MCP HubMCP Hub
Back to Skills

Service Fingerprinting

macaugh
Updated Yesterday
9 views
2
2
View on GitHub
Othergeneral

About

This skill provides techniques to identify the specific services, software versions, and technologies running on discovered hosts. It is used after host discovery to map the technology stack for vulnerability assessment or to prepare targeted exploitation strategies. The methods combine active probing, banner grabbing, and behavioral analysis for accurate fingerprinting.

Documentation

Service Fingerprinting

Overview

Service fingerprinting identifies the specific software, version, and configuration of network services. Accurate fingerprinting enables targeted vulnerability assessment, exploit selection, and understanding of the attack surface. This skill combines active probing, banner grabbing, and behavioral analysis.

Core principle: Start passive, escalate to active when needed. Combine multiple techniques for accuracy.

When to Use

  • After discovering live hosts (from subdomain enumeration)
  • Before vulnerability scanning or exploitation
  • When building detailed target intelligence
  • During penetration testing reconnaissance phase

Techniques

Port Scanning

# Fast SYN scan of common ports
nmap -sS -F target.com

# Comprehensive scan of all ports
nmap -p- -T4 target.com

# Service version detection
nmap -sV -p 80,443,22,3306 target.com

# OS detection
sudo nmap -O target.com

# Aggressive scan (version, OS, scripts, traceroute)
nmap -A target.com

Banner Grabbing

# Manual banner grab
nc target.com 80
GET / HTTP/1.0

# Automated with nmap
nmap -sV --version-intensity 9 -p 80,443 target.com

# Multiple services
for port in 21 22 25 80 443 3306; do
  echo "=== Port $port ===" 
  nc -w 2 target.com $port
done

HTTP/HTTPS Fingerprinting

# Detailed HTTP headers
curl -I https://target.com

# Technology detection
whatweb -a 3 https://target.com

# Certificate information
echo | openssl s_client -connect target.com:443 2>/dev/null | openssl x509 -noout -text

Specialized Scanners

# Database fingerprinting
nmap -p 3306 --script mysql-info target.com
nmap -p 5432 --script pgsql-info target.com

# SMB enumeration
nmap -p 445 --script smb-os-discovery target.com

# SSH fingerprinting
ssh-audit target.com

Common Services

PortServiceFingerprinting Command
21FTPnc target.com 21
22SSHnc target.com 22
80/443HTTP/HTTPScurl -I https://target.com
3306MySQLnmap -p 3306 --script mysql-info
5432PostgreSQLnmap -p 5432 --script pgsql-info
6379Redisredis-cli -h target.com info
27017MongoDBnmap -p 27017 --script mongodb-info

Integration with Other Skills

  • skills/reconnaissance/automated-subdomain-enum - Provides targets
  • skills/reconnaissance/web-app-recon - Detailed HTTP analysis
  • skills/exploitation/* - Informs exploit selection

Quick Install

/plugin add https://github.com/macaugh/super-rouge-hunter-skills/tree/main/service-fingerprinting

Copy and paste this command in Claude Code to install this skill

GitHub 仓库

macaugh/super-rouge-hunter-skills
Path: skills/reconnaissance/service-fingerprinting

Related Skills

analyzing-dependencies

Meta

This skill analyzes project dependencies for security vulnerabilities, outdated packages, and license compliance issues. It helps developers identify potential risks in their dependencies using the dependency-checker plugin. The skill supports popular package managers including npm, pip, composer, gem, and Go modules.

View skill

work-execution-principles

Other

This Claude Skill establishes core development principles for work breakdown, scope definition, testing strategies, and dependency management. It provides a systematic approach for code reviews, planning, and architectural decisions to ensure consistent quality standards across all development activities. The skill is universally applicable to any programming language or framework when starting development work or planning implementation approaches.

View skill

Git Commit Helper

Meta

This Claude Skill generates descriptive commit messages by analyzing git diffs. It automatically follows conventional commit format with proper types like feat, fix, and docs. Use it when you need help writing commit messages or reviewing staged changes in your repository.

View skill

subagent-driven-development

Development

This skill executes implementation plans by dispatching a fresh subagent for each independent task, with code review between tasks. It enables fast iteration while maintaining quality gates through this review process. Use it when working on mostly independent tasks within the same session to ensure continuous progress with built-in quality checks.

View skill