تشغيل أي مهارة في Manus بنقرة واحدة

$pwd:

recon-fingerprint

Name: Recon Fingerprint
Author: crazyMarky

// Web fingerprinting and WAF detection using wafw00f, whatweb, nuclei, and httpx. Use this skill when user needs to identify web technologies, detect WAF/CDN, analyze server headers, or fingerprint web applications and frameworks.

تشغيل في Manus

$ git log --oneline --stat

stars:١٧٠

forks:١٦

updated:١٥ فبراير ٢٠٢٦ في ٠٤:٢٥

مستكشف الملفات

12 ملفات

SKILL.md

readonly

related-skills.json

نفس المستودع

pentest-report.md

from "crazyMarky/pentest-skills"

按照标准格式生成渗透测试报告，包含项目信息表、漏洞发现清单、漏洞详情（含属性表、描述、复现步骤、证据截图、修复建议）、附录（风险等级定义、CVSS说明、词汇表）。当用户要求生成渗透测试报告、安全测试报告、漏洞报告时使用此技能。严格遵循项目模板目录中的标准格式。

2026-03-06170

exploit-file-download.md

from "crazyMarky/pentest-skills"

任意文件下载与本地文件包含 (LFI) 漏洞检测和利用工具。使用 curl、ffuf、wget 等工具测试文件下载漏洞，支持路径遍历、伪协议利用、敏感文件读取。当用户需要测试文件下载功能、检测 LFI 漏洞、读取服务器敏感文件时使用此技能。

2026-03-05170

exploit-lfi.md

from "crazyMarky/pentest-skills"

本地文件包含 (LFI) 漏洞检测和利用工具。使用 curl、ffuf 等工具测试 LFI 漏洞，支持路径遍历、PHP 伪协议利用、日志投毒 RCE、敏感文件读取。当用户需要检测 LFI 漏洞、利用文件包含漏洞读取服务器文件时使用此技能。

2026-03-05170

exploit-file-download.md

from "crazyMarky/pentest-skills"

Arbitrary file download vulnerability detection and exploitation using path traversal techniques, bypass methods, and sensitive file discovery. Use this skill when user needs to test for file download vulnerabilities, path traversal, or read sensitive files on target systems.

2026-02-15170

exploit-sqli.md

from "crazyMarky/pentest-skills"

SQL injection detection and exploitation using sqlmap, manual techniques, and custom payloads. Use this skill when user needs to test for SQL injection vulnerabilities, extract database information, or exploit SQLi in parameters, headers, or cookies.

2026-02-15170

exploit-xss.md

from "crazyMarky/pentest-skills"

Cross-site scripting (XSS) vulnerability detection and exploitation. Supports reflected XSS, stored XSS, DOM-based XSS, and blind XSS testing. Use this skill when user mentions XSS, cross-site scripting, script injection, or needs to test JavaScript injection in parameters, forms, headers, or DOM sources.

2026-02-15170

package.json

"author": "crazyMarky"

"repository": "crazyMarky/pentest-skills"

فتح مستودع GitHub عرض مستودعات المنشئ

$ install --global

$ download --local

تشغيل في Manus

$ useful --forSOC

محللو أمن المعلوماتمهن الحاسوب والرياضيات15-1212L4

name	recon-fingerprint
description	Web fingerprinting and WAF detection using wafw00f, whatweb, nuclei, and httpx. Use this skill when user needs to identify web technologies, detect WAF/CDN, analyze server headers, or fingerprint web applications and frameworks.

Web Fingerprinting & WAF Detection

Authorization Warning

IMPORTANT: Web fingerprinting sends requests to target servers. Always ensure you have:

Written permission from the target application owner
Defined scope of authorized testing
Legal compliance with local regulations

Prerequisites

Required tools that must be installed on your system:

httpx - go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
nuclei - go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest

Optional tools:

wafw00f - pip install wafw00f
whatweb - Package manager installation
fingerprintx - go install github.com/praetorian-inc/fingerprintx/cmd/fingerprintx@latest

Quick Start

Most commonly used commands for web fingerprinting:

Basic Technology Detection

whatweb https://target.com

WAF Detection

wafw00f https://target.com

HTTP Header Analysis

curl -I https://target.com

Comprehensive Fingerprinting (Nuclei)

nuclei -u https://target.com -tags tech

Common Scenarios

Scenario 1: Quick Technology Fingerprinting

When you need to quickly identify the technology stack:

whatweb https://target.com --aggression 1

Parameters:

--aggression 1 - Quick scan (1-4, default 1)
-a 3 - More aggressive (more requests)
-v - Verbose output

Example:

whatweb https://target.com -a 3

Scenario 2: WAF Detection

When you need to detect WAF/CDN protection:

wafw00f https://target.com

Output shows:

