{ "schemaVersion": "1.0", "item": { "slug": "muki-fingerprint", "name": "MUKI Asset Fingerprinting", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/Admin4Giter/muki-fingerprint", "canonicalUrl": "https://clawhub.ai/Admin4Giter/muki-fingerprint", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/muki-fingerprint", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=muki-fingerprint", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "references/Rules.yml", "references/active_finger.json", "references/active_finger精简.json", "references/finger.json", "references/quick-reference.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "muki-fingerprint", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-05T06:11:26.962Z", "expiresAt": "2026-05-12T06:11:26.962Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=muki-fingerprint", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=muki-fingerprint", "contentDisposition": "attachment; filename=\"muki-fingerprint-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "muki-fingerprint" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/muki-fingerprint" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/muki-fingerprint", "agentPageUrl": "https://openagent3.xyz/skills/muki-fingerprint/agent", "manifestUrl": "https://openagent3.xyz/skills/muki-fingerprint/agent.json", "briefUrl": "https://openagent3.xyz/skills/muki-fingerprint/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "MUKI Asset Fingerprinting Tool", "body": "MUKI is an active asset fingerprinting tool built for red team operations. It enables security researchers to rapidly pinpoint vulnerable systems from chaotic C-class segments and massive asset lists." }, { "title": "Prerequisites", "body": "Linux amd64 system\nNetwork access to target systems\nExplicit written authorization for all target systems" }, { "title": "Quick Start", "body": "# Scan single URL\nmuki -u https://target.com\n\n# Scan multiple URLs from file\nmuki -l targets.txt\n\n# Scan with proxy\nmuki -u https://target.com -p socks5://127.0.0.1:1080\n\n# Disable specific modules\nmuki -u https://target.com -A -N # No active, no directory scan" }, { "title": "Command Options", "body": "-h, --help Show help\n-u, --url string Single URL to scan\n-l, --list string File containing URLs (one per line)\n-o, --output string Output file path\n-p, --proxy string Proxy server (http:// or socks5://)\n-t, --thread int Number of threads (default: 20, max: 100)\n-A, --no-active Disable active fingerprint scanning\n-N, --no-dir Disable directory scanning \n-x, --no-passive Disable passive fingerprint scanning" }, { "title": "1. Active Fingerprinting (-A to disable)", "body": "Sends protocol-specific probes to identify services with high confidence.\n\n300+ active fingerprint rules\nCovers SSH, RDP, web servers, databases\nProtocol-specific probes" }, { "title": "2. Passive Fingerprinting (-x to disable)", "body": "Analyzes response artifacts without additional traffic.\n\n30,000+ precision fingerprints\nHTTP headers analysis\nTLS JA3 signatures\nHTML/CMS patterns\nWAF detection" }, { "title": "3. Sensitive Path Detection (-N to disable)", "body": "Checks for high-risk paths using curated dictionaries.\n\nAdmin interfaces (/admin, /manage)\nConfig files (.env, config.php)\nVersion control (/.git, /.svn)\nVulnerability endpoints (Actuator, ThinkPHP routes)\nBackup files (.sql, .tar.gz)" }, { "title": "4. Sensitive Information Extraction", "body": "Automatically extracts high-risk information from responses.