fingerprint-mcp 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (269) hide show
  1. package/LICENSE +663 -0
  2. package/README.ar.md +767 -0
  3. package/README.bn.md +767 -0
  4. package/README.bs.md +767 -0
  5. package/README.da.md +767 -0
  6. package/README.de.md +770 -0
  7. package/README.el.md +767 -0
  8. package/README.es.md +769 -0
  9. package/README.fr.md +769 -0
  10. package/README.hi.md +767 -0
  11. package/README.it.md +767 -0
  12. package/README.ja.md +767 -0
  13. package/README.ko.md +772 -0
  14. package/README.md +767 -0
  15. package/README.no.md +767 -0
  16. package/README.pl.md +767 -0
  17. package/README.pt-BR.md +767 -0
  18. package/README.ru.md +767 -0
  19. package/README.th.md +767 -0
  20. package/README.tr.md +767 -0
  21. package/README.uk.md +767 -0
  22. package/README.vi.md +767 -0
  23. package/README.zh-TW.md +768 -0
  24. package/README.zh.md +768 -0
  25. package/dist/app/index.d.ts +3 -0
  26. package/dist/app/index.d.ts.map +1 -0
  27. package/dist/app/index.js +614 -0
  28. package/dist/app/index.js.map +1 -0
  29. package/dist/composite/analyze.d.ts +3 -0
  30. package/dist/composite/analyze.d.ts.map +1 -0
  31. package/dist/composite/analyze.js +59 -0
  32. package/dist/composite/analyze.js.map +1 -0
  33. package/dist/composite/correlate.d.ts +3 -0
  34. package/dist/composite/correlate.d.ts.map +1 -0
  35. package/dist/composite/correlate.js +184 -0
  36. package/dist/composite/correlate.js.map +1 -0
  37. package/dist/composite/enumerate.d.ts +3 -0
  38. package/dist/composite/enumerate.d.ts.map +1 -0
  39. package/dist/composite/enumerate.js +94 -0
  40. package/dist/composite/enumerate.js.map +1 -0
  41. package/dist/composite/helpers.d.ts +22 -0
  42. package/dist/composite/helpers.d.ts.map +1 -0
  43. package/dist/composite/helpers.js +111 -0
  44. package/dist/composite/helpers.js.map +1 -0
  45. package/dist/composite/index.d.ts +3 -0
  46. package/dist/composite/index.d.ts.map +1 -0
  47. package/dist/composite/index.js +29 -0
  48. package/dist/composite/index.js.map +1 -0
  49. package/dist/composite/meta.d.ts +3 -0
  50. package/dist/composite/meta.d.ts.map +1 -0
  51. package/dist/composite/meta.js +23 -0
  52. package/dist/composite/meta.js.map +1 -0
  53. package/dist/composite/osint.d.ts +3 -0
  54. package/dist/composite/osint.d.ts.map +1 -0
  55. package/dist/composite/osint.js +40 -0
  56. package/dist/composite/osint.js.map +1 -0
  57. package/dist/composite/recon.d.ts +3 -0
  58. package/dist/composite/recon.d.ts.map +1 -0
  59. package/dist/composite/recon.js +131 -0
  60. package/dist/composite/recon.js.map +1 -0
  61. package/dist/composite/scan-dns.d.ts +3 -0
  62. package/dist/composite/scan-dns.d.ts.map +1 -0
  63. package/dist/composite/scan-dns.js +44 -0
  64. package/dist/composite/scan-dns.js.map +1 -0
  65. package/dist/composite/scan-http.d.ts +3 -0
  66. package/dist/composite/scan-http.d.ts.map +1 -0
  67. package/dist/composite/scan-http.js +68 -0
  68. package/dist/composite/scan-http.js.map +1 -0
  69. package/dist/composite/scan-paths.d.ts +3 -0
  70. package/dist/composite/scan-paths.d.ts.map +1 -0
  71. package/dist/composite/scan-paths.js +32 -0
  72. package/dist/composite/scan-paths.js.map +1 -0
  73. package/dist/composite/scan-ports.d.ts +3 -0
  74. package/dist/composite/scan-ports.d.ts.map +1 -0
  75. package/dist/composite/scan-ports.js +79 -0
  76. package/dist/composite/scan-ports.js.map +1 -0
  77. package/dist/composite/scan-services.d.ts +3 -0
  78. package/dist/composite/scan-services.d.ts.map +1 -0
  79. package/dist/composite/scan-services.js +111 -0
  80. package/dist/composite/scan-services.js.map +1 -0
  81. package/dist/composite/scan-tls.d.ts +3 -0
  82. package/dist/composite/scan-tls.d.ts.map +1 -0
  83. package/dist/composite/scan-tls.js +32 -0
  84. package/dist/composite/scan-tls.js.map +1 -0
  85. package/dist/composite/scan-waf.d.ts +3 -0
  86. package/dist/composite/scan-waf.d.ts.map +1 -0
  87. package/dist/composite/scan-waf.js +35 -0
  88. package/dist/composite/scan-waf.js.map +1 -0
  89. package/dist/correlation/index.d.ts +3 -0
  90. package/dist/correlation/index.d.ts.map +1 -0
  91. package/dist/correlation/index.js +1044 -0
  92. package/dist/correlation/index.js.map +1 -0
  93. package/dist/data/analytics-patterns.d.ts +21 -0
  94. package/dist/data/analytics-patterns.d.ts.map +1 -0
  95. package/dist/data/analytics-patterns.js +449 -0
  96. package/dist/data/analytics-patterns.js.map +1 -0
  97. package/dist/data/app-signatures.d.ts +52 -0
  98. package/dist/data/app-signatures.d.ts.map +1 -0
  99. package/dist/data/app-signatures.js +1143 -0
  100. package/dist/data/app-signatures.js.map +1 -0
  101. package/dist/data/c2-signatures.d.ts +54 -0
  102. package/dist/data/c2-signatures.d.ts.map +1 -0
  103. package/dist/data/c2-signatures.js +256 -0
  104. package/dist/data/c2-signatures.js.map +1 -0
  105. package/dist/data/cloud-ranges.d.ts +34 -0
  106. package/dist/data/cloud-ranges.d.ts.map +1 -0
  107. package/dist/data/cloud-ranges.js +628 -0
  108. package/dist/data/cloud-ranges.js.map +1 -0
  109. package/dist/data/cookie-patterns.d.ts +28 -0
  110. package/dist/data/cookie-patterns.d.ts.map +1 -0
  111. package/dist/data/cookie-patterns.js +225 -0
  112. package/dist/data/cookie-patterns.js.map +1 -0
  113. package/dist/data/error-signatures.d.ts +19 -0
  114. package/dist/data/error-signatures.d.ts.map +1 -0
  115. package/dist/data/error-signatures.js +321 -0
  116. package/dist/data/error-signatures.js.map +1 -0
  117. package/dist/data/favicon-hashes.d.ts +25 -0
  118. package/dist/data/favicon-hashes.d.ts.map +1 -0
  119. package/dist/data/favicon-hashes.js +249 -0
  120. package/dist/data/favicon-hashes.js.map +1 -0
  121. package/dist/data/h2-signatures.d.ts +50 -0
  122. package/dist/data/h2-signatures.d.ts.map +1 -0
  123. package/dist/data/h2-signatures.js +211 -0
  124. package/dist/data/h2-signatures.js.map +1 -0
  125. package/dist/data/header-order.d.ts +38 -0
  126. package/dist/data/header-order.d.ts.map +1 -0
  127. package/dist/data/header-order.js +185 -0
  128. package/dist/data/header-order.js.map +1 -0
  129. package/dist/data/jarm-signatures.d.ts +25 -0
  130. package/dist/data/jarm-signatures.d.ts.map +1 -0
  131. package/dist/data/jarm-signatures.js +213 -0
  132. package/dist/data/jarm-signatures.js.map +1 -0
  133. package/dist/data/saas-patterns.d.ts +23 -0
  134. package/dist/data/saas-patterns.d.ts.map +1 -0
  135. package/dist/data/saas-patterns.js +139 -0
  136. package/dist/data/saas-patterns.js.map +1 -0
  137. package/dist/data/sensitive-paths.d.ts +12 -0
  138. package/dist/data/sensitive-paths.d.ts.map +1 -0
  139. package/dist/data/sensitive-paths.js +1539 -0
  140. package/dist/data/sensitive-paths.js.map +1 -0
  141. package/dist/data/service-banners.d.ts +59 -0
  142. package/dist/data/service-banners.d.ts.map +1 -0
  143. package/dist/data/service-banners.js +323 -0
  144. package/dist/data/service-banners.js.map +1 -0
  145. package/dist/data/smtp-signatures.d.ts +12 -0
  146. package/dist/data/smtp-signatures.d.ts.map +1 -0
  147. package/dist/data/smtp-signatures.js +350 -0
  148. package/dist/data/smtp-signatures.js.map +1 -0
  149. package/dist/data/takeover-patterns.d.ts +37 -0
  150. package/dist/data/takeover-patterns.d.ts.map +1 -0
