjs
开发This Next.js Skill provides architectural standards and BFF patterns for Next.js 15.5+ projects using App Router. It enforces clear server/client component separation, implements Server Actions and Route Handlers, and ensures performance optimization with SEO best practices. Use it when designing App Router structures, implementing data fetching strategies, or building BFF architectures.