\n\nCategories:\n\nCredentials: Passwords, API keys, JDBC strings\nPersonal Data: Phone numbers, emails, ID cards\nFinancial: Bank cards\nSystem Info: Internal IPs, versions\nVulnerability Indicators: ID parameters, redirect URLs" }, { "title": "JSON Output", "body": "{\n \"target\": \"https://example.com\",\n \"fingerprints\": [\n {\n \"service\": \"Apache\",\n \"version\": \"2.4.41\",\n \"confidence\": \"high\"\n }\n ],\n \"sensitive_paths\": [\n {\n \"path\": \"/admin\",\n \"status\": 200,\n \"risk\": \"high\"\n }\n ],\n \"sensitive_data\": [\n {\n \"type\": \"email\",\n \"value\": \"admin@example.com\",\n \"source\": \"response body\"\n }\n ]\n}" }, { "title": "Excel Output", "body": "Structured .xlsx report with multiple sheets:\n\nAsset inventory\nService fingerprints\nSensitive paths\nExtracted data" }, { "title": "Standard Reconnaissance", "body": "# 1. Prepare target list\ncat > targets.txt << 'EOF'\nhttps://target1.com\nhttps://target2.com\n192.168.1.0/24\nEOF\n\n# 2. Run full scan\nmuki -l targets.txt -o results.json\n\n# 3. Review results\ncat results.json | jq '.fingerprints[]'\n\n# 4. Generate Excel report\nmuki -l targets.txt -o report.xlsx" }, { "title": "Stealth Scan (with proxy)", "body": "# Use Tor proxy for anonymity\nmuki -u https://target.com -p socks5://127.0.0.1:9050\n\n# Or use HTTP proxy\nmuki -u https://target.com -p http://127.0.0.1:8080" }, { "title": "Targeted Scan", "body": "# Fast scan - only passive fingerprinting\nmuki -u https://target.com -A -N\n\n# Deep scan - all modules\nmuki -u https://target.com -t 50" }, { "title": "finger.json (30,000+ fingerprints)", "body": "Passive fingerprint database covering:\n\nWeb frameworks (React, Vue, Django, Spring)\nMiddleware (Apache, Nginx, IIS, Tomcat)\nCMS (WordPress, Drupal, Joomla)\nWAFs (Cloudflare, ModSecurity, AWS WAF)\nAPIs (GraphQL, REST, SOAP)\nKnown vulnerabilities (CVE signatures)" }, { "title": "active_finger.json (300+ rules)", "body": "Active probing rules for:\n\nWeb servers\nDatabases (MySQL, PostgreSQL, MongoDB)\nRemote access (SSH, RDP, Telnet)\nServices (Redis, Elasticsearch, Docker)" }, { "title": "Rules.yml", "body": "Sensitive information extraction rules organized by groups:\n\n疑似漏洞: ID parameters (SQLi indicators)\n指纹信息: URL redirects, sensitive paths\n敏感信息: Passwords, accounts, JDBC strings\n基础信息: Emails, ID cards, phones, bank cards" }, { "title": "1. Authorization", "body": "Always obtain written authorization before scanning\nDefine scope clearly (IPs, domains, time windows)\nRespect rate limits and business hours" }, { "title": "2. Stealth", "body": "Use proxies for external targets\nAdjust thread count to avoid detection\nConsider using -A -N for passive-only recon" }, { "title": "3. Data Handling", "body": "Store results securely\nEncrypt sensitive findings\nLimit access to authorized personnel only\nDelete data after engagement ends" }, { "title": "4. False Positive Reduction", "body": "Cross-reference findings with manual verification\nUse multiple detection methods\nCheck context of extracted sensitive data" }, { "title": "Legal and Ethical Considerations", "body": "WARNING: This tool is for authorized security testing only.\n\nUnauthorized scanning may violate laws (CFAA, Computer Misuse Act, etc.)