  151. package/dist/data/takeover-patterns.js +249 -0
  152. package/dist/data/takeover-patterns.js.map +1 -0
  153. package/dist/data/tech-patterns.d.ts +44 -0
  154. package/dist/data/tech-patterns.d.ts.map +1 -0
  155. package/dist/data/tech-patterns.js +690 -0
  156. package/dist/data/tech-patterns.js.map +1 -0
  157. package/dist/data/waf-signatures.d.ts +21 -0
  158. package/dist/data/waf-signatures.d.ts.map +1 -0
  159. package/dist/data/waf-signatures.js +318 -0
  160. package/dist/data/waf-signatures.js.map +1 -0
  161. package/dist/dns/index.d.ts +3 -0
  162. package/dist/dns/index.d.ts.map +1 -0
  163. package/dist/dns/index.js +1067 -0
  164. package/dist/dns/index.js.map +1 -0
  165. package/dist/enum/index.d.ts +3 -0
  166. package/dist/enum/index.d.ts.map +1 -0
  167. package/dist/enum/index.js +818 -0
  168. package/dist/enum/index.js.map +1 -0
  169. package/dist/h2/index.d.ts +3 -0
  170. package/dist/h2/index.d.ts.map +1 -0
  171. package/dist/h2/index.js +414 -0
  172. package/dist/h2/index.js.map +1 -0
  173. package/dist/http/index.d.ts +3 -0
  174. package/dist/http/index.d.ts.map +1 -0
  175. package/dist/http/index.js +2444 -0
  176. package/dist/http/index.js.map +1 -0
  177. package/dist/identify/index.d.ts +3 -0
  178. package/dist/identify/index.d.ts.map +1 -0
  179. package/dist/identify/index.js +447 -0
  180. package/dist/identify/index.js.map +1 -0
  181. package/dist/index.d.ts +3 -0
  182. package/dist/index.d.ts.map +1 -0
  183. package/dist/index.js +165 -0
  184. package/dist/index.js.map +1 -0
  185. package/dist/infra/index.d.ts +3 -0
  186. package/dist/infra/index.d.ts.map +1 -0
  187. package/dist/infra/index.js +989 -0
  188. package/dist/infra/index.js.map +1 -0
  189. package/dist/iot/index.d.ts +3 -0
  190. package/dist/iot/index.d.ts.map +1 -0
  191. package/dist/iot/index.js +610 -0
  192. package/dist/iot/index.js.map +1 -0
  193. package/dist/meta/index.d.ts +3 -0
  194. package/dist/meta/index.d.ts.map +1 -0
  195. package/dist/meta/index.js +442 -0
  196. package/dist/meta/index.js.map +1 -0
  197. package/dist/osint/index.d.ts +3 -0
  198. package/dist/osint/index.d.ts.map +1 -0
  199. package/dist/osint/index.js +687 -0
  200. package/dist/osint/index.js.map +1 -0
  201. package/dist/passive/index.d.ts +3 -0
  202. package/dist/passive/index.d.ts.map +1 -0
  203. package/dist/passive/index.js +944 -0
  204. package/dist/passive/index.js.map +1 -0
  205. package/dist/path/index.d.ts +3 -0
  206. package/dist/path/index.d.ts.map +1 -0
  207. package/dist/path/index.js +878 -0
  208. package/dist/path/index.js.map +1 -0
  209. package/dist/protocol/mcp-server.d.ts +4 -0
  210. package/dist/protocol/mcp-server.d.ts.map +1 -0
  211. package/dist/protocol/mcp-server.js +32 -0
  212. package/dist/protocol/mcp-server.js.map +1 -0
  213. package/dist/protocol/tools.d.ts +3 -0
  214. package/dist/protocol/tools.d.ts.map +1 -0
  215. package/dist/protocol/tools.js +5 -0
  216. package/dist/protocol/tools.js.map +1 -0
  217. package/dist/service/index.d.ts +3 -0
  218. package/dist/service/index.d.ts.map +1 -0
  219. package/dist/service/index.js +1053 -0
  220. package/dist/service/index.js.map +1 -0
  221. package/dist/smtp/index.d.ts +3 -0
  222. package/dist/smtp/index.d.ts.map +1 -0
  223. package/dist/smtp/index.js +437 -0
  224. package/dist/smtp/index.js.map +1 -0
  225. package/dist/ssh/index.d.ts +3 -0
  226. package/dist/ssh/index.d.ts.map +1 -0
  227. package/dist/ssh/index.js +676 -0
  228. package/dist/ssh/index.js.map +1 -0
  229. package/dist/tcp/index.d.ts +3 -0
  230. package/dist/tcp/index.d.ts.map +1 -0
  231. package/dist/tcp/index.js +369 -0
  232. package/dist/tcp/index.js.map +1 -0
  233. package/dist/timing/index.d.ts +3 -0
  234. package/dist/timing/index.d.ts.map +1 -0
  235. package/dist/timing/index.js +425 -0
  236. package/dist/timing/index.js.map +1 -0
  237. package/dist/tls/index.d.ts +3 -0
  238. package/dist/tls/index.d.ts.map +1 -0
  239. package/dist/tls/index.js +1332 -0
  240. package/dist/tls/index.js.map +1 -0
  241. package/dist/types/index.d.ts +26 -0
  242. package/dist/types/index.d.ts.map +1 -0
  243. package/dist/types/index.js +8 -0
  244. package/dist/types/index.js.map +1 -0
  245. package/dist/utils/cache.d.ts +11 -0
  246. package/dist/utils/cache.d.ts.map +1 -0
  247. package/dist/utils/cache.js +35 -0
  248. package/dist/utils/cache.js.map +1 -0
  249. package/dist/utils/murmurhash3.d.ts +3 -0
  250. package/dist/utils/murmurhash3.d.ts.map +1 -0
  251. package/dist/utils/murmurhash3.js +57 -0
  252. package/dist/utils/murmurhash3.js.map +1 -0
  253. package/dist/utils/rate-limiter.d.ts +10 -0
  254. package/dist/utils/rate-limiter.d.ts.map +1 -0
  255. package/dist/utils/rate-limiter.js +35 -0
  256. package/dist/utils/rate-limiter.js.map +1 -0
  257. package/dist/utils/require-key.d.ts +2 -0
  258. package/dist/utils/require-key.d.ts.map +1 -0
  259. package/dist/utils/require-key.js +8 -0
  260. package/dist/utils/require-key.js.map +1 -0
  261. package/dist/waf/index.d.ts +3 -0
  262. package/dist/waf/index.d.ts.map +1 -0
  263. package/dist/waf/index.js +767 -0
  264. package/dist/waf/index.js.map +1 -0
  265. package/dist/web/index.d.ts +3 -0
  266. package/dist/web/index.d.ts.map +1 -0
  267. package/dist/web/index.js +1366 -0
  268. package/dist/web/index.js.map +1 -0
  269. package/package.json +66 -0
package/README.tr.md ADDED
@@ -0,0 +1,767 @@
1
+ <p align="center">
2
+ <a href="README.md">English</a> |
3
+ <a href="README.zh.md">简体中文</a> |
4
+ <a href="README.zh-TW.md">繁體中文</a> |
5
+ <a href="README.ko.md">한국어</a> |
6
+ <a href="README.de.md">Deutsch</a> |
7
+ <a href="README.es.md">Español</a> |
8
+ <a href="README.fr.md">Français</a> |
9
+ <a href="README.it.md">Italiano</a> |
10
+ <a href="README.da.md">Dansk</a> |
11
+ <a href="README.ja.md">日本語</a> |
12
+ <a href="README.pl.md">Polski</a> |
13
+ <a href="README.ru.md">Русский</a> |
14
+ <a href="README.bs.md">Bosanski</a> |
15
+ <a href="README.ar.md">العربية</a> |
16
+ <a href="README.no.md">Norsk</a> |
17
+ <a href="README.pt-BR.md">Português (Brasil)</a> |
18
+ <a href="README.th.md">ไทย</a> |
19
+ <strong>Türkçe</strong> |
20
+ <a href="README.uk.md">Українська</a> |
21
+ <a href="README.bn.md">বাংলা</a> |
22
+ <a href="README.el.md">Ελληνικά</a> |
23
+ <a href="README.vi.md">Tiếng Việt</a> |
24
+ <a href="README.hi.md">हिन्दी</a>
25
+ </p>
26
+
27
+ <p align="center">
28
+ <br>
29
+ <picture>
30
+ <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/badchars/fingerprint-mcp/main/.github/banner-dark.svg">
31
+ <source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/badchars/fingerprint-mcp/main/.github/banner-light.svg">
32
+ <img alt="fingerprint-mcp" src="https://raw.githubusercontent.com/badchars/fingerprint-mcp/main/.github/banner-dark.svg" width="700">
33
+ </picture>
34
+ </p>
35
+
36
+ <h3 align="center">AI ajanlar icin evrensel dijital parmak izi.</h3>
37
+
38
+ <p align="center">
39
+ TCP, TLS/SSL, SSH, HTTP, DNS, WAF/CDN, IoT, SMTP, servis tarama, JARM, JA4X, favicon hash'leme, altyapi topolojisi, C2 tespiti, OSINT zenginlestirme &mdash; tek bir MCP sunucusunda birlestirildi.<br>
40
+ AI ajaniniz <b>talep uzerine tam spektrumlu parmak izi</b> alir, 11 bagimsiz CLI araci ve manuel korelasyon degil.
