muki-fingerprint
MUKI asset fingerprinting tool for red team reconnaissance. Use when performing authorized penetration testing, asset discovery, service fingerprinting, vulnerability scanning, and attack surface mapping. Supports active/passive fingerprinting with 30,000+ signatures, sensitive path detection, and sensitive information extraction. Requires explicit authorization for target systems.
Best use case
muki-fingerprint is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
MUKI asset fingerprinting tool for red team reconnaissance. Use when performing authorized penetration testing, asset discovery, service fingerprinting, vulnerability scanning, and attack surface mapping. Supports active/passive fingerprinting with 30,000+ signatures, sensitive path detection, and sensitive information extraction. Requires explicit authorization for target systems.
Teams using muki-fingerprint should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/muki-fingerprint/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How muki-fingerprint Compares
| Feature / Agent | muki-fingerprint | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
MUKI asset fingerprinting tool for red team reconnaissance. Use when performing authorized penetration testing, asset discovery, service fingerprinting, vulnerability scanning, and attack surface mapping. Supports active/passive fingerprinting with 30,000+ signatures, sensitive path detection, and sensitive information extraction. Requires explicit authorization for target systems.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
AI Agent for Product Research
Browse AI agent skills for product research, competitive analysis, customer discovery, and structured product decision support.
AI Agents for Marketing
Discover AI agents for marketing workflows, from SEO and content production to campaign research, outreach, and analytics.
SKILL.md Source
# MUKI Asset Fingerprinting Tool
MUKI is an active asset fingerprinting tool built for red team operations. It enables security researchers to rapidly pinpoint vulnerable systems from chaotic C-class segments and massive asset lists.
## Prerequisites
- Linux amd64 system
- Network access to target systems
- **Explicit written authorization** for all target systems
## Quick Start
```bash
# Scan single URL
muki -u https://target.com
# Scan multiple URLs from file
muki -l targets.txt
# Scan with proxy
muki -u https://target.com -p socks5://127.0.0.1:1080
# Disable specific modules
muki -u https://target.com -A -N # No active, no directory scan
```
## Command Options
```
-h, --help Show help
-u, --url string Single URL to scan
-l, --list string File containing URLs (one per line)
-o, --output string Output file path
-p, --proxy string Proxy server (http:// or socks5://)
-t, --thread int Number of threads (default: 20, max: 100)
-A, --no-active Disable active fingerprint scanning
-N, --no-dir Disable directory scanning
-x, --no-passive Disable passive fingerprint scanning
```
## Core Modules
### 1. Active Fingerprinting (-A to disable)
Sends protocol-specific probes to identify services with high confidence.
- 300+ active fingerprint rules
- Covers SSH, RDP, web servers, databases
- Protocol-specific probes
### 2. Passive Fingerprinting (-x to disable)
Analyzes response artifacts without additional traffic.
- 30,000+ precision fingerprints
- HTTP headers analysis
- TLS JA3 signatures
- HTML/CMS patterns
- WAF detection
### 3. Sensitive Path Detection (-N to disable)
Checks for high-risk paths using curated dictionaries.
- Admin interfaces (/admin, /manage)
- Config files (.env, config.php)
- Version control (/.git, /.svn)
- Vulnerability endpoints (Actuator, ThinkPHP routes)
- Backup files (.sql, .tar.gz)
### 4. Sensitive Information Extraction
Automatically extracts high-risk information from responses.
**Categories:**
- **Credentials**: Passwords, API keys, JDBC strings
- **Personal Data**: Phone numbers, emails, ID cards
- **Financial**: Bank cards
- **System Info**: Internal IPs, versions
- **Vulnerability Indicators**: ID parameters, redirect URLs
## Output Formats
### JSON Output
```json
{
"target": "https://example.com",
"fingerprints": [
{
"service": "Apache",
"version": "2.4.41",
"confidence": "high"
}
],
"sensitive_paths": [
{
"path": "/admin",
"status": 200,
"risk": "high"
}
],
"sensitive_data": [
{
"type": "email",
"value": "admin@example.com",
"source": "response body"
}
]
}
```
### Excel Output
Structured .xlsx report with multiple sheets:
- Asset inventory
- Service fingerprints
- Sensitive paths
- Extracted data
## Workflow
### Standard Reconnaissance
```bash
# 1. Prepare target list
cat > targets.txt << 'EOF'
https://target1.com
https://target2.com
192.168.1.0/24
EOF
# 2. Run full scan
muki -l targets.txt -o results.json
# 3. Review results
cat results.json | jq '.fingerprints[]'
# 4. Generate Excel report
muki -l targets.txt -o report.xlsx
```
### Stealth Scan (with proxy)
```bash
# Use Tor proxy for anonymity
muki -u https://target.com -p socks5://127.0.0.1:9050
# Or use HTTP proxy
muki -u https://target.com -p http://127.0.0.1:8080
```
