muki-fingerprint

# MUKI Asset Fingerprinting Tool

MUKI is an active asset fingerprinting tool built for red team operations. It enables security researchers to rapidly pinpoint vulnerable systems from chaotic C-class segments and massive asset lists.

## Prerequisites

- Linux amd64 system
- Network access to target systems
- **Explicit written authorization** for all target systems

## Quick Start

```bash
# Scan single URL
muki -u https://target.com

# Scan multiple URLs from file
muki -l targets.txt

# Scan with proxy
muki -u https://target.com -p socks5://127.0.0.1:1080

# Disable specific modules
muki -u https://target.com -A -N  # No active, no directory scan
```

## Command Options

```
-h, --help            Show help
-u, --url string      Single URL to scan
-l, --list string     File containing URLs (one per line)
-o, --output string   Output file path
-p, --proxy string    Proxy server (http:// or socks5://)
-t, --thread int      Number of threads (default: 20, max: 100)
-A, --no-active       Disable active fingerprint scanning
-N, --no-dir          Disable directory scanning  
-x, --no-passive      Disable passive fingerprint scanning
```

## Core Modules

### 1. Active Fingerprinting (-A to disable)
Sends protocol-specific probes to identify services with high confidence.
- 300+ active fingerprint rules
- Covers SSH, RDP, web servers, databases
- Protocol-specific probes

### 2. Passive Fingerprinting (-x to disable)
Analyzes response artifacts without additional traffic.
- 30,000+ precision fingerprints
- HTTP headers analysis
- TLS JA3 signatures
- HTML/CMS patterns
- WAF detection

### 3. Sensitive Path Detection (-N to disable)
Checks for high-risk paths using curated dictionaries.
- Admin interfaces (/admin, /manage)
- Config files (.env, config.php)
- Version control (/.git, /.svn)
- Vulnerability endpoints (Actuator, ThinkPHP routes)
- Backup files (.sql, .tar.gz)

### 4. Sensitive Information Extraction
Automatically extracts high-risk information from responses....