41
+ </p>
42
+
43
+ <br>
44
+
45
+ <p align="center">
46
+ <a href="#sorun">Sorun</a> &bull;
47
+ <a href="#nasil-farkli">Nasil Farkli</a> &bull;
48
+ <a href="#hizli-baslangic">Hizli Baslangic</a> &bull;
49
+ <a href="#ai-neler-yapabilir">AI Neler Yapabilir</a> &bull;
50
+ <a href="#arac-referansi-13-arac-103-teknik">Araclar (13)</a> &bull;
51
+ <a href="#veri-kaynaklari-21">Veri Kaynaklari</a> &bull;
52
+ <a href="#mimari">Mimari</a> &bull;
53
+ <a href="CHANGELOG.md">Degisiklik Gunlugu</a> &bull;
54
+ <a href="CONTRIBUTING.md">Katki</a>
55
+ </p>
56
+
57
+ <p align="center">
58
+ <a href="https://www.npmjs.com/package/fingerprint-mcp"><img src="https://img.shields.io/npm/v/fingerprint-mcp.svg" alt="npm"></a>
59
+ <a href="LICENSE"><img src="https://img.shields.io/badge/license-AGPL--3.0-blue.svg" alt="Lisans"></a>
60
+ <img src="https://img.shields.io/badge/runtime-Bun-f472b6" alt="Bun">
61
+ <img src="https://img.shields.io/badge/protocol-MCP-8b5cf6" alt="MCP">
62
+ <img src="https://img.shields.io/badge/tools-13-ef4444" alt="13 Arac">
63
+ <img src="https://img.shields.io/badge/techniques-103-f97316" alt="103 Teknik">
64
+ </p>
65
+
66
+ <p align="center">
67
+ <img src="https://raw.githubusercontent.com/badchars/fingerprint-mcp/main/.github/demo.gif" alt="fingerprint-mcp demo" width="800">
68
+ </p>
69
+
70
+ ---
71
+
72
+ ## Sorun
73
+
74
+ Bugunku sunucu parmak izi alma islemi, bir durine birbirinden bagimsiz aracla ugrasmayi gerektirir. Port taramasi icin `nmap`, sertifika analizi icin `testssl.sh`, HTTP basliklari icin `curl -I`, DNS icin `dig`, WAF tespiti icin `wafw00f`, SSH icin `ssh-audit`, ayri bir JARM araci, teknoloji tespiti icin Wappalyzer calistirirsiniz &mdash; sonra gercekte neyin calistigini anlamak icin 30 dakika boyunca her seyi bir elektronik tabloda manuel olarak carpraz referanslarsiniz.
75
+
76
+ ```
77
+ Geleneksel parmak izi alma is akisi:
78
+ TLS sertifikalarini analiz et -> testssl.sh / openssl s_client
79
+ HTTP basliklarini yakala -> curl -I
80
+ web teknolojilerini tespit et -> wappalyzer CLI
81
+ DNS kesfet -> dig / nslookup / dnsenum
82
+ port taramasi -> nmap -sV
83
+ WAF tespiti -> wafw00f
84
+ SSH denetimi -> ssh-audit
85
+ servis parmak izi -> nmap scripts
86
+ JARM parmak izi -> jarm (ayri arac)
87
+ OSINT veritabanlarini kontrol et -> shodan CLI, censys CLI
88
+ her seyi iliskilendir -> manuel olarak elektronik tabloda
89
+ ──────────────────────────────
90
+ Toplam: 11 arac, 30+ dakika, manuel korelasyon
91
+ ```
92
+
93
+ **fingerprint-mcp**, AI ajaniniza [Model Context Protocol](https://modelcontextprotocol.io) uzerinden 21 saglayicidaki 103 parmak izi tekniklerini kapsayan 13 bilesik arac sunar. Ajan, cok katmanli parmak izini paralel olarak calistirir, TCP/TLS/HTTP/DNS/SSH katmanlari arasinda sinyalleri iliskilendirir, bal kukasi ve C2 altyapisini tespit eder ve birlesik bir istihbarat tablosu sunar &mdash; tek bir gorusmede.
94
+
95
+ ```
96
+ fingerprint-mcp ile:
97
+ Siz: "target.com uzerinde derin kesif yap"
98
+
99
+ Ajan: -> recon {url: "https://target.com", depth: "deep"}
100
+
101
+ -> TLS: nginx/1.24.0, JARM ile (3fd21b20d00000...),
102
+ Let's Encrypt sertifikasi, 2 SANs, TLS 1.2+1.3
103
+ -> HTTP: Cloudflare WAF arkasinda Express.js,
104
+ React SPA, Google Analytics, 14 guvenlik basligi analiz edildi
105
+ -> DNS: A/AAAA/MX/TXT kayitlari, SPF/DKIM/DMARC yapilandirilmis,
106
+ CNAME/MX uzerinden Slack + Google Workspace tespit edildi
107
+ -> Portlar: 80, 443, 22 (OpenSSH 9.6), 8080 (gelistirme sunucusu)
108
+ -> WAF: Cloudflare tespit edildi, kaynak IP dogrudan baglanti ile kesfedildi
109
+ -> Numaralandirma: CT loglari uzerinden 12 alt alan adi, wildcard DNS tespit edildi
110
+ -> "target.com, Cloudflare WAF arkasinda Express.js ile nginx/1.24.0
111
+ calistiriyor. Kaynak IP 203.0.113.42, port 8080'de aciga cikmis.
112
+ TLS dogru yapilandirilmis (A+ esdegeri) ancak 8080'deki gelistirme
113
+ sunucusu WAF korumasi olmadan calisiyor. 3 alt alan adi
114
+ devre disi birakilmis altyapiya isaret ediyor — potansiyel ele gecirme riski."
115
+ ```
116
+
117
+ ---
118
+
119
+ ## Nasil Farkli
120
+
121
+ Mevcut araclar size bir seferde tek katman ham veri verir. fingerprint-mcp, AI ajaniniza **tum parmak izi katmanlarinda ayni anda muhakeme etme** yetenegini kazandirir.
