ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MUKI Asset Fingerprinting

v1.0.0

MUKI asset fingerprinting tool for red team reconnaissance. Use when performing authorized penetration testing, asset discovery, service fingerprinting, vuln...

0· 636·1 current·1 all-time
by@admin4giter
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md describes a runnable command-line scanner (muki) and ships large fingerprint and rules databases, which aligns with an asset-fingerprinting purpose. However, the skill provides no binary, install spec, or download URL for the referenced 'muki' executable and the source/homepage are unknown. That mismatch (claiming a runnable tool but supplying only docs/data) is unexpected and reduces coherence.
Instruction Scope
The instructions focus on scanning targets, using proxies, thread control, and handling output. They explicitly require written authorization and do not instruct the agent to read unrelated local files, exfiltrate data to external endpoints, or access secrets. Use of Tor/proxies is suggested for anonymity (expected for red-team workflows) but could be abused if used without authorization.
Install Mechanism
There is no install specification (instruction-only), which is low-risk from an install/execution vector standpoint. The skill includes large fingerprint and rules files embedded as references (JSON/YML) but does not download or execute external code. The main risk is the missing distribution/install step for the actual scanner binary.
Credentials
The skill requests no environment variables, credentials, or config paths. The included Rules.yml marks some regexes as 'sensitive' (identifiers, phone numbers, bank cards), which is appropriate for a data-extraction tool, but no secrets are requested by the skill itself.
Persistence & Privilege
Default privileges are preserved (always:false; user-invocable; model-invocation allowed). The skill does not request permanent presence or attempt to modify other skills or system-wide settings. Autonomous invocation is allowed by default on the platform, but this skill alone does not escalate privileges.
What to consider before installing
This package looks like documentation plus fingerprint/signature databases for a red-team scanner but does not include the 'muki' binary or an install method and its source/homepage are unknown. Before installing or using it: (1) do not run scans against systems without explicit written authorization, (2) obtain the actual binary from a trusted, verifiable source (or request an install spec), (3) inspect any binary you download (checksum/signature, run in an isolated VM or sandbox), (4) review the included fingerprint/rule files if you are concerned about overly broad or privacy-invasive patterns, and (5) if you let an agent invoke this skill autonomously, restrict targets and monitor network activity to avoid accidental unauthorized scanning.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

fingerprint Clawdis
latestvk977dhjpmfhtxqeg5m8j3ztats81gg89
636downloads
0stars
1versions
Updated 5h ago
v1.0.0
MIT-0
@admin4giter
latest
Download

MUKI Asset Fingerprinting Tool

MUKI is an active asset fingerprinting tool built for red team operations. It enables security researchers to rapidly pinpoint vulnerable systems from chaotic C-class segments and massive asset lists.

Prerequisites

  • Linux amd64 system
  • Network access to target systems
  • Explicit written authorization for all target systems

Quick Start

# Scan single URL
muki -u https://target.com

# Scan multiple URLs from file
muki -l targets.txt

# Scan with proxy
muki -u https://target.com -p socks5://127.0.0.1:1080

# Disable specific modules
muki -u https://target.com -A -N  # No active, no directory scan

Command Options

-h, --help            Show help
-u, --url string      Single URL to scan
-l, --list string     File containing URLs (one per line)
-o, --output string   Output file path
-p, --proxy string    Proxy server (http:// or socks5://)
-t, --thread int      Number of threads (default: 20, max: 100)
-A, --no-active       Disable active fingerprint scanning
-N, --no-dir          Disable directory scanning  
-x, --no-passive      Disable passive fingerprint scanning

Core Modules

1. Active Fingerprinting (-A to disable)

Sends protocol-specific probes to identify services with high confidence.

  • 300+ active fingerprint rules
  • Covers SSH, RDP, web servers, databases
  • Protocol-specific probes

2. Passive Fingerprinting (-x to disable)

Analyzes response artifacts without additional traffic.

  • 30,000+ precision fingerprints
  • HTTP headers analysis
  • TLS JA3 signatures
  • HTML/CMS patterns
  • WAF detection

3. Sensitive Path Detection (-N to disable)

Checks for high-risk paths using curated dictionaries.

  • Admin interfaces (/admin, /manage)
  • Config files (.env, config.php)
  • Version control (/.git, /.svn)
  • Vulnerability endpoints (Actuator, ThinkPHP routes)
  • Backup files (.sql, .tar.gz)

4. Sensitive Information Extraction

Automatically extracts high-risk information from responses.