\nOnly use on systems you own or have explicit permission to test\nExtracting sensitive data without authorization is illegal\nReport findings responsibly through proper channels" }, { "title": "With Other Tools", "body": "# Chain with nuclei for vulnerability scanning\ncat muki_output.txt | nuclei -t cves/\n\n# Import to Burp Suite\ncat results.json | jq -r '.sensitive_paths[].path' > burp_scope.txt\n\n# Feed to SQLMap for SQL injection testing\ncat results.json | jq -r '.vulnerable_params[]' | sqlmap -m -" }, { "title": "High Memory Usage", "body": "Reduce thread count: -t 10\nScan in smaller batches\nDisable passive fingerprinting: -x" }, { "title": "False Positives", "body": "Verify findings manually\nCheck rule specificity in Rules.yml\nAdjust confidence thresholds" }, { "title": "Connection Issues", "body": "Check proxy configuration\nVerify network connectivity\nIncrease timeout values" }, { "title": "References", "body": "Original Repository: https://github.com/yingfff123/MUKI\nFingerprint Databases: See references/finger.json, active_finger.json\nExtraction Rules: See references/Rules.yml" }, { "title": "License", "body": "MIT License - See original repository for details." } ], "body": "MUKI Asset Fingerprinting Tool\n\nMUKI is an active asset fingerprinting tool built for red team operations. It enables security researchers to rapidly pinpoint vulnerable systems from chaotic C-class segments and massive asset lists.\n\nPrerequisites\nLinux amd64 system\nNetwork access to target systems\nExplicit written authorization for all target systems\nQuick Start\n# Scan single URL\nmuki -u https://target.com\n\n# Scan multiple URLs from file\nmuki -l targets.txt\n\n# Scan with proxy\nmuki -u https://target.com -p socks5://127.0.0.1:1080\n\n# Disable specific modules\nmuki -u https://target.com -A -N # No active, no directory scan\n\nCommand Options\n-h, --help Show help\n-u, --url string Single URL to scan\n-l, --list string File containing URLs (one per line)\n-o, --output string Output file path\n-p, --proxy string Proxy server (http:// or socks5://)\n-t, --thread int Number of threads (default: 20, max: 100)\n-A, --no-active Disable active fingerprint scanning\n-N, --no-dir Disable directory scanning \n-x, --no-passive Disable passive fingerprint scanning\n\nCore Modules\n1. Active Fingerprinting (-A to disable)\n\nSends protocol-specific probes to identify services with high confidence.\n\n300+ active fingerprint rules\nCovers SSH, RDP, web servers, databases\nProtocol-specific probes\n2. Passive Fingerprinting (-x to disable)\n\nAnalyzes response artifacts without additional traffic.\n\n30,000+ precision fingerprints\nHTTP headers analysis\nTLS JA3 signatures\nHTML/CMS patterns\nWAF detection\n3. Sensitive Path Detection (-N to disable)\n\nChecks for high-risk paths using curated dictionaries.\n\nAdmin interfaces (/admin, /manage)\nConfig files (.env, config.php)\nVersion control (/.git, /.svn)\nVulnerability endpoints (Actuator, ThinkPHP routes)\nBackup files (.sql, .tar.gz)\n4. Sensitive Information Extraction\n\nAutomatically extracts high-risk information from responses.\n\nCategories:\n\nCredentials: Passwords, API keys, JDBC strings\nPersonal Data: Phone numbers, emails, ID cards\nFinancial: Bank cards\nSystem Info: Internal IPs, versions\nVulnerability Indicators: ID parameters, redirect URLs\nOutput Formats\nJSON Output\n{\n \"target\": \"https://example.com\",\n \"fingerprints\": [\n {\n \"service\": \"Apache\",\n \"version\": \"2.4.41\",\n \"confidence\": \"high\"\n }\n ],\n \"sensitive_paths\": [\n {\n \"path\": \"/admin\",\n \"status\": 200,\n \"risk\": \"high\"\n }\n ],\n \"sensitive_data\": [\n {\n \"type\": \"email\",\n \"value\": \"admin@example.com\",\n \"source\": \"response body\"\n }\n ]\n}\n\nExcel Output\n\nStructured .xlsx report with multiple sheets:\n\nAsset inventory\nService fingerprints\nSensitive paths\nExtracted data\nWorkflow\nStandard Reconnaissance\n# 1. Prepare target list\ncat > targets.txt << 'EOF'\nhttps://target1.com\nhttps://target2.com\n192.168.1.0/24\nEOF\n\n# 2. Run full scan\nmuki -l targets.txt -o results.json\n\n# 