fingerprint-mcp 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (269) hide show
  1. package/LICENSE +663 -0
  2. package/README.ar.md +767 -0
  3. package/README.bn.md +767 -0
  4. package/README.bs.md +767 -0
  5. package/README.da.md +767 -0
  6. package/README.de.md +770 -0
  7. package/README.el.md +767 -0
  8. package/README.es.md +769 -0
  9. package/README.fr.md +769 -0
  10. package/README.hi.md +767 -0
  11. package/README.it.md +767 -0
  12. package/README.ja.md +767 -0
  13. package/README.ko.md +772 -0
  14. package/README.md +767 -0
  15. package/README.no.md +767 -0
  16. package/README.pl.md +767 -0
  17. package/README.pt-BR.md +767 -0
  18. package/README.ru.md +767 -0
  19. package/README.th.md +767 -0
  20. package/README.tr.md +767 -0
  21. package/README.uk.md +767 -0
  22. package/README.vi.md +767 -0
  23. package/README.zh-TW.md +768 -0
  24. package/README.zh.md +768 -0
  25. package/dist/app/index.d.ts +3 -0
  26. package/dist/app/index.d.ts.map +1 -0
  27. package/dist/app/index.js +614 -0
  28. package/dist/app/index.js.map +1 -0
  29. package/dist/composite/analyze.d.ts +3 -0
  30. package/dist/composite/analyze.d.ts.map +1 -0
  31. package/dist/composite/analyze.js +59 -0
  32. package/dist/composite/analyze.js.map +1 -0
  33. package/dist/composite/correlate.d.ts +3 -0
  34. package/dist/composite/correlate.d.ts.map +1 -0
  35. package/dist/composite/correlate.js +184 -0
  36. package/dist/composite/correlate.js.map +1 -0
  37. package/dist/composite/enumerate.d.ts +3 -0
  38. package/dist/composite/enumerate.d.ts.map +1 -0
  39. package/dist/composite/enumerate.js +94 -0
  40. package/dist/composite/enumerate.js.map +1 -0
  41. package/dist/composite/helpers.d.ts +22 -0
  42. package/dist/composite/helpers.d.ts.map +1 -0
  43. package/dist/composite/helpers.js +111 -0
  44. package/dist/composite/helpers.js.map +1 -0
  45. package/dist/composite/index.d.ts +3 -0
  46. package/dist/composite/index.d.ts.map +1 -0
  47. package/dist/composite/index.js +29 -0
  48. package/dist/composite/index.js.map +1 -0
  49. package/dist/composite/meta.d.ts +3 -0
  50. package/dist/composite/meta.d.ts.map +1 -0
  51. package/dist/composite/meta.js +23 -0
  52. package/dist/composite/meta.js.map +1 -0
  53. package/dist/composite/osint.d.ts +3 -0
  54. package/dist/composite/osint.d.ts.map +1 -0
  55. package/dist/composite/osint.js +40 -0
  56. package/dist/composite/osint.js.map +1 -0
  57. package/dist/composite/recon.d.ts +3 -0
  58. package/dist/composite/recon.d.ts.map +1 -0
  59. package/dist/composite/recon.js +131 -0
  60. package/dist/composite/recon.js.map +1 -0
  61. package/dist/composite/scan-dns.d.ts +3 -0
  62. package/dist/composite/scan-dns.d.ts.map +1 -0
  63. package/dist/composite/scan-dns.js +44 -0
  64. package/dist/composite/scan-dns.js.map +1 -0
  65. package/dist/composite/scan-http.d.ts +3 -0
  66. package/dist/composite/scan-http.d.ts.map +1 -0
  67. package/dist/composite/scan-http.js +68 -0
  68. package/dist/composite/scan-http.js.map +1 -0
  69. package/dist/composite/scan-paths.d.ts +3 -0
  70. package/dist/composite/scan-paths.d.ts.map +1 -0
  71. package/dist/composite/scan-paths.js +32 -0
  72. package/dist/composite/scan-paths.js.map +1 -0
  73. package/dist/composite/scan-ports.d.ts +3 -0