122
+
123
+ <table>
124
+ <thead>
125
+ <tr>
126
+ <th></th>
127
+ <th>Geleneksel Yaklasim</th>
128
+ <th>fingerprint-mcp</th>
129
+ </tr>
130
+ </thead>
131
+ <tbody>
132
+ <tr>
133
+ <td><b>Arayuz</b></td>
134
+ <td>Farkli cikti formatlarinda 11 farkli CLI araci</td>
135
+ <td>MCP &mdash; AI ajani araclari konusarak cagirir</td>
136
+ </tr>
137
+ <tr>
138
+ <td><b>Teknikler</b></td>
139
+ <td>Bir arac, bir seferde bir katman</td>
140
+ <td>21 saglayicide 103 teknik, paralel calistirilir</td>
141
+ </tr>
142
+ <tr>
143
+ <td><b>TLS analizi</b></td>
144
+ <td>testssl.sh ciktisi, JARM'i ayrica manuel olarak ayristirma</td>
145
+ <td>Ajan sertifika + JARM + JA4X + sifreleme paketleri + SNI + CT loglarini tek cagri ile birlestirir</td>
146
+ </tr>
147
+ <tr>
148
+ <td><b>Korelasyon</b></td>
149
+ <td>Sonuclari bir elektronik tabloya kopyala-yapistir</td>
150
+ <td>Ajan capraz iliskilendirir: "JARM bilinen C2 cercevesi ile eslesiyor, HTTP zamanlama bal kukasini dogruluyor"</td>
151
+ </tr>
152
+ <tr>
153
+ <td><b>WAF atlama</b></td>
154
+ <td>wafw00f WAF'i tespit eder, kaynak icin manuel olarak ararsiniz</td>
155
+ <td>Ajan WAF'i tespit eder, kaynak IP'yi bulur ve ayni icerigi sundugunu dogrular</td>
156
+ </tr>
157
+ <tr>
158
+ <td><b>API anahtarlari</b></td>
159
+ <td>Shodan, Censys vb. icin gerekli</td>
160
+ <td>80+ aktif teknik hicbir API anahtari olmadan calisir; anahtarlar OSINT zenginlestirmesini acar</td>
161
+ </tr>
162
+ <tr>
163
+ <td><b>Kurulum</b></td>
164
+ <td>nmap, testssl, wafw00f, ssh-audit, jarm, wappalyzer yukle...</td>
165
+ <td><code>npx fingerprint-mcp</code> &mdash; tek komut, sifir yapilandirma</td>
166
+ </tr>
167
+ </tbody>
168
+ </table>
169
+
170
+ ---
171
+
172
+ ## Hizli Baslangic
173
+
174
+ ### Secenek 1: npx (kurulum gerektirmez)
175
+
176
+ ```bash
177
+ npx fingerprint-mcp
178
+ ```
179
+
180
+ Tum 80+ aktif parmak izi teknigi aninda calisir. TCP, TLS, SSH, HTTP, DNS, WAF, yol, servis, zamanlama, IoT, SMTP, altyapi ve uygulama parmak izi icin API anahtari gerekmez.
181
+
182
+ ### Secenek 2: Klonla
183
+
184
+ ```bash
185
+ git clone https://github.com/badchars/fingerprint-mcp.git
186
+ cd fingerprint-mcp
187
+ bun install
188
+ ```
189
+
190
+ ### Ortam degiskenleri (istege bagli)
191
+
192
+ ```bash
193
+ # OSINT zenginlestirme (tamami istege bagli — aktif parmak izi herhangi bir anahtar olmadan calisir)
194
+ export SHODAN_API_KEY=your-key # osint_shodan, ssh_hostkey_lookup'u etkinlestirir
195
+ export CENSYS_API_ID=your-id # osint_censys'i etkinlestirir (ucretsiz: 250 sorgu/ay)
196
+ export CENSYS_API_SECRET=your-secret # Censys API sifresi
197
+ export SECURITYTRAILS_API_KEY=your-key # waf_origin, enum_passive_dns'i etkinlestirir
198
+ export VIRUSTOTAL_API_KEY=your-key # osint_virustotal'i etkinlestirir (ucretsiz: 500 sorgu/gun)
199
+ ```
200
+
201
+ Tum API anahtarlari istege baglidir. Bunlar olmadan, yine de tam TCP/TLS/SSH/HTTP/DNS/WAF/yol/servis/zamanlama/IoT/SMTP/altyapi/uygulama parmak izi, korelasyon, pasif analiz, numaralandirma ve meta araclari elde edersiniz &mdash; hedefi dogrudan tarayarak calisan 80+ teknik.
202
+
203
+ ### AI ajaniniza baglayin
204
+
205
+ <details open>
206
+ <summary><b>Claude Code</b></summary>
207
+
208
+ ```bash
209
+ # npx ile
210
+ claude mcp add fingerprint-mcp -- npx fingerprint-mcp
211
+
212
+ # Yerel klon ile
213
+ claude mcp add fingerprint-mcp -- bun run /path/to/fingerprint-mcp/src/index.ts
214
+ ```
215
+
216
+ </details>
217
+
218
+ <details>
219
+ <summary><b>Claude Desktop</b></summary>
220
+
221
+ `~/Library/Application Support/Claude/claude_desktop_config.json` dosyasina ekleyin:
222
+
223
+ ```json
224
+ {
225
+ "mcpServers": {
226
+ "fingerprint": {
227
+ "command": "npx",
228
+ "args": ["-y", "fingerprint-mcp"],
229
+ "env": {
230
+ "SHODAN_API_KEY": "optional",
231
+ "CENSYS_API_ID": "optional",
232
+ "CENSYS_API_SECRET": "optional",
233
+ "SECURITYTRAILS_API_KEY": "optional",
234
+ "VIRUSTOTAL_API_KEY": "optional"
235
+ }
236
+ }
237
+ }
238
+ }
239
+ ```
240
+
241
+ </details>
242
+
243
+ <details>
244
+ <summary><b>Cursor / Windsurf / diger MCP istemcileri</b></summary>
245
+
246
+ Ayni JSON yapilandirma formati. Komutu `npx fingerprint-mcp` veya yerel kurulum yolunuza yonlendirin.
247
+
248
+ </details>
249
+
250
+ ### Sorgulamaya baslayin
251
+
252
+ ```
253
+ Siz: "target.com hakkinda her seyin parmak izini al — TLS, HTTP yigini, WAF, DNS, acik portlar"
254
+ ```
255
+
256
+ Hepsi bu. Ajan cok katmanli parmak izi, sinyal korelasyonu ve altyapi analizini otomatik olarak yonetir.
257
+
258
+ ---
259
+
260
+ ## AI Neler Yapabilir
261
+
262
+ ### Hizli Kesif
263
+
264
+ ```
265
+ Siz: "target.com uzerinde hizli kesif"
266
+
267
+ Ajan: -> recon {url: "https://target.com", depth: "quick"}
268
+
269
+ -> TCP: portlar 80, 443, 22 acik
270
+ -> TLS: Let's Encrypt RSA sertifikasi, TLS 1.2+1.3, nginx JARM imzasi
271
+ -> HTTP: nginx/1.24.0, Express.js, React, Cloudflare CDN
272
+ -> DNS: A 203.0.113.42, MX Google Workspace, SPF/DKIM yapilandirilmis
273
+ -> WAF: Cloudflare tespit edildi (cf-ray basligi)
274
+ -> "target.com, Cloudflare CDN uzerinden sunulan nginx/1.24.0
275
+ arkasinda Express.js uzerinde bir React SPA'dir. TLS, Let's Encrypt
276
+ ile dogru yapilandirilmis. Port 22'de SSH, OpenSSH 9.6 calistiriyor.
277
+ E-posta, tam SPF/DKIM/DMARC ile Google Workspace tarafindan yonetiliyor."
278
+ ```
279
+
280
+ ### Derin TLS Incelemesi
281
+
282
+ ```
283
+ Siz: "suspicious-server.com'un TLS yapilandirmasini detayli analiz et"
284
+
285
+ Ajan: -> scan_tls {host: "suspicious-server.com"}
286
+
287
+ -> Sertifika: kendinden imzali, CN=localhost, 47 gun once suresi dolmus
288
+ -> JARM: 2ad2ad0002ad2ad00042d42d00000069d641f34fe76acdc05c40262f8815e5
289
+ (Cobalt Strike varsayilan profili ile eslesiyor)
290
+ -> JA4X: parmak izi bilinen C2 cercevesi deseni ile eslesiyor
291
+ -> Sifreleme paketleri: zayif sifreleme kabul ediyor (RC4, 3DES)
292
+ -> SNI: herhangi bir SNI degerine ayni sekilde yanit veriyor
293
+ -> CT loglari: sertifika kaydedilmemis (halka acik guvenilir degil)
294
+ -> "YUKSEK RISK: TLS yapilandirmasi guclu bir sekilde C2 altyapisina isaret ediyor.
295
+ Kendinden imzali suresi dolmus sertifika, JARM parmak izi Cobalt Strike ile eslesiyor,
296
+ zayif sifreleme kabul ediyor ve rastgele SNI degerlerine yanit veriyor.
297
+ Acil sorusturma ve engelleme onerilir."
298
+ ```
299
+
300
+ ### WAF Atlama ve Kaynak Kesfetme
301
+
302
+ ```
303
+ Siz: "target.com bir WAF arkasinda. Kaynak sunucuyu bulabilir misin?"