WAF vendor (Cloudflare, AWS WAF, Imperva, etc.)
CDN in use
Firewall rules detected

Check multiple targets:

wafw00f -i targets.txt

Scenario 3: Server Header Analysis

When you need to analyze HTTP headers:

curl -I https://target.com

Detailed headers:

curl -v https://target.com 2>&1 | grep -i "< "

Common headers to check:

Server: nginx/1.18.0
X-Powered-By: PHP/7.4
X-AspNet-Version: 4.0.30319
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

Scenario 4: Technology Detection with Nuclei

When you need comprehensive technology fingerprinting:

nuclei -u https://target.com -tags tech -severity info

Specific technologies:

nuclei -u https://target.com -tags "wordpress,joomla,drupal"
nuclei -u https://target.com -tags "spring-boot,struts2"
nuclei -u https://target.com -tags "react,vue,angular"

Scenario 5: HTTPx Fingerprinting

When you need fast HTTP probing with tech detection:

httpx -u https://target.com -tech-detect -status-code -title

Parameters:

-tech-detect - Enable technology detection
-status-code - Show HTTP status
-title - Extract page title
-server - Show server header
-websocket - Detect WebSocket
-cdn - Detect CDN

Example:

httpx -u https://target.com -tech-detect -server -cdn -ssl

Scenario 6: CMS Detection

When you need to identify the CMS:

whatweb https://target.com --aggression 3 | grep -i cms

Nuclei CMS detection:

nuclei -u https://target.com -tags cms

Common CMS indicators:

WordPress: /wp-login.php, /wp-admin/, wp-json
Drupal: /user/login, Drupal.settings
Joomla: /administrator/components, Joomla!
TYPO3: /typo3conf

Scenario 7: JavaScript Framework Detection

When you need to identify frontend frameworks:

curl -s https://target.com | grep -i "react\|vue\|angular\|jquery"

Check specific framework files:

# React
curl -s https://target.com | grep -i "react"

# Vue.js
curl -s https://target.com | grep -i "vue\.js\|vue-"

# Angular
curl -s https://target.com | grep -i "angular\|ng-app"

# jQuery
curl -s https://target.com | grep -i "jquery"

Scenario 8: Server Version Detection

When you need to identify server software and version:

nmap -sV -p 443,80 target.com

HTTP server banner:

curl -I https://target.com | grep -i server

Use httpx for server detection:

httpx -u https://target.com -server -response-time

Scenario 9: CDN Detection

When you need to identify CDN providers:

httpx -u https://target.com -cdn

Check HTTP headers for CDN:

curl -I https://target.com | grep -i "cf-ray\|x-amz\|x-akamai\|x-fastly"

Common CDN headers:

Cloudflare: cf-ray, cf-cache-status
AWS CloudFront: x-amz-cf-id
Akamai: x-akamai-transformed
Fastly: x-served-by, fastly-ssl
CloudFront: via, x-amz-cf-pop

Scenario 10: SSL/TLS Fingerprinting

When you need to analyze SSL configuration:

nmap --script ssl-cert,ssl-enum-ciphers -p 443 target.com

SSL info with curl:

curl -vI https://target.com 2>&1 | grep -i ssl

Using testssl.sh:

testssl.sh https://target.com

Tool Selection Guide

Scenario	Recommended Tool	Command
Quick tech detect	whatweb	`whatweb https://target.com`
WAF detection	wafw00f	`wafw00f https://target.com`
Header analysis	curl	`curl -I https://target.com`
Comprehensive	nuclei	`nuclei -u https://target.com -tags tech`
Fast probing	httpx	`httpx -u https://target.com -tech-detect`
CMS detection	nuclei	`nuclei -u https://target.com -tags cms`
CDN detection	httpx	`httpx -u https://target.com -cdn`

Tool Comparison:

Tool	Speed	Coverage	Best For
whatweb	Fast	Good	Quick tech stack
wafw00f	Fast	WAF only	WAF detection
nuclei	Medium	Excellent	Comprehensive
httpx	Very Fast	Basic	Fast probing
nmap	Slow	Deep	SSL/Server details

Technology Fingerprints

Web Servers

Server	Header Pattern	Common Versions
nginx	`Server: nginx`	1.18.x, 1.20.x, 1.22.x
Apache	`Server: Apache`	2.4.x, 2.2.x
IIS	`Server: Microsoft-IIS`	7.5, 8.0, 8.5, 10.0
Cloudflare Server	`Server: cloudflare`	-