  74. package/dist/composite/scan-ports.d.ts.map +1 -0
  75. package/dist/composite/scan-ports.js +79 -0
  76. package/dist/composite/scan-ports.js.map +1 -0
  77. package/dist/composite/scan-services.d.ts +3 -0
  78. package/dist/composite/scan-services.d.ts.map +1 -0
  79. package/dist/composite/scan-services.js +111 -0
  80. package/dist/composite/scan-services.js.map +1 -0
  81. package/dist/composite/scan-tls.d.ts +3 -0
  82. package/dist/composite/scan-tls.d.ts.map +1 -0
  83. package/dist/composite/scan-tls.js +32 -0
  84. package/dist/composite/scan-tls.js.map +1 -0
  85. package/dist/composite/scan-waf.d.ts +3 -0
  86. package/dist/composite/scan-waf.d.ts.map +1 -0
  87. package/dist/composite/scan-waf.js +35 -0
  88. package/dist/composite/scan-waf.js.map +1 -0
  89. package/dist/correlation/index.d.ts +3 -0
  90. package/dist/correlation/index.d.ts.map +1 -0
  91. package/dist/correlation/index.js +1044 -0
  92. package/dist/correlation/index.js.map +1 -0
  93. package/dist/data/analytics-patterns.d.ts +21 -0
  94. package/dist/data/analytics-patterns.d.ts.map +1 -0
  95. package/dist/data/analytics-patterns.js +449 -0
  96. package/dist/data/analytics-patterns.js.map +1 -0
  97. package/dist/data/app-signatures.d.ts +52 -0
  98. package/dist/data/app-signatures.d.ts.map +1 -0
  99. package/dist/data/app-signatures.js +1143 -0
  100. package/dist/data/app-signatures.js.map +1 -0
  101. package/dist/data/c2-signatures.d.ts +54 -0
  102. package/dist/data/c2-signatures.d.ts.map +1 -0
  103. package/dist/data/c2-signatures.js +256 -0
  104. package/dist/data/c2-signatures.js.map +1 -0
  105. package/dist/data/cloud-ranges.d.ts +34 -0
  106. package/dist/data/cloud-ranges.d.ts.map +1 -0
  107. package/dist/data/cloud-ranges.js +628 -0
  108. package/dist/data/cloud-ranges.js.map +1 -0
  109. package/dist/data/cookie-patterns.d.ts +28 -0
  110. package/dist/data/cookie-patterns.d.ts.map +1 -0
  111. package/dist/data/cookie-patterns.js +225 -0
  112. package/dist/data/cookie-patterns.js.map +1 -0
  113. package/dist/data/error-signatures.d.ts +19 -0
  114. package/dist/data/error-signatures.d.ts.map +1 -0
  115. package/dist/data/error-signatures.js +321 -0
  116. package/dist/data/error-signatures.js.map +1 -0
  117. package/dist/data/favicon-hashes.d.ts +25 -0
  118. package/dist/data/favicon-hashes.d.ts.map +1 -0
  119. package/dist/data/favicon-hashes.js +249 -0
  120. package/dist/data/favicon-hashes.js.map +1 -0
  121. package/dist/data/h2-signatures.d.ts +50 -0
  122. package/dist/data/h2-signatures.d.ts.map +1 -0
  123. package/dist/data/h2-signatures.js +211 -0
  124. package/dist/data/h2-signatures.js.map +1 -0
  125. package/dist/data/header-order.d.ts +38 -0
  126. package/dist/data/header-order.d.ts.map +1 -0
  127. package/dist/data/header-order.js +185 -0
  128. package/dist/data/header-order.js.map +1 -0
  129. package/dist/data/jarm-signatures.d.ts +25 -0
  130. package/dist/data/jarm-signatures.d.ts.map +1 -0
  131. package/dist/data/jarm-signatures.js +213 -0
  132. package/dist/data/jarm-signatures.js.map +1 -0
  133. package/dist/data/saas-patterns.d.ts +23 -0
  134. package/dist/data/saas-patterns.d.ts.map +1 -0
  135. package/dist/data/saas-patterns.js +139 -0
  136. package/dist/data/saas-patterns.js.map +1 -0