304
+
305
+ Ajan: -> scan_waf {url: "https://target.com"}
306
+ -> scan_dns {domain: "target.com"}
307
+ -> enumerate {domain: "target.com"}
308
+
309
+ -> WAF: Cloudflare (AS13335), supeli isteklerde challenge sayfasi
310
+ -> DNS: A kaydi Cloudflare IP 104.21.x.x'e isaret ediyor
311
+ -> Alt alan adlari: dev.target.com, 203.0.113.42'ye cozumleniyor (Cloudflare-disi)
312
+ -> 203.0.113.42:443'e dogrudan baglanti ayni TLS sertifikasini donduruyor
313
+ -> SecurityTrails gecmisi: Cloudflare'den once kaynak 203.0.113.42 idi
314
+ -> "Kaynak IP bulundu: 203.0.113.42. dev.target.com alt alan adi uzerinden
315
+ kesfedildi, Cloudflare'i atliyor. Kaynak ayni TLS sertifikasini sunuyor
316
+ ve target.com Host basligina yanit veriyor.
317
+ Kaynagin WAF korumasi yok — dogrudan erisim mumkun."
318
+ ```
319
+
320
+ ### Bir Host'ta Servis Kesfetme
321
+
322
+ ```
323
+ Siz: "10.0.1.50 uzerinde hangi servisler calisiyor?"
324
+
325
+ Ajan: -> scan_ports {host: "10.0.1.50"}
326
+ -> scan_services {host: "10.0.1.50", ports: [22, 80, 3306, 5432, 6379, 8080]}
327
+
328
+ -> Port 22: OpenSSH 8.9p1 Ubuntu, ED25519 host anahtari
329
+ -> Port 80: Apache/2.4.57, PHP/8.2, WordPress 6.4
330
+ -> Port 3306: MySQL 8.0.36, kimlik dogrulama gerekli
331
+ -> Port 5432: PostgreSQL 16.1, SSL gerekli
332
+ -> Port 6379: Redis 7.2.4, kimlik dogrulama YOK (acik)
333
+ -> Port 8080: Node.js Express gelistirme sunucusu, CORS: *
334
+ -> "KRITIK: Port 6379'daki Redis kimlik dogrulama icermiyor — agdaki herkes
335
+ veri okuyabilir/yazabilir. 8080'deki Express gelistirme sunucusu
336
+ wildcard CORS'a sahip. MySQL ve PostgreSQL dogru sekilde kimlik dogrulama
337
+ gerektiriyor. WordPress 2 minor surum geride. Redis ve gelistirme
338
+ sunucusu ifsa konusunda acil eylem gerekli."
339
+ ```
340
+
341
+ ---
342
+
343
+ ## Arac Referansi (13 arac, 103 teknik)
344
+
345
+ <details open>
346
+ <summary><b>recon &mdash; Derinlik tabanli teknik secimi ile tam kesif</b></summary>
347
+
348
+ | Parametre | Tip | Aciklama |
349
+ |-----------|-----|----------|
350
+ | `url` | string | Parmak izi alinacak hedef URL |
351
+ | `depth` | `quick` \| `standard` \| `deep` | Tarama derinligi: quick=5 teknik, standard=20, deep=50+ |
352
+
353
+ Derinlik seviyesine gore tum saglayicilardan teknikleri duzenler. Hizli mod kisa bir genel bakis verir; derin mod numaralandirma, OSINT ve korelasyon dahil kapsamli parmak izi calistirir.
354
+
355
+ </details>
356
+
357
+ <details>
358
+ <summary><b>scan_ports &mdash; Servis tespitli TCP port taramasi (3 teknik)</b></summary>
359
+
360
+ | Parametre | Tip | Aciklama |
361
+ |-----------|-----|----------|
362
+ | `host` | string | Hedef host (IP veya alan adi) |
363
+ | `ports` | number[] | Istege bagli &mdash; taranacak belirli portlar (varsayilan yaygin portlar) |
364
+
365
+ | Teknik | Aciklama |
366
+ |--------|----------|
367
+ | `tcp_probe` | Acik portlari tespit icin TCP connect taramasi |
368
+ | `tcp_banner` | Servis tespiti icin acik portlarda banner yakalama |
369
+ | `tcp_analysis` | Port kombinasyonu analizi ve servis cikarimi |
370
+
371
+ </details>
372
+
373
+ <details>
374
+ <summary><b>scan_tls &mdash; Kapsamli TLS/SSL analizi (8 teknik)</b></summary>
375
+
376
+ | Parametre | Tip | Aciklama |
377
+ |-----------|-----|----------|
378
+ | `host` | string | Hedef host (IP veya alan adi) |
379
+ | `port` | number | Istege bagli &mdash; TLS portu (varsayilan: 443) |
380
+
381
+ | Teknik | Aciklama |
382
+ |--------|----------|
383
+ | `tls_certificate` | X.509 sertifika ayristirma &mdash; konu, veren, SANs, gecerlilik, zincir |
384
+ | `tls_jarm` | JARM aktif parmak izi &mdash; 10 TLS Client Hello sondasi, 62 karakterlik hash |
385
+ | `tls_ja4x` | Sertifika ozelliklerinden JA4X pasif TLS parmak izi |
386
+ | `tls_ciphers` | Sifreleme paketi numaralandirma ve guc analizi |
387
+ | `tls_protocols` | Desteklenen TLS protokol surumu tespiti (SSLv3'ten TLS 1.3'e) |
388
+ | `tls_sni` | SNI davranis testi &mdash; varsayilan sertifika ile istenen host adi karsilastirmasi |
389
+ | `tls_ct_logs` | crt.sh uzerinden Certificate Transparency log sorgusu |
390
+ | `tls_ocsp` | OCSP zımbalama ve iptal durumu kontrolu |
391
+
392
+ </details>
393
+
394
+ <details>
395
+ <summary><b>scan_dns &mdash; DNS istihbarati (7 teknik)</b></summary>
396
+
397
+ | Parametre | Tip | Aciklama |
398
+ |-----------|-----|----------|
399
+ | `domain` | string | Hedef alan adi |
400
+
401
+ | Teknik | Aciklama |
402
+ |--------|----------|
403
+ | `dns_records` | Tam kayit numaralandirma &mdash; A, AAAA, MX, NS, TXT, CNAME, SOA |
404
+ | `dns_email_auth` | SPF, DKIM ve DMARC kayit analizi |
405
+ | `dns_saas` | CNAME ve MX desenleri uzerinden SaaS/servis tespiti (Slack, Zendesk vb.) |
406
+ | `dns_server` | DNS sunucu parmak izi (BIND, PowerDNS, Cloudflare vb.) |
407
+ | `dns_takeover` | Sarkan CNAME analizi ile alt alan adi ele gecirme tespiti |
408
+ | `dns_zone` | Bolge aktarimi denemesi (AXFR) |
409
+ | `dns_caa` | Sertifika yetkilisi kisitlamalari icin CAA kayit analizi |
410
+
411
+ </details>
412
+
413
+ <details>
414
+ <summary><b>scan_http &mdash; HTTP/web parmak izi (29 teknik)</b></summary>
415
+
416
+ | Parametre | Tip | Aciklama |
417
+ |-----------|-----|----------|
418
+ | `url` | string | Hedef URL |
419
+
420
+ | Teknik | Saglayici | Aciklama |
421
+ |--------|-----------|----------|
422
+ | `http_headers` | HTTP | Yanit basligi analizi ve sunucu tespiti |
423
+ | `http_header_order` | HTTP | Baslik sirasi parmak izi (sunucu yazilim imzasi) |
424
+ | `http_security_headers` | HTTP | Guvenlik basligi denetimi (CSP, HSTS, X-Frame-Options vb.) |
425
+ | `http_cookies` | HTTP | Cerez analizi &mdash; bayraklar, on ekler, cerceve tespiti |
426
+ | `http_methods` | HTTP | Izin verilen HTTP metod numaralandirmasi (OPTIONS) |
427
+ | `http_cors` | HTTP | CORS politika analizi ve yapilandirma hatasi tespiti |
428
+ | `http_compression` | HTTP | Desteklenen sıkistirma algoritmalari (gzip, br, zstd) |
429
+ | `http_caching` | HTTP | Onbellek basligi analizi (CDN, ters proxy tespiti) |
430
+ | `http_etag` | HTTP | Arka uc tespiti icin ETag format analizi |
431
+ | `http_error` | HTTP | Hata sayfasi parmak izi (ozel ile varsayilan hata sayfalari) |
432
+ | `http_redirect` | HTTP | Yonlendirme zinciri analizi |
433