Categories:

  • Credentials: Passwords, API keys, JDBC strings
  • Personal Data: Phone numbers, emails, ID cards
  • Financial: Bank cards
  • System Info: Internal IPs, versions
  • Vulnerability Indicators: ID parameters, redirect URLs

Output Formats

JSON Output

{
  "target": "https://example.com",
  "fingerprints": [
    {
      "service": "Apache",
      "version": "2.4.41",
      "confidence": "high"
    }
  ],
  "sensitive_paths": [
    {
      "path": "/admin",
      "status": 200,
      "risk": "high"
    }
  ],
  "sensitive_data": [
    {
      "type": "email",
      "value": "admin@example.com",
      "source": "response body"
    }
  ]
}

Excel Output

Structured .xlsx report with multiple sheets:

  • Asset inventory
  • Service fingerprints
  • Sensitive paths
  • Extracted data

Workflow

Standard Reconnaissance

# 1. Prepare target list
cat > targets.txt << 'EOF'
https://target1.com
https://target2.com
192.168.1.0/24
EOF

# 2. Run full scan
muki -l targets.txt -o results.json

# 3. Review results
cat results.json | jq '.fingerprints[]'

# 4. Generate Excel report
muki -l targets.txt -o report.xlsx

Stealth Scan (with proxy)

# Use Tor proxy for anonymity
muki -u https://target.com -p socks5://127.0.0.1:9050

# Or use HTTP proxy
muki -u https://target.com -p http://127.0.0.1:8080

Targeted Scan

# Fast scan - only passive fingerprinting
muki -u https://target.com -A -N

# Deep scan - all modules
muki -u https://target.com -t 50

Fingerprint Databases

finger.json (30,000+ fingerprints)

Passive fingerprint database covering:

  • Web frameworks (React, Vue, Django, Spring)
  • Middleware (Apache, Nginx, IIS, Tomcat)
  • CMS (WordPress, Drupal, Joomla)
  • WAFs (Cloudflare, ModSecurity, AWS WAF)
  • APIs (GraphQL, REST, SOAP)
  • Known vulnerabilities (CVE signatures)

active_finger.json (300+ rules)

Active probing rules for:

  • Web servers
  • Databases (MySQL, PostgreSQL, MongoDB)
  • Remote access (SSH, RDP, Telnet)
  • Services (Redis, Elasticsearch, Docker)

Rules.yml

Sensitive information extraction rules organized by groups:

  • 疑似漏洞: ID parameters (SQLi indicators)
  • 指纹信息: URL redirects, sensitive paths
  • 敏感信息: Passwords, accounts, JDBC strings
  • 基础信息: Emails, ID cards, phones, bank cards

Best Practices

1. Authorization

  • Always obtain written authorization before scanning
  • Define scope clearly (IPs, domains, time windows)
  • Respect rate limits and business hours

2. Stealth

  • Use proxies for external targets
  • Adjust thread count to avoid detection
  • Consider using -A -N for passive-only recon

3. Data Handling

  • Store results securely
  • Encrypt sensitive findings
  • Limit access to authorized personnel only
  • Delete data after engagement ends

4. False Positive Reduction

  • Cross-reference findings with manual verification
  • Use multiple detection methods
  • Check context of extracted sensitive data

Legal and Ethical Considerations

WARNING: This tool is for authorized security testing only.

  • Unauthorized scanning may violate laws (CFAA, Computer Misuse Act, etc.)
  • Only use on systems you own or have explicit permission to test
  • Extracting sensitive data without authorization is illegal
  • Report findings responsibly through proper channels

Integration

With Other Tools

# Chain with nuclei for vulnerability scanning
cat muki_output.txt | nuclei -t cves/

# Import to Burp Suite
cat results.json | jq -r '.sensitive_paths[].path' > burp_scope.txt

# Feed to SQLMap for SQL injection testing
cat results.json | jq -r '.vulnerable_params[]' | sqlmap -m -

Troubleshooting

High Memory Usage

  • Reduce thread count: -t 10
  • Scan in smaller batches
  • Disable passive fingerprinting: -x

False Positives

  • Verify findings manually
  • Check rule specificity in Rules.yml
  • Adjust confidence thresholds

Connection Issues

  • Check proxy configuration
  • Verify network connectivity
  • Increase timeout values

References

  • Original Repository: https://github.com/yingfff123/MUKI
  • Fingerprint Databases: See references/finger.json, active_finger.json
  • Extraction Rules: See references/Rules.yml

License

MIT License - See original repository for details.

Comments

Loading comments...