  137. package/dist/data/sensitive-paths.d.ts +12 -0
  138. package/dist/data/sensitive-paths.d.ts.map +1 -0
  139. package/dist/data/sensitive-paths.js +1539 -0
  140. package/dist/data/sensitive-paths.js.map +1 -0
  141. package/dist/data/service-banners.d.ts +59 -0
  142. package/dist/data/service-banners.d.ts.map +1 -0
  143. package/dist/data/service-banners.js +323 -0
  144. package/dist/data/service-banners.js.map +1 -0
  145. package/dist/data/smtp-signatures.d.ts +12 -0
  146. package/dist/data/smtp-signatures.d.ts.map +1 -0
  147. package/dist/data/smtp-signatures.js +350 -0
  148. package/dist/data/smtp-signatures.js.map +1 -0
  149. package/dist/data/takeover-patterns.d.ts +37 -0
  150. package/dist/data/takeover-patterns.d.ts.map +1 -0
  151. package/dist/data/takeover-patterns.js +249 -0
  152. package/dist/data/takeover-patterns.js.map +1 -0
  153. package/dist/data/tech-patterns.d.ts +44 -0
  154. package/dist/data/tech-patterns.d.ts.map +1 -0
  155. package/dist/data/tech-patterns.js +690 -0
  156. package/dist/data/tech-patterns.js.map +1 -0
  157. package/dist/data/waf-signatures.d.ts +21 -0
  158. package/dist/data/waf-signatures.d.ts.map +1 -0
  159. package/dist/data/waf-signatures.js +318 -0
  160. package/dist/data/waf-signatures.js.map +1 -0
  161. package/dist/dns/index.d.ts +3 -0
  162. package/dist/dns/index.d.ts.map +1 -0
  163. package/dist/dns/index.js +1067 -0
  164. package/dist/dns/index.js.map +1 -0
  165. package/dist/enum/index.d.ts +3 -0
  166. package/dist/enum/index.d.ts.map +1 -0
  167. package/dist/enum/index.js +818 -0
  168. package/dist/enum/index.js.map +1 -0
  169. package/dist/h2/index.d.ts +3 -0
  170. package/dist/h2/index.d.ts.map +1 -0
  171. package/dist/h2/index.js +414 -0
  172. package/dist/h2/index.js.map +1 -0
  173. package/dist/http/index.d.ts +3 -0
  174. package/dist/http/index.d.ts.map +1 -0
  175. package/dist/http/index.js +2444 -0
  176. package/dist/http/index.js.map +1 -0
  177. package/dist/identify/index.d.ts +3 -0
  178. package/dist/identify/index.d.ts.map +1 -0
  179. package/dist/identify/index.js +447 -0
  180. package/dist/identify/index.js.map +1 -0
  181. package/dist/index.d.ts +3 -0
  182. package/dist/index.d.ts.map +1 -0
  183. package/dist/index.js +165 -0
  184. package/dist/index.js.map +1 -0
  185. package/dist/infra/index.d.ts +3 -0
  186. package/dist/infra/index.d.ts.map +1 -0
  187. package/dist/infra/index.js +989 -0
  188. package/dist/infra/index.js.map +1 -0
  189. package/dist/iot/index.d.ts +3 -0
  190. package/dist/iot/index.d.ts.map +1 -0
  191. package/dist/iot/index.js +610 -0
  192. package/dist/iot/index.js.map +1 -0
  193. package/dist/meta/index.d.ts +3 -0
  194. package/dist/meta/index.d.ts.map +1 -0
  195. package/dist/meta/index.js +442 -0
  196. package/dist/meta/index.js.map +1 -0
  197. package/dist/osint/index.d.ts +3 -0
  198. package/dist/osint/index.d.ts.map +1 -0
  199. package/dist/osint/index.js +687 -0
  200. package/dist/osint/index.js.map +1 -0
  201. package/dist/passive/index.d.ts +3 -0
  202. package/dist/passive/index.d.ts.map +1 -0
  203. package/dist/passive/index.js +944 -0
  204. package/dist/passive/index.js.map +1 -0
  205. package/dist/path/index.d.ts +3 -0
  206. package/dist/path/index.d.ts.map +1 -0