Backend Frameworks

Framework	Indicators
PHP	`X-Powered-By: PHP`, `.php` URLs
Python	`Server: WSGIServer`, Python headers
Ruby	`X-Powered-By: Phusion Passenger`
Node.js	`X-Powered-By: Express`
Java	`X-Powered-By: JSP`, `.jspx`, `.do`
.NET	`X-AspNet-Version`, `.aspx`
Go	`Server: Go-http-server`

Frontend Frameworks

Framework	File/Pattern
React	`react.js`, `react-dom`, `_react`, `__REACT__`
Vue.js	`vue.js`, `vue-router`, `v-if`, `v-for`
Angular	`ng-app`, `angular.js`, `zone.js`
jQuery	`jquery.js`, `$(`, `.ajax()`

WAF Signatures

WAF	Detection Method
Cloudflare	`cf-ray`, `cf-cache-status` headers
AWS WAF	`x-amz-cf-id` headers
Imperva	`X-Iinfo`, `X-CDN` headers
Akamai	`akamai-origin` headers
F5 ASM	`BIGipServer` cookies
ModSecurity	`Mod_Security` headers
Barracuda	`barra_counter_session` cookies

Tips and Best Practices

Start passive - Use headers and page content first
Check multiple sources - Combine tool outputs for accuracy
Verify versions - Technology detection is not always precise
Note evasion - Some sites hide their technology stack
WAF first - Always check for WAF before active scanning
CDN consideration - CDN may hide actual server info
Save results - Record fingerprints for correlation

Resources

Scripts

scripts/extract_headers.py - Extract and analyze HTTP headers
scripts/tech_matcher.py - Match technologies from responses
scripts/waf_detector.py - Detect WAF from headers/cookies

References

references/whatweb_guide.md - WhatWeb reference guide
references/wafw00f_guide.md - WAF detection guide
references/httpx_guide.md - HTTPx reference
references/fingerprinting_techniques.md - Advanced fingerprinting methods

Scenario: Persistent Storage of Fingerprinting Results

When you need to persist web fingerprinting results to the database:

# Manual entry after fingerprinting
python .claude/skills/recon-fingerprint/scripts/fingerprint_storage.py \
  --host-ip 192.168.1.100 \
  --url "https://example.com" \
  --technology "Apache 2.4.41" \
  --category "web-server" \
  --version "2.4.41" \
  --subsystem "Web Application"

Parameters:

--host-ip - Target host IP (required)
--url - Target URL (required)
--technology - Discovered technology (required)
--category - Technology category: web-server, cms, framework, etc. (optional)
--version - Technology version (optional)
--confidence - Confidence level (optional)
--subsystem - Subsystem name (optional)

Database location: ./data/results.db

Related skills: results-storage - Query data, generate reports

Assets

assets/waf-signatures.txt - Known WAF signatures
assets/tech-headers.txt - Technology header patterns
assets/cms-fingerprints.txt - CMS detection patterns

recon-fingerprint

المزيد من هذا المستودع

المزيد من هذا المستودع

Web Fingerprinting & WAF Detection

Authorization Warning

Prerequisites

Quick Start

Basic Technology Detection

WAF Detection

HTTP Header Analysis

Comprehensive Fingerprinting (Nuclei)

Common Scenarios

Scenario 1: Quick Technology Fingerprinting

Scenario 2: WAF Detection

Scenario 3: Server Header Analysis

Scenario 4: Technology Detection with Nuclei

Scenario 5: HTTPx Fingerprinting

Scenario 6: CMS Detection

Scenario 7: JavaScript Framework Detection

Scenario 8: Server Version Detection

Scenario 9: CDN Detection

Scenario 10: SSL/TLS Fingerprinting

Tool Selection Guide

Technology Fingerprints

Web Servers

Backend Frameworks

Frontend Frameworks

WAF Signatures

Tips and Best Practices

Resources

Scripts

References

Scenario: Persistent Storage of Fingerprinting Results

Assets

Web Fingerprinting & WAF Detection

Authorization Warning

Prerequisites

Quick Start

Basic Technology Detection

WAF Detection

HTTP Header Analysis

Comprehensive Fingerprinting (Nuclei)

Common Scenarios

Scenario 1: Quick Technology Fingerprinting

Scenario 2: WAF Detection

Scenario 3: Server Header Analysis

Scenario 4: Technology Detection with Nuclei

Scenario 5: HTTPx Fingerprinting

Scenario 6: CMS Detection

Scenario 7: JavaScript Framework Detection

Scenario 8: Server Version Detection

Scenario 9: CDN Detection

Scenario 10: SSL/TLS Fingerprinting

Tool Selection Guide

Technology Fingerprints

Web Servers

Backend Frameworks

Frontend Frameworks

WAF Signatures

Tips and Best Practices

Resources

Scripts

References

Scenario: Persistent Storage of Fingerprinting Results

Assets