3. Review results\ncat results.json | jq '.fingerprints[]'\n\n# 4. Generate Excel report\nmuki -l targets.txt -o report.xlsx\n\nStealth Scan (with proxy)\n# Use Tor proxy for anonymity\nmuki -u https://target.com -p socks5://127.0.0.1:9050\n\n# Or use HTTP proxy\nmuki -u https://target.com -p http://127.0.0.1:8080\n\nTargeted Scan\n# Fast scan - only passive fingerprinting\nmuki -u https://target.com -A -N\n\n# Deep scan - all modules\nmuki -u https://target.com -t 50\n\nFingerprint Databases\nfinger.json (30,000+ fingerprints)\n\nPassive fingerprint database covering:\n\nWeb frameworks (React, Vue, Django, Spring)\nMiddleware (Apache, Nginx, IIS, Tomcat)\nCMS (WordPress, Drupal, Joomla)\nWAFs (Cloudflare, ModSecurity, AWS WAF)\nAPIs (GraphQL, REST, SOAP)\nKnown vulnerabilities (CVE signatures)\nactive_finger.json (300+ rules)\n\nActive probing rules for:\n\nWeb servers\nDatabases (MySQL, PostgreSQL, MongoDB)\nRemote access (SSH, RDP, Telnet)\nServices (Redis, Elasticsearch, Docker)\nRules.yml\n\nSensitive information extraction rules organized by groups:\n\n疑似漏洞: ID parameters (SQLi indicators)\n指纹信息: URL redirects, sensitive paths\n敏感信息: Passwords, accounts, JDBC strings\n基础信息: Emails, ID cards, phones, bank cards\nBest Practices\n1. Authorization\nAlways obtain written authorization before scanning\nDefine scope clearly (IPs, domains, time windows)\nRespect rate limits and business hours\n2. Stealth\nUse proxies for external targets\nAdjust thread count to avoid detection\nConsider using -A -N for passive-only recon\n3. Data Handling\nStore results securely\nEncrypt sensitive findings\nLimit access to authorized personnel only\nDelete data after engagement ends\n4. False Positive Reduction\nCross-reference findings with manual verification\nUse multiple detection methods\nCheck context of extracted sensitive data\nLegal and Ethical Considerations\n\nWARNING: This tool is for authorized security testing only.\n\nUnauthorized scanning may violate laws (CFAA, Computer Misuse Act, etc.)\nOnly use on systems you own or have explicit permission to test\nExtracting sensitive data without authorization is illegal\nReport findings responsibly through proper channels\nIntegration\nWith Other Tools\n# Chain with nuclei for vulnerability scanning\ncat muki_output.txt | nuclei -t cves/\n\n# Import to Burp Suite\ncat results.json | jq -r '.sensitive_paths[].path' > burp_scope.txt\n\n# Feed to SQLMap for SQL injection testing\ncat results.json | jq -r '.vulnerable_params[]' | sqlmap -m -\n\nTroubleshooting\nHigh Memory Usage\nReduce thread count: -t 10\nScan in smaller batches\nDisable passive fingerprinting: -x\nFalse Positives\nVerify findings manually\nCheck rule specificity in Rules.yml\nAdjust confidence thresholds\nConnection Issues\nCheck proxy configuration\nVerify network connectivity\nIncrease timeout values\nReferences\nOriginal Repository: https://github.com/yingfff123/MUKI\nFingerprint Databases: See references/finger.json, active_finger.json\nExtraction Rules: See references/Rules.yml\nLicense\n\nMIT License - See original repository for details." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/Admin4Giter/muki-fingerprint", "publisherUrl": "https://clawhub.ai/Admin4Giter/muki-fingerprint", "owner": "Admin4Giter", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/muki-fingerprint", "downloadUrl": "https://openagent3.xyz/downloads/muki-fingerprint", "agentUrl": "https://openagent3.xyz/skills/muki-fingerprint/agent", "manifestUrl": "https://openagent3.xyz/skills/muki-fingerprint/agent.json", "briefUrl": "https://openagent3.xyz/skills/muki-fingerprint/agent.md" } }