  207. package/dist/path/index.js +878 -0
  208. package/dist/path/index.js.map +1 -0
  209. package/dist/protocol/mcp-server.d.ts +4 -0
  210. package/dist/protocol/mcp-server.d.ts.map +1 -0
  211. package/dist/protocol/mcp-server.js +32 -0
  212. package/dist/protocol/mcp-server.js.map +1 -0
  213. package/dist/protocol/tools.d.ts +3 -0
  214. package/dist/protocol/tools.d.ts.map +1 -0
  215. package/dist/protocol/tools.js +5 -0
  216. package/dist/protocol/tools.js.map +1 -0
  217. package/dist/service/index.d.ts +3 -0
  218. package/dist/service/index.d.ts.map +1 -0
  219. package/dist/service/index.js +1053 -0
  220. package/dist/service/index.js.map +1 -0
  221. package/dist/smtp/index.d.ts +3 -0
  222. package/dist/smtp/index.d.ts.map +1 -0
  223. package/dist/smtp/index.js +437 -0
  224. package/dist/smtp/index.js.map +1 -0
  225. package/dist/ssh/index.d.ts +3 -0
  226. package/dist/ssh/index.d.ts.map +1 -0
  227. package/dist/ssh/index.js +676 -0
  228. package/dist/ssh/index.js.map +1 -0
  229. package/dist/tcp/index.d.ts +3 -0
  230. package/dist/tcp/index.d.ts.map +1 -0
  231. package/dist/tcp/index.js +369 -0
  232. package/dist/tcp/index.js.map +1 -0
  233. package/dist/timing/index.d.ts +3 -0
  234. package/dist/timing/index.d.ts.map +1 -0
  235. package/dist/timing/index.js +425 -0
  236. package/dist/timing/index.js.map +1 -0
  237. package/dist/tls/index.d.ts +3 -0
  238. package/dist/tls/index.d.ts.map +1 -0
  239. package/dist/tls/index.js +1332 -0
  240. package/dist/tls/index.js.map +1 -0
  241. package/dist/types/index.d.ts +26 -0
  242. package/dist/types/index.d.ts.map +1 -0
  243. package/dist/types/index.js +8 -0
  244. package/dist/types/index.js.map +1 -0
  245. package/dist/utils/cache.d.ts +11 -0
  246. package/dist/utils/cache.d.ts.map +1 -0
  247. package/dist/utils/cache.js +35 -0
  248. package/dist/utils/cache.js.map +1 -0
  249. package/dist/utils/murmurhash3.d.ts +3 -0
  250. package/dist/utils/murmurhash3.d.ts.map +1 -0
  251. package/dist/utils/murmurhash3.js +57 -0
  252. package/dist/utils/murmurhash3.js.map +1 -0
  253. package/dist/utils/rate-limiter.d.ts +10 -0
  254. package/dist/utils/rate-limiter.d.ts.map +1 -0
  255. package/dist/utils/rate-limiter.js +35 -0
  256. package/dist/utils/rate-limiter.js.map +1 -0
  257. package/dist/utils/require-key.d.ts +2 -0
  258. package/dist/utils/require-key.d.ts.map +1 -0
  259. package/dist/utils/require-key.js +8 -0
  260. package/dist/utils/require-key.js.map +1 -0
  261. package/dist/waf/index.d.ts +3 -0
  262. package/dist/waf/index.d.ts.map +1 -0
  263. package/dist/waf/index.js +767 -0
  264. package/dist/waf/index.js.map +1 -0
  265. package/dist/web/index.d.ts +3 -0
  266. package/dist/web/index.d.ts.map +1 -0
  267. package/dist/web/index.js +1366 -0
  268. package/dist/web/index.js.map +1 -0
  269. package/package.json +66 -0
package/README.bs.md ADDED
@@ -0,0 +1,767 @@
1
+ <p align="center">
2
+ <a href="README.md">English</a> |
3
+ <a href="README.zh.md">简体中文</a> |
4
+ <a href="README.zh-TW.md">繁體中文</a> |
5
+ <a href="README.ko.md">한국어</a> |
6
+ <a href="README.de.md">Deutsch</a> |
7
+ <a href="README.es.md">Español</a> |
8
+ <a href="README.fr.md">Français</a> |
9
+ <a href="README.it.md">Italiano</a> |
10
+ <a href="README.da.md">Dansk</a> |
