Fingerprintx is an advanced utility similar to httpx, but with enhanced capabilities for fingerprinting a wide range of services such as RDP, SSH, MySQL, PostgreSQL, Kafka, and more. It works seamlessly with tools like naabu to identify and fingerprint services on open ports, making it particularly useful for network engineers and security professionals.
This guide provides an in-depth overview of Fingerprintx, its features, installation, usage, and more.
Key Features of Fingerprintx
-
Fast and Accurate Service Fingerprinting: Quickly identify exposed services on both TCP and UDP ports.
-
Application Layer Service Discovery: Fingerprint and identify services at the application layer.
-
Integration-Friendly: Plays nicely with other command-line tools like naabu.
-
Metadata Collection: Automatically gathers detailed metadata from identified services.
-
Protocol Versatility: Supports a wide variety of protocols, including HTTP, SSH, RDP, MySQL, and more.
Supported Protocols
Fingerprintx can fingerprint services across multiple protocols and transport layers. Here's a quick look at supported protocols:
TCP Services
-
HTTP, HTTPS, FTP, SSH, Redis, Kafka, MySQL, MSSQL, PostgreSQL, RDP, IMAP, Telnet, and more.
UDP Services
-
DNS, SNMP, OpenVPN, DHCP, IPSEC, NTP, and others.
The tool also supports secure versions of protocols, such as SMTPS, POP3S, and LDAPS.
Installation
Fingerprintx is simple to install and supports multiple installation methods:
1. Install from GitHub
To install the latest version using go:
github.com/praetorian-inc/fingerprintx/cmd/fingerprintx@latest
2. Build from Source
Requires Go version > 1.18:
git clone git@github.com:praetorian-inc/fingerprintx.git
cd fingerprintx
go build ./cmd/fingerprintx
./fingerprintx -h
3. Run with Docker
Fingerprintx can also be run in a Docker container:
git clone git@github.com:praetorian-inc/fingerprintx.git
cd fingerprintx
docker build -t fingerprintx .
docker run --rm fingerprintx -h
Usage
Fingerprintx’s usage is straightforward, and services can be inspected individually or in bulk.
General Syntax
fingerprintx [flags]
Common Flags
-
-t, --targets: Specify target(s) in HOST:PORT or IP:PORT format.
-
-l, --list: Provide an input file with a list of targets.
-
-o, --output: Specify the output file for results.
-
--json: Output the results in JSON format.
-
--csv: Output the results in CSV format.
-
-f, --fast: Use fast mode (only fingerprints default services on ports).
-
-U, --udp: Enable UDP plugins.
-
-v, --verbose: Enable verbose mode.
-
-w, --timeout: Set timeout in milliseconds (default: 500ms).
Run fingerprintx -h to view all available options.
Examples
1. Fingerprint a Single Target
fingerprintx -t 127.0.0.1:8000
# Output: http://127.0.0.1:8000
2. Fingerprint with Detailed Metadata
fingerprintx -t 127.0.0.1:8000 --json
# Detailed output in JSON format:
{"ip":"127.0.0.1","port":8000,"service":"http","metadata":{"responseHeaders":{...}}}
3. Fingerprint Multiple Targets from a File
fingerprintx -l input.txt
# Example output:
http://praetorian.com:80
telnet://telehack.com:23
4. Integration with naabu
You can use Fingerprintx in combination with naabu to fingerprint open ports:
naabu 127.0.0.1 -silent 2>/dev/null | fingerprintx
# Output:
http://127.0.0.1:8000
ftp://127.0.0.1:21
5. JSON Output from a List of Targets
cat input.txt | fingerprintx --json
# Output:
{"host":"example.com","ip":"93.184.216.34","port":80,"service":"http","metadata":{...}}
Why Use Fingerprintx?
1. Efficiency in Fingerprinting
Unlike traditional tools such as nmap, Fingerprintx prioritizes likely protocols for each port:
-
Example: Port 80 assumes HTTP; port 443 assumes HTTPS.
2. JSON Output
Fingerprintx supports structured JSON output for seamless integration with automation scripts and pipelines.
3. Comparison with zgrab2
While tools like zgrab2 require protocol specification ahead of time, Fingerprintx determines the protocol dynamically, making it more versatile.
Notes and Caveats
-
No Open Port Scanning: Fingerprintx assumes the input ports are open. Combine it with a port scanner like naabu for a full workflow.
-
Cryptography Libraries: Certain fingerprinting modules rely on unexported functions from the Go cryptography libraries to analyze cryptographic options during handshakes.
Acknowledgements
Fingerprintx was developed by the talented team at Praetorian, including valuable contributions from:
-
praetorian-sohamroy
-
jue-huang
-
henryjung64
-
qwetboy10
-
jwhenry28
-
noahtutt
Fingerprintx provides a fast and effective way to fingerprint services across networks. Whether you're a security engineer or a network administrator, this tool can be a powerful addition. You can learn more and Download Fingerprintx in GitHub.
Upgrade Your Cybersecurity Skills EHA: Learn 150+ Practical Cyber Security Courses Online With Life Time Access - Enroll Here