+ | `http_timing` | HTTP | Sunucu performans profilleme icin yanit zamanlama temel cizgisi |
434
+ | `http_favicon` | HTTP | Teknoloji tespiti icin favicon hash (MurmurHash3) |
435
+ | `http_robots` | HTTP | robots.txt ayristirma ve yasakli yol cikarimi |
436
+ | `http_sitemap` | HTTP | Site haritasi kesfetme ve URL cikarimi |
437
+ | `http_wellknown` | HTTP | .well-known uc nokta kesfetme (security.txt, openid vb.) |
438
+ | `web_tech` | Web | HTML/JS/CSS desenleri uzerinden teknoloji tespiti |
439
+ | `web_analytics` | Web | Analitik ve izleme servisi tespiti |
440
+ | `web_sourcemaps` | Web | Source map dosyasi kesfetme |
441
+ | `web_websocket` | Web | WebSocket uc nokta tespiti |
442
+ | `web_graphql` | Web | GraphQL uc nokta tespiti ve introspeksiyon |
443
+ | `web_spa` | Web | Tek sayfa uygulama cercevesi tespiti |
444
+ | `web_cdn` | Web | Yanit basliklari ve DNS uzerinden CDN tespiti |
445
+ | `web_meta` | Web | HTML meta etiket analizi (uretici, cerceve ipuclari) |
446
+ | `web_feed` | Web | RSS/Atom feed kesfetme |
447
+ | `h2_detect` | HTTP/2 | HTTP/2 protokol destegi tespiti |
448
+ | `h2_fingerprint` | HTTP/2 | HTTP/2 sunucu parmak izi (SETTINGS, WINDOW_UPDATE) |
449
+ | `h2_h3` | HTTP/2 | Alt-Svc basligi uzerinden HTTP/3 (QUIC) destek tespiti |
450
+ | `app_cms` | Application | CMS tespiti (WordPress, Drupal, Joomla vb.) |
451
+
452
+ </details>
453
+
454
+ <details>
455
+ <summary><b>scan_paths &mdash; Yol istihbarati (5 teknik)</b></summary>
456
+
457
+ | Parametre | Tip | Aciklama |
458
+ |-----------|-----|----------|
459
+ | `url` | string | Hedef URL |
460
+ | `categories` | string[] | Istege bagli &mdash; kontrol edilecek kategoriler (sensitive, git, debug, api, config) |
461
+
462
+ | Teknik | Aciklama |
463
+ |--------|----------|
464
+ | `path_sensitive` | Hassas dosya kesfetme (yedek dosyalar, yapilandirma dosyalari, veritabani dokumu) |
465
+ | `path_robots` | Gizli yollar icin robots.txt ve sitemap.xml analizi |
466
+ | `path_git` | Git deposu sizintisi tespiti (.git/HEAD, .git/config) |
467
+ | `path_debug` | Hata ayiklama uc noktasi kesfetme (phpinfo, server-status, debug konsollari) |
468
+ | `path_api` | API surumu ve dokumantasyon uc noktasi kesfetme |
469
+
470
+ </details>
471
+
472
+ <details>
473
+ <summary><b>scan_waf &mdash; WAF/CDN tespiti ve parmak izi (4 teknik)</b></summary>
474
+
475
+ | Parametre | Tip | Aciklama |
476
+ |-----------|-----|----------|
477
+ | `url` | string | Hedef URL |
478
+
479
+ | Teknik | Aciklama |
480
+ |--------|----------|
481
+ | `waf_detect` | Yanit basligi ve davranis analizi ile WAF varlik tespiti |
482
+ | `waf_cdn` | CDN saglayici tespiti (Cloudflare, Akamai, Fastly vb.) |
483
+ | `waf_fingerprint` | WAF urun tespiti ve surum belirleme |
484
+ | `waf_origin` | WAF/CDN arkasindaki kaynak IP kesfetme (`SECURITYTRAILS_API_KEY` gerektirir) |
485
+
486
+ </details>
487
+
488
+ <details>
489
+ <summary><b>scan_services &mdash; Servis duzeyi tarama (12 teknik)</b></summary>
490
+
491
+ | Parametre | Tip | Aciklama |
492
+ |-----------|-----|----------|
493
+ | `host` | string | Hedef host (IP veya alan adi) |
494
+ | `ports` | number[] | Istege bagli &mdash; taranacak belirli portlar |
495
+ | `service` | string | Istege bagli &mdash; taranacak belirli servis (mysql, postgres, redis, ftp, ssh, smtp, vnc, iot) |
496
+
497
+ | Teknik | Saglayici | Aciklama |
498
+ |--------|-----------|----------|
499
+ | `ssh_probe` | SSH | SSH protokol surumu ve yazilim tespiti |
500
+ | `ssh_algorithms` | SSH | SSH algoritma denetimi (KEX, sifreler, MAC'ler, host anahtar turleri) |
501
+ | `ssh_hostkey_lookup` | SSH | Shodan uzerinden SSH host anahtar sorgusu (`SHODAN_API_KEY` gerektirir) |
502
+ | `svc_mysql` | Service | MySQL surum tespiti ve yetenek parmak izi |
503
+ | `svc_postgres` | Service | PostgreSQL surum tespiti ve SSL destek kontrolu |
504
+ | `svc_redis` | Service | Redis surum tespiti ve kimlik dogrulama durumu |
505
+ | `svc_ftp` | Service | FTP banner analizi ve anonim giris kontrolu |
506
+ | `svc_vnc_rdp` | Service | VNC/RDP servis tespiti ve guvenlik degerlendirmesi |
507
+ | `smtp_banner` | SMTP | SMTP banner analizi ve MTA tespiti |
508
+ | `smtp_starttls` | SMTP | SMTP STARTTLS destegi ve sertifika incelemesi |
509
+ | `iot_detect` | IoT | Banner desenleri ve varsayilan sayfalar uzerinden IoT cihaz tespiti |
510
+ | `iot_upnp` | IoT | Yerel agda UPnP/SSDP cihaz kesfetme |
511
+
512
+ </details>
513
+
514
+ <details>
515
+ <summary><b>enumerate &mdash; Kapsam genisletme (8 teknik)</b></summary>
516
+
517
+ | Parametre | Tip | Aciklama |
518
+ |-----------|-----|----------|
519
+ | `domain` | string | Hedef alan adi |
520
+
521
+ | Teknik | Aciklama |
522
+ |--------|----------|
523
+ | `enum_subdomains` | Birden fazla yontemle alt alan adi numaralandirma |
524
+ | `enum_wildcard` | Wildcard DNS tespiti |
525
+ | `enum_tld` | TLD genisletme (target.com -> target.net, target.org vb.) |
526
+ | `enum_related` | Paylasilan altyapi uzerinden ilgili alan adi kesfetme |
527
+ | `enum_asn` | ASN komsu kesfetme &mdash; ayni agdaki diger alan adlari |
528
+ | `enum_ct` | Certificate Transparency log alt alan adi cikarimi |
529
+ | `enum_passive_dns` | Pasif DNS gecmisi (`SECURITYTRAILS_API_KEY` gerektirir) |
530
+ | `enum_scope` | Kapsam ozeti ve saldiri yuzeyi genel bakisi |
531
+
532
+ </details>
533
+
534
+ <details>
535
+ <summary><b>osint &mdash; OSINT zenginlestirme (6 teknik)</b></summary>
536
+
537
+ | Parametre | Tip | Aciklama |
538
+ |-----------|-----|----------|
539
+ | `target` | string | Zenginlestirilecek IP adresi veya alan adi |
540
+ | `type` | `ip` \| `domain` | Istege bagli &mdash; hedef tipi (belirtilmezse otomatik tespit) |
541
+
542
+ | Teknik | Kimlik Dogrulama | Aciklama |
543
+ |--------|------------------|----------|
544
+ | `osint_shodan` | `SHODAN_API_KEY` | Shodan host sorgusu &mdash; acik portlar, bannerlar, zafiyetler, isletim sistemi |
545
+ | `osint_censys` | `CENSYS_API_ID` + `CENSYS_API_SECRET` | Censys host verisi &mdash; servisler, TLS, otonom sistem |
546
+ | `osint_reverse_ip` | Yok | Ters IP sorgusu &mdash; ayni IP'deki diger alan adlari |
547
+ | `osint_whois` | Yok | WHOIS kayit verisi &mdash; kayit kurulusu, tarihler, ad sunuculari |
548
+ | `osint_webarchive` | Yok | Web Archive gecmisi &mdash; ilk/son anlık goruntu, degisim sikligi |