11
+ <a href="README.ja.md">日本語</a> |
12
+ <a href="README.pl.md">Polski</a> |
13
+ <a href="README.ru.md">Русский</a> |
14
+ <strong>Bosanski</strong> |
15
+ <a href="README.ar.md">العربية</a> |
16
+ <a href="README.no.md">Norsk</a> |
17
+ <a href="README.pt-BR.md">Português (Brasil)</a> |
18
+ <a href="README.th.md">ไทย</a> |
19
+ <a href="README.tr.md">Türkçe</a> |
20
+ <a href="README.uk.md">Українська</a> |
21
+ <a href="README.bn.md">বাংলা</a> |
22
+ <a href="README.el.md">Ελληνικά</a> |
23
+ <a href="README.vi.md">Tiếng Việt</a> |
24
+ <a href="README.hi.md">हिन्दी</a>
25
+ </p>
26
+
27
+ <p align="center">
28
+ <br>
29
+ <picture>
30
+ <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/badchars/fingerprint-mcp/main/.github/banner-dark.svg">
31
+ <source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/badchars/fingerprint-mcp/main/.github/banner-light.svg">
32
+ <img alt="fingerprint-mcp" src="https://raw.githubusercontent.com/badchars/fingerprint-mcp/main/.github/banner-dark.svg" width="700">
33
+ </picture>
34
+ </p>
35
+
36
+ <h3 align="center">Univerzalni digitalni fingerprinting za AI agente.</h3>
37
+
38
+ <p align="center">
39
+ TCP, TLS/SSL, SSH, HTTP, DNS, WAF/CDN, IoT, SMTP, sondiranje servisa, JARM, JA4X, hashiranje favicona, topologija infrastrukture, detekcija C2, OSINT obogacivanje &mdash; ujedinjeni u jednom MCP serveru.<br>
40
+ Vas AI agent dobija <b>fingerprinting punog spektra na zahtjev</b>, a ne 11 nepovezanih CLI alata i rucnu korelaciju.
41
+ </p>
42
+
43
+ <br>
44
+
45
+ <p align="center">
46
+ <a href="#problem">Problem</a> &bull;
47
+ <a href="#po-cemu-se-razlikuje">Po Cemu Se Razlikuje</a> &bull;
48
+ <a href="#brzi-pocetak">Brzi Pocetak</a> &bull;
49
+ <a href="#sta-ai-moze-uraditi">Sta AI Moze Uraditi</a> &bull;
50
+ <a href="#referenca-alata-13-alata-103-tehnike">Alati (13)</a> &bull;
51
+ <a href="#izvori-podataka-21">Izvori Podataka</a> &bull;
52
+ <a href="#arhitektura">Arhitektura</a> &bull;
53
+ <a href="CHANGELOG.md">Changelog</a> &bull;
54
+ <a href="CONTRIBUTING.md">Doprinos</a>
55
+ </p>
56
+
57
+ <p align="center">
58
+ <a href="https://www.npmjs.com/package/fingerprint-mcp"><img src="https://img.shields.io/npm/v/fingerprint-mcp.svg" alt="npm"></a>
59
+ <a href="LICENSE"><img src="https://img.shields.io/badge/license-AGPL--3.0-blue.svg" alt="Licenca"></a>
60
+ <img src="https://img.shields.io/badge/runtime-Bun-f472b6" alt="Bun">
61
+ <img src="https://img.shields.io/badge/protocol-MCP-8b5cf6" alt="MCP">
62
+ <img src="https://img.shields.io/badge/tools-13-ef4444" alt="13 Alata">
63
+ <img src="https://img.shields.io/badge/techniques-103-f97316" alt="103 Tehnike">
64
+ </p>
65
+
66
+ <p align="center">
67
+ <img src="https://raw.githubusercontent.com/badchars/fingerprint-mcp/main/.github/demo.gif" alt="fingerprint-mcp demo" width="800">
68
+ </p>
69
+
70
+ ---
71
+
72
+ ## Problem
73
+
74
+ Fingerprinting servera danas znaci zongliranje s tucetom nepovezanih alata. Pokrecete `nmap` za skeniranje portova, `testssl.sh` za analizu certifikata, `curl -I` za HTTP zaglavlja, `dig` za DNS, `wafw00f` za detekciju WAF-a, `ssh-audit` za SSH, poseban JARM alat, Wappalyzer za detekciju tehnologija &mdash; a zatim provedete 30 minuta rucno ukrstajuci sve u tabeli da biste shvatili sta zapravo radi.