### Targeted Scan
```bash
# Fast scan - only passive fingerprinting
muki -u https://target.com -A -N
# Deep scan - all modules
muki -u https://target.com -t 50
```
## Fingerprint Databases
### finger.json (30,000+ fingerprints)
Passive fingerprint database covering:
- Web frameworks (React, Vue, Django, Spring)
- Middleware (Apache, Nginx, IIS, Tomcat)
- CMS (WordPress, Drupal, Joomla)
- WAFs (Cloudflare, ModSecurity, AWS WAF)
- APIs (GraphQL, REST, SOAP)
- Known vulnerabilities (CVE signatures)
### active_finger.json (300+ rules)
Active probing rules for:
- Web servers
- Databases (MySQL, PostgreSQL, MongoDB)
- Remote access (SSH, RDP, Telnet)
- Services (Redis, Elasticsearch, Docker)
### Rules.yml
Sensitive information extraction rules organized by groups:
- **疑似漏洞**: ID parameters (SQLi indicators)
- **指纹信息**: URL redirects, sensitive paths
- **敏感信息**: Passwords, accounts, JDBC strings
- **基础信息**: Emails, ID cards, phones, bank cards
## Best Practices
### 1. Authorization
- Always obtain written authorization before scanning
- Define scope clearly (IPs, domains, time windows)
- Respect rate limits and business hours
### 2. Stealth
- Use proxies for external targets
- Adjust thread count to avoid detection
- Consider using -A -N for passive-only recon
### 3. Data Handling
- Store results securely
- Encrypt sensitive findings
- Limit access to authorized personnel only
- Delete data after engagement ends
### 4. False Positive Reduction
- Cross-reference findings with manual verification
- Use multiple detection methods
- Check context of extracted sensitive data
## Legal and Ethical Considerations
**WARNING**: This tool is for authorized security testing only.
- Unauthorized scanning may violate laws (CFAA, Computer Misuse Act, etc.)
- Only use on systems you own or have explicit permission to test
- Extracting sensitive data without authorization is illegal
- Report findings responsibly through proper channels
## Integration
### With Other Tools
```bash
# Chain with nuclei for vulnerability scanning
cat muki_output.txt | nuclei -t cves/
# Import to Burp Suite
cat results.json | jq -r '.sensitive_paths[].path' > burp_scope.txt
# Feed to SQLMap for SQL injection testing
cat results.json | jq -r '.vulnerable_params[]' | sqlmap -m -
```
## Troubleshooting
### High Memory Usage
- Reduce thread count: `-t 10`
- Scan in smaller batches
- Disable passive fingerprinting: `-x`
### False Positives
- Verify findings manually
- Check rule specificity in Rules.yml
- Adjust confidence thresholds
### Connection Issues
- Check proxy configuration
- Verify network connectivity
- Increase timeout values
## References
- Original Repository: https://github.com/yingfff123/MUKI
- Fingerprint Databases: See references/finger.json, active_finger.json
- Extraction Rules: See references/Rules.yml
## License
MIT License - See original repository for details.Related Skills
---
name: article-factory-wechat
humanizer
Remove signs of AI-generated writing from text. Use when editing or reviewing text to make it sound more natural and human-written. Based on Wikipedia's comprehensive "Signs of AI writing" guide. Detects and fixes patterns including: inflated symbolism, promotional language, superficial -ing analyses, vague attributions, em dash overuse, rule of three, AI vocabulary words, negative parallelisms, and excessive conjunctive phrases.
find-skills
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.
tavily-search
Use Tavily API for real-time web search and content extraction. Use when: user needs real-time web search results, research, or current information from the web. Requires Tavily API key.
baidu-search
Search the web using Baidu AI Search Engine (BDSE). Use for live information, documentation, or research topics.
agent-autonomy-kit
Stop waiting for prompts. Keep working.
Meeting Prep
Never walk into a meeting unprepared again. Your agent researches all attendees before calendar events—pulling LinkedIn profiles, recent company news, mutual connections, and conversation starters. Generates a briefing doc with talking points, icebreakers, and context so you show up informed and confident. Triggered automatically before meetings or on-demand. Configure research depth, advance timing, and output format. Walking into meetings blind is amateur hour—missed connections, generic small talk, zero leverage. Use when setting up meeting intelligence, researching specific attendees, generating pre-meeting briefs, or automating your prep workflow.
self-improvement
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.
botlearn-healthcheck
botlearn-healthcheck — BotLearn autonomous health inspector for OpenClaw instances across 5 domains (hardware, config, security, skills, autonomy); triggers on system check, health report, diagnostics, or scheduled heartbeat inspection.
linkedin-cli
A bird-like LinkedIn CLI for searching profiles, checking messages, and summarizing your feed using session cookies.
notebooklm
Google NotebookLM 非官方 Python API 的 OpenClaw Skill。支持内容生成(播客、视频、幻灯片、测验、思维导图等)、文档管理和研究自动化。当用户需要使用 NotebookLM 生成音频概述、视频、学习材料或管理知识库时触发。
小红书长图文发布 Skill
## 概述