549
+ | `osint_virustotal` | `VIRUSTOTAL_API_KEY` | VirusTotal alan adi/IP raporu &mdash; tespitler, kategoriler, DNS |
550
+
551
+ </details>
552
+
553
+ <details>
554
+ <summary><b>analyze &mdash; Pasif parmak izi analizi (3 mod)</b></summary>
555
+
556
+ | Parametre | Tip | Aciklama |
557
+ |-----------|-----|----------|
558
+ | `type` | `headers` \| `html` \| `banner` | Analiz edilecek veri tipi |
559
+ | `data` | string | Analiz edilecek ham veri (basliklari, HTML'i veya banner ciktisini yapistirin) |
560
+
561
+ | Mod | Aciklama |
562
+ |-----|----------|
563
+ | `fp_analyze_headers` | Pasif HTTP baslik analizi &mdash; trafik gondermeden sunucu, cerceve, proxy tespiti |
564
+ | `fp_analyze_html` | Pasif HTML analizi &mdash; kaynaktan teknoloji tespiti, cerceve belirleme |
565
+ | `fp_analyze_banner` | Pasif banner analizi &mdash; ham banner metninden servis tespiti |
566
+
567
+ </details>
568
+
569
+ <details>
570
+ <summary><b>correlate &mdash; Coklu sinyal korelasyon motoru (7 mod)</b></summary>
571
+
572
+ | Parametre | Tip | Aciklama |
573
+ |-----------|-----|----------|
574
+ | `type` | `consistency` \| `honeypot` \| `spoofing` \| `compare` \| `topology` \| `c2` \| `identify` | Korelasyon modu |
575
+ | `signals` | object | Iliskilendirilecek parmak izi sinyalleri (moda gore degisir) |
576
+
577
+ | Mod | Aciklama |
578
+ |-----|----------|
579
+ | `fp_consistency` | Katmanlar arasi sinyal tutarliligi kontrolu &mdash; TCP, TLS, HTTP ve DNS parmak izleri uyusuyor mu? |
580
+ | `fp_honeypot` | Bal kukasi tespiti &mdash; imkansiz servis kombinasyonlari ve davranissal anomalileri kontrol eder |
581
+ | `fp_spoofing` | Sahtecilik tespiti &mdash; sunucu basliklari ile gercek davranis arasindaki uyumsuzluklari belirler |
582
+ | `fp_compare` | Iki hostun parmak izi profillerinin yan yana karsilastirmasi |
583
+ | `fp_topology` | Altyapi topolojisi haritalama &mdash; CDN, yuk dengeleyici, ters proxy zinciri |
584
+ | `fp_c2` | JARM, TLS, HTTP ve zamanlama korelasyonu ile C2 cerceve tespiti |
585
+ | `fp_identify` | Bilinen imza veritabanina karsi hash tabanli tanimlama |
586
+
587
+ </details>
588
+
589
+ <details>
590
+ <summary><b>meta &mdash; Sunucu yapilandirmasi ve verileri (3 mod)</b></summary>
591
+
592
+ | Parametre | Tip | Aciklama |
593
+ |-----------|-----|----------|
594
+ | `category` | string | Istege bagli &mdash; kategoriye gore filtrele |
595
+
596
+ | Mod | Aciklama |
597
+ |-----|----------|
598
+ | `fp_sources` | Yapilandirma ve API anahtar durumu ile tum kullanilabilir veri kaynaklarini listele |
599
+ | `fp_config` | Sunucu yapilandirmasi &mdash; surum, yuklenen saglayicilar, teknik sayisi |
600
+ | `fp_signatures` | Imza veritabani listeleme &mdash; JARM, banner, WAF, uygulama imzalari |
601
+
602
+ </details>
603
+
604
+ ---
605
+
606
+ ### CLI Kullanimi
607
+
608
+ ```bash
609
+ # Tum kullanilabilir araclari ve teknikleri listele
610
+ npx fingerprint-mcp --list
611
+
612
+ # Herhangi bir araci dogrudan calistir
613
+ npx fingerprint-mcp --tool recon '{"url":"https://example.com","depth":"quick"}'
614
+ npx fingerprint-mcp --tool scan_tls '{"host":"example.com"}'
615
+ npx fingerprint-mcp --tool scan_ports '{"host":"10.0.1.50","ports":[22,80,443,3306,8080]}'
616
+ npx fingerprint-mcp --tool scan_dns '{"domain":"example.com"}'
617
+ npx fingerprint-mcp --tool scan_http '{"url":"https://example.com"}'
618
+ npx fingerprint-mcp --tool scan_waf '{"url":"https://example.com"}'
619
+ npx fingerprint-mcp --tool scan_services '{"host":"10.0.1.50","service":"redis"}'
620
+ npx fingerprint-mcp --tool enumerate '{"domain":"example.com"}'
621
+ npx fingerprint-mcp --tool analyze '{"type":"headers","data":"Server: nginx/1.24.0\nX-Powered-By: Express"}'
622
+ npx fingerprint-mcp --tool correlate '{"type":"honeypot","signals":{"jarm":"...","banner":"..."}}'
623
+ npx fingerprint-mcp --tool meta '{}'
624
+
625
+ # OSINT araclari (API anahtarlari gerektirir)
626
+ SHODAN_API_KEY=your-key npx fingerprint-mcp --tool osint '{"target":"203.0.113.42","type":"ip"}'
627
+ ```
628
+
629
+ ---
630
+
631
+ ## Veri Kaynaklari (21)
632
+
633
+ | Kaynak | Kimlik Dogrulama | Sagladiklari |
634
+ |--------|------------------|--------------|
635
+ | TCP tarama | Yok | Port taramasi, banner yakalama, servis tespiti |
636
+ | TLS/SSL analizi | Yok | Sertifika ayristirma, JARM parmak izi, JA4X, sifreleme numaralandirma, SNI testi |
637
+ | SSH tarama | Yok | Protokol surumu, algoritma denetimi, yazilim tespiti |
638
+ | HTTP analizi | Yok | Baslik parmak izi, favicon hash'leme, cerez analizi, metod numaralandirma, CORS |
639
+ | Web tespiti | Yok | Teknoloji tespiti, analitik, source map, WebSocket, GraphQL, SPA cerceveleri |
640
+ | Yol kesfetme | Yok | Hassas dosyalar, git sizintilari, hata ayiklama uc noktalari, API surumleri, robots.txt |
641
+ | DNS cozumleme | Yok | Kayit numaralandirma, e-posta kimlik dogrulama analizi, SaaS tespiti, sunucu parmak izi |
642
+ | WAF/CDN tespiti | Yok | WAF tespiti, CDN tespiti, WAF parmak izi |
643
+ | Zamanlama analizi | Yok | Yanit zamanlama temel cizgisi, saat kaymasi tespiti |
644
+ | HTTP/2 ve HTTP/3 | Yok | HTTP/2 tespiti ve parmak izi, HTTP/3 Alt-Svc kesfetme |
645
+ | SMTP tarama | Yok | SMTP banner analizi, STARTTLS incelemesi |
646
+ | IoT/Gomulu | Yok | IoT cihaz tespiti, UPnP/SSDP kesfetme |
647
+ | Uygulama tespiti | Yok | CMS, cerceve ve e-ticaret platformu tespiti |
648
+ | Servis tarama | Yok | MySQL, PostgreSQL, Redis, FTP, VNC/RDP parmak izi |
649
+ | Altyapi tespiti | Yok | Bulut saglayici, barindirma saglayici, CDN tespiti |
650
+ | Korelasyon motoru | Yok | Sinyal tutarliligi, bal kukasi tespiti, sahtecilik tespiti, topoloji haritalama |
651
+ | Tanimlama motoru | Yok | Hash tabanli tanimlama, C2 tespiti, imza eslestirme |
652
+ | [Shodan](https://www.shodan.io) | `SHODAN_API_KEY` | Host istihbarati &mdash; acik portlar, bannerlar, zafiyetler, isletim sistemi tespiti |
653
+ | [Censys](https://censys.io) | `CENSYS_API_ID` | Host verisi &mdash; servisler, TLS sertifikalari, otonom sistem bilgisi |
654
+ | [SecurityTrails](https://securitytrails.com) | `SECURITYTRAILS_API_KEY` | WAF kaynak kesfetme, pasif DNS gecmisi, tarihsel kayitlar |
655
+ | [VirusTotal](https://www.virustotal.com) | `VIRUSTOTAL_API_KEY` | Alan adi/IP itibar, tespit sonuclari, DNS gecmisi, kategoriler |