75
+
76
+ ```
77
+ Tradicionalni tok rada fingerprintinga:
78
+ analiza TLS certifikata -> testssl.sh / openssl s_client
79
+ dohvatanje HTTP zaglavlja -> curl -I
80
+ detekcija web tehnologija -> wappalyzer CLI
81
+ DNS izvidanje -> dig / nslookup / dnsenum
82
+ skeniranje portova -> nmap -sV
83
+ detekcija WAF-a -> wafw00f
84
+ SSH revizija -> ssh-audit
85
+ fingerprinting servisa -> nmap scripts
86
+ JARM fingerprint -> jarm (poseban alat)
87
+ provjera OSINT baza -> shodan CLI, censys CLI
88
+ korelacija svega -> rucno u tabeli
89
+ ──────────────────────────────
90
+ Ukupno: 11 alata, 30+ minuta, rucna korelacija
91
+ ```
92
+
93
+ **fingerprint-mcp** daje vasem AI agentu 13 kompozitnih alata koji obuhvataju 103 tehnike fingerprintinga kroz 21 provajdera putem [Model Context Protocol](https://modelcontextprotocol.io)-a. Agent pokrece viseslojni fingerprinting paralelno, korelira signale kroz TCP/TLS/HTTP/DNS/SSH slojeve, detektuje honeypotove i C2 infrastrukturu i predstavlja objedinjenu obavjestajnu sliku &mdash; u jednom razgovoru.
94
+
95
+ ```
96
+ Sa fingerprint-mcp:
97
+ Vi: "Uradi duboko izvidanje na target.com"
98
+
99
+ Agent: -> recon {url: "https://target.com", depth: "deep"}
100
+
101
+ -> TLS: nginx/1.24.0 putem JARM (3fd21b20d00000...),
102
+ Let's Encrypt certifikat, 2 SAN-a, TLS 1.2+1.3
103
+ -> HTTP: Express.js iza Cloudflare WAF-a,
104
+ React SPA, Google Analytics, 14 sigurnosnih zaglavlja analizirano
105
+ -> DNS: A/AAAA/MX/TXT zapisi, SPF/DKIM/DMARC konfigurirani,
106
+ Slack + Google Workspace detektovani putem CNAME/MX
107
+ -> Portovi: 80, 443, 22 (OpenSSH 9.6), 8080 (razvojni server)
108
+ -> WAF: Cloudflare detektovan, izvorni IP otkriven putem direktne veze
109
+ -> Enumeracija: 12 poddomena putem CT logova, wildcard DNS detektovan
110
+ -> "target.com pokrece nginx/1.24.0 sa Express.js iza
111
+ Cloudflare WAF-a. Izvorni IP 203.0.113.42 izlozen na portu 8080.
112
+ TLS je pravilno konfiguriran (ekvivalent A+), ali razvojni server
113
+ na 8080 nema WAF zastitu. 3 poddomena pokazuju na
114
+ dekomisioniranu infrastrukturu — potencijalni rizik od preuzimanja."
115
+ ```
116
+
117
+ ---
118
+
119
+ ## Po Cemu Se Razlikuje
120
+
121
+ Postojeci alati vam daju sirove podatke jedan sloj u isto vrijeme. fingerprint-mcp daje vasem AI agentu sposobnost da **razmislja preko svih slojeva fingerprintinga istovremeno**.
