Fingerprintx - Service Fingerprinting for RDP, SSH, MySQL, PostgreSQL, Kafka & More

Fingerprintx is an advanced utility similar to httpx, but with enhanced capabilities for fingerprinting a wide range of services such as RDP, SSH, MySQL, PostgreSQL, Kafka, and more. It works seamlessly with tools like naabu to identify and fingerprint services on open ports, making it particularly useful for network engineers and security professionals.

This guide provides an in-depth overview of Fingerprintx, its features, installation, usage, and more.

Key Features of Fingerprintx

  • Fast and Accurate Service Fingerprinting: Quickly identify exposed services on both TCP and UDP ports.

  • Application Layer Service Discovery: Fingerprint and identify services at the application layer.

  • Integration-Friendly: Plays nicely with other command-line tools like naabu.

  • Metadata Collection: Automatically gathers detailed metadata from identified services.

  • Protocol Versatility: Supports a wide variety of protocols, including HTTP, SSH, RDP, MySQL, and more.

Supported Protocols

Fingerprintx can fingerprint services across multiple protocols and transport layers. Here's a quick look at supported protocols:

TCP Services

  • HTTP, HTTPS, FTP, SSH, Redis, Kafka, MySQL, MSSQL, PostgreSQL, RDP, IMAP, Telnet, and more.

UDP Services

  • DNS, SNMP, OpenVPN, DHCP, IPSEC, NTP, and others.

The tool also supports secure versions of protocols, such as SMTPS, POP3S, and LDAPS.

Installation

Fingerprintx is simple to install and supports multiple installation methods:

1. Install from GitHub

To install the latest version using go:

github.com/praetorian-inc/fingerprintx/cmd/fingerprintx@latest

2. Build from Source

Requires Go version > 1.18:

git clone git@github.com:praetorian-inc/fingerprintx.git
cd fingerprintx
go build ./cmd/fingerprintx
./fingerprintx -h

3. Run with Docker

Fingerprintx can also be run in a Docker container:

git clone git@github.com:praetorian-inc/fingerprintx.git
cd fingerprintx
docker build -t fingerprintx .
docker run --rm fingerprintx -h

Usage

Fingerprintx’s usage is straightforward, and services can be inspected individually or in bulk.

General Syntax

fingerprintx [flags]

Common Flags

  • -t, --targets: Specify target(s) in HOST:PORT or IP:PORT format.

  • -l, --list: Provide an input file with a list of targets.

  • -o, --output: Specify the output file for results.

  • --json: Output the results in JSON format.

  • --csv: Output the results in CSV format.

  • -f, --fast: Use fast mode (only fingerprints default services on ports).

  • -U, --udp: Enable UDP plugins.

  • -v, --verbose: Enable verbose mode.

  • -w, --timeout: Set timeout in milliseconds (default: 500ms).

Run fingerprintx -h to view all available options.

Examples

1. Fingerprint a Single Target

fingerprintx -t 127.0.0.1:8000
# Output: http://127.0.0.1:8000

2. Fingerprint with Detailed Metadata

fingerprintx -t 127.0.0.1:8000 --json
# Detailed output in JSON format:
{"ip":"127.0.0.1","port":8000,"service":"http","metadata":{"responseHeaders":{...}}}

3. Fingerprint Multiple Targets from a File

fingerprintx -l input.txt
# Example output:
http://praetorian.com:80
telnet://telehack.com:23

4. Integration with naabu

You can use Fingerprintx in combination with naabu to fingerprint open ports:

naabu 127.0.0.1 -silent 2>/dev/null | fingerprintx
# Output:
http://127.0.0.1:8000
ftp://127.0.0.1:21

5. JSON Output from a List of Targets

cat input.txt | fingerprintx --json
# Output:
{"host":"example.com","ip":"93.184.216.34","port":80,"service":"http","metadata":{...}}

Why Use Fingerprintx?

1. Efficiency in Fingerprinting

Unlike traditional tools such as nmap, Fingerprintx prioritizes likely protocols for each port:

  • Example: Port 80 assumes HTTP; port 443 assumes HTTPS.

2. JSON Output

Fingerprintx supports structured JSON output for seamless integration with automation scripts and pipelines.

3. Comparison with zgrab2

While tools like zgrab2 require protocol specification ahead of time, Fingerprintx determines the protocol dynamically, making it more versatile.

Notes and Caveats

  • No Open Port Scanning: Fingerprintx assumes the input ports are open. Combine it with a port scanner like naabu for a full workflow.

  • Cryptography Libraries: Certain fingerprinting modules rely on unexported functions from the Go cryptography libraries to analyze cryptographic options during handshakes.

Acknowledgements

Fingerprintx was developed by the talented team at Praetorian, including valuable contributions from:

  • praetorian-sohamroy

  • jue-huang

  • henryjung64

  • qwetboy10

  • jwhenry28

  • noahtutt

Fingerprintx provides a fast and effective way to fingerprint services across networks. Whether you're a security engineer or a network administrator, this tool can be a powerful addition. You can learn more and Download Fingerprintx in GitHub.

Upgrade Your Cybersecurity Skills EHA: Learn 150+ Practical Cyber Security Courses Online With Life Time Access - Enroll Here


Cyber securityNetworksecurity