656
+
657
+ ---
658
+
659
+ ## Mimari
660
+
661
+ ```
662
+ src/
663
+ index.ts # CLI giris noktasi (--help, --list, --tool, stdio sunucusu)
664
+ protocol/
665
+ mcp-server.ts # MCP sunucu kurulumu (stdio aktarim)
666
+ tools.ts # Arac kayit defteri — tum 13 bilesik arac burada kayitli
667
+ types/
668
+ index.ts # Paylasilan tipler (ToolDef, ToolContext, ToolResult)
669
+ utils/
670
+ rate-limiter.ts # Saglayici basina hiz sinirlandirici
671
+ cache.ts # API yanitlari icin TTL onbellek
672
+ require-key.ts # API anahtar dogrulama yardimcisi
673
+ murmurhash3.ts # Favicon hash'leme icin MurmurHash3
674
+ composite/ # 13 bilesik arac duzenleyici
675
+ recon.ts # Tam kesif duzenleyici (quick/standard/deep)
676
+ scan-ports.ts # Port taramasi bilesik
677
+ scan-tls.ts # TLS analizi bilesik
678
+ scan-dns.ts # DNS istihbarati bilesik
679
+ scan-http.ts # HTTP parmak izi bilesik
680
+ scan-paths.ts # Yol kesfetme bilesik
681
+ scan-waf.ts # WAF/CDN tespiti bilesik
682
+ scan-services.ts # Servis tarama bilesik
683
+ analyze.ts # Pasif analiz bilesik
684
+ correlate.ts # Korelasyon motoru bilesik
685
+ enumerate.ts # Kapsam genisletme bilesik
686
+ osint.ts # OSINT zenginlestirme bilesik
687
+ meta.ts # Sunucu meta bilesik
688
+ helpers.ts # Paylasilan bilesik yardimcilar
689
+ tcp/ # TCP tarama teknikleri (3)
690
+ tls/ # TLS/SSL analiz teknikleri (8)
691
+ ssh/ # SSH tarama teknikleri (3)
692
+ http/ # HTTP parmak izi teknikleri (16)
693
+ web/ # Web teknoloji tespit teknikleri (9)
694
+ path/ # Yol kesfetme teknikleri (5)
695
+ dns/ # DNS istihbarat teknikleri (7)
696
+ waf/ # WAF/CDN tespit teknikleri (4)
697
+ timing/ # Zamanlama analiz teknikleri (2)
698
+ h2/ # HTTP/2 ve HTTP/3 teknikleri (3)
699
+ smtp/ # SMTP tarama teknikleri (2)
700
+ iot/ # IoT/gomulu tespit teknikleri (2)
701
+ app/ # Uygulama tespit teknikleri (3)
702
+ service/ # Servis tarama teknikleri (5)
703
+ infra/ # Altyapi tespit teknikleri (3)
704
+ correlation/ # Korelasyon motoru (5)
705
+ identify/ # Tanimlama motoru (3)
706
+ passive/ # Pasif analiz (3)
707
+ osint/ # OSINT zenginlestirme teknikleri (6)
708
+ enum/ # Numaralandirma teknikleri (8)
709
+ meta/ # Meta araclari (3)
710
+ data/ # Imza veritabanlari ve desen kutuphaneleri
711
+ jarm-signatures.ts # Bilinen JARM parmak izleri (C2, sunucular, CDN'ler)
712
+ waf-signatures.ts # WAF tespit imzalari
713
+ service-banners.ts # Servis banner desenleri
714
+ tech-patterns.ts # Teknoloji tespit desenleri
715
+ favicon-hashes.ts # Bilinen favicon MurmurHash3 degerleri
716
+ c2-signatures.ts # C2 cerceve imzalari
717
+ ... # 15+ imza/desen veritabani
718
+ ```
719
+
720
+ **Tasarim kararlari:**
721
+
722
+ - **13 bilesik arac, 103 teknik** &mdash; Ajan ust duzey araclari (`recon`, `scan_tls`, `scan_http`) cagirir. Her bilesik, birden fazla alt duzey teknigi duzenler ve iliskilendirilmis sonuclar dondurur. Bu, ayrinti duzeyini korurken arac-cagri yuku azaltir.
723
+ - **21 saglayici, 1 sunucu** &mdash; Her parmak izi katmani bagimsiz bir moduldur. Bilesik duzenleyici, baglam ve derinlige gore teknikleri secer.
724
+ - **Once aktif, OSINT istege bagli** &mdash; 80+ teknik sifir API anahtari ile hedefi dogrudan tarayarak calisir. OSINT saglayicilari (Shodan, Censys, VirusTotal, SecurityTrails) zenginlestirme ekler ancak asla gerekli degildir.
725
+ - **Saglayici basina hiz sinirlandiricilar** &mdash; Her saglayicinin kendi `RateLimiter` ornegi vardir. Aktif tarama, tespit edilmekten kacinmak icin hiz sinirlidir; OSINT API'leri kotalarına gore kalibre edilmistir.
726
+ - **TTL onbellekleme** &mdash; DNS kayitlari (10dk), OSINT sonuclari (15dk), CT loglari (30dk) coklu arac is akislari sirasinda gereksiz sorgulamalardan kacinmak icin onbelleklenir.
727
+ - **Zarifce bozulma** &mdash; Eksik API anahtarlari sunucuyu cokertmez. OSINT araclari aciklayici mesajlar dondurur: "Shodan host sorgulamasini etkinlestirmek icin SHODAN_API_KEY'i ayarlayin."
728
+ - **3 bagimlilik** &mdash; `@modelcontextprotocol/sdk`, `zod` ve `cheerio`. Tum ag G/C yerel `fetch()` ve Node.js `net`/`tls`/`dns` modulleri uzerinden. nmap yok, harici ikili dosya yok.
729
+
730
+ ---
731
+
732
+ ## Kisitlamalar
733
+
734
+ - OSINT araclari (Shodan, Censys, VirusTotal, SecurityTrails) ilgili teknikleri icin API anahtarlari gerektirir
735
+ - Censys ucretsiz katman ayda 250 sorgu ile sinirli
736
+ - VirusTotal ucretsiz katman gunde 500 sorgu ile sinirli
737
+ - Port taramasi TCP connect kullanir (SYN taramasi degil) &mdash; nmap'ten daha az gizli ancak root ayricaliklari gerektirmez
738
+ - JARM parmak izi hedefe dogrudan TCP erisimi gerektirir (guvenlik duvarlari tarafindan engellenebilir)
739
+ - UPnP/SSDP kesfetme yalnizca yerel aglarda calisir
740
+ - Servis tarama (MySQL, PostgreSQL, Redis) baglanir ancak kimlik dogrulama yapmaz
741
+ - Alt alan adi numaralandirma CT loglarina ve pasif kaynaklara dayanir (kaba kuvvet yok)
742
+ - macOS / Linux test edildi (Windows test edilmedi)
743
+
744
+ ---
745
+
746
+ ## MCP Guvenlik Paketinin Parcasi
747
+
748
+ | Proje | Alan | Araclar |
749
+ |-------|------|---------|
750
+ | [hackbrowser-mcp](https://github.com/badchars/hackbrowser-mcp) | Tarayici tabanli guvenlik testi | 39 arac, Firefox, enjeksiyon testi |
751
+ | [cloud-audit-mcp](https://github.com/badchars/cloud-audit-mcp) | Bulut guvenligi (AWS/Azure/GCP) | 38 arac, 60+ kontrol |
752
+ | [github-security-mcp](https://github.com/badchars/github-security-mcp) | GitHub guvenlik durumu | 39 arac, 45 kontrol |
753
+ | [cve-mcp](https://github.com/badchars/cve-mcp) | Zafiyet istihbarati | 23 arac, 5 kaynak |
754
+ | [osint-mcp-server](https://github.com/badchars/osint-mcp-server) | OSINT ve kesif | 37 arac, 12 kaynak |
755
+ | [darknet-mcp-server](https://github.com/badchars/darknet-mcp-server) | Karanlik ag ve tehdit istihbarati | 66 arac, 16 kaynak |
756
+ | **fingerprint-mcp** | **Evrensel dijital parmak izi** | **13 arac, 103 teknik, 21 saglayici** |
757
+
758
+ ---
759
+
760
+ <p align="center">
761
+ <b>Yalnizca yetkili guvenlik testi ve degerlendirmesi icindir.</b><br>
762
+ Herhangi bir hedef uzerinde parmak izi almadan once uygun yetkiye sahip oldugunuzdan her zaman emin olun.
763
+ </p>
764
+
765
+ <p align="center">
766
+ <a href="LICENSE">AGPL-3.0 Lisansi</a> &bull; Bun + TypeScript ile yapildi
767
+ </p>