122
+
123
+ <table>
124
+ <thead>
125
+ <tr>
126
+ <th></th>
127
+ <th>Tradicionalni Pristup</th>
128
+ <th>fingerprint-mcp</th>
129
+ </tr>
130
+ </thead>
131
+ <tbody>
132
+ <tr>
133
+ <td><b>Interfejs</b></td>
134
+ <td>11 razlicitih CLI alata sa razlicitim formatima izlaza</td>
135
+ <td>MCP &mdash; AI agent poziva alate konverzacijski</td>
136
+ </tr>
137
+ <tr>
138
+ <td><b>Tehnike</b></td>
139
+ <td>Jedan alat, jedan sloj u isto vrijeme</td>
140
+ <td>103 tehnike kroz 21 provajdera, pokrenute paralelno</td>
141
+ </tr>
142
+ <tr>
143
+ <td><b>TLS analiza</b></td>
144
+ <td>Izlaz testssl.sh, rucno parsiranje JARM-a posebno</td>
145
+ <td>Agent kombinuje certifikat + JARM + JA4X + sifar-skupove + SNI + CT logove u jednom pozivu</td>
146
+ </tr>
147
+ <tr>
148
+ <td><b>Korelacija</b></td>
149
+ <td>Kopiraj-zalijepi rezultate u tabelu</td>
150
+ <td>Agent ukrsteno korelira: "JARM odgovara poznatom C2 okviru, HTTP tajming potvrdjuje honeypot"</td>
151
+ </tr>
152
+ <tr>
153
+ <td><b>WAF zaobilazenje</b></td>
154
+ <td>wafw00f detektuje WAF, vi rucno trazite izvor</td>
155
+ <td>Agent detektuje WAF, otkriva izvorni IP i verifikuje da servira isti sadrzaj</td>
156
+ </tr>
157
+ <tr>
158
+ <td><b>API kljucevi</b></td>
159
+ <td>Potrebni za Shodan, Censys itd.</td>
160
+ <td>80+ aktivnih tehnika radi bez ikakvih API kljuceva; kljucevi otkljucavaju OSINT obogacivanje</td>
161
+ </tr>
162
+ <tr>
163
+ <td><b>Podesavanje</b></td>
164
+ <td>Instalirajte nmap, testssl, wafw00f, ssh-audit, jarm, wappalyzer...</td>
165
+ <td><code>npx fingerprint-mcp</code> &mdash; jedna komanda, nula konfiguracije</td>
166
+ </tr>
167
+ </tbody>
168
+ </table>
169
+
170
+ ---
171
+
172
+ ## Brzi Pocetak
173
+
174
+ ### Opcija 1: npx (bez instalacije)
175
+
176
+ ```bash
177
+ npx fingerprint-mcp
178
+ ```
179
+
180
+ Svih 80+ aktivnih tehnika fingerprintinga radi odmah. API kljucevi nisu potrebni za TCP, TLS, SSH, HTTP, DNS, WAF, putanje, servise, tajming, IoT, SMTP i fingerprinting aplikacija.
181
+
182
+ ### Opcija 2: Kloniranje
183
+
184
+ ```bash
185
+ git clone https://github.com/badchars/fingerprint-mcp.git
186
+ cd fingerprint-mcp
187
+ bun install
188
+ ```
189
+
190
+ ### Varijable okruzenja (opcione)
191
+
192
+ ```bash
193
+ # OSINT obogacivanje (sve opcione — aktivni fingerprinting radi bez ikakvih kljuceva)
194
+ export SHODAN_API_KEY=your-key # Omogucava osint_shodan, ssh_hostkey_lookup
195
+ export CENSYS_API_ID=your-id # Omogucava osint_censys (besplatno: 250 upita/mjesec)
196
+ export CENSYS_API_SECRET=your-secret # Censys API tajni kljuc
197
+ export SECURITYTRAILS_API_KEY=your-key # Omogucava waf_origin, enum_passive_dns
198
+ export VIRUSTOTAL_API_KEY=your-key # Omogucava osint_virustotal (besplatno: 500 upita/dan)
199
+ ```
200
+
201
+ Svi API kljucevi su opcioni. Bez njih i dalje dobijate puni TCP/TLS/SSH/HTTP/DNS/WAF/putanja/servis/tajming/IoT/SMTP/infrastruktura/aplikacija fingerprinting, korelaciju, pasivnu analizu, enumeraciju i meta alate &mdash; 80+ tehnika koje rade direktnim sondiranjem cilja.
202
+
203
+ ### Povezivanje sa AI agentom
204
+
205
+ <details open>
206
+ <summary><b>Claude Code</b></summary>
207
+
208
+ ```bash
209
+ # Sa npx
210
+ claude mcp add fingerprint-mcp -- npx fingerprint-mcp
211
+
212
+ # Sa lokalnim klonom
213
+ claude mcp add fingerprint-mcp -- bun run /path/to/fingerprint-mcp/src/index.ts
214
+ ```
215
+
216
+ </details>
217
+
218
+ <details>
219
+ <summary><b>Claude Desktop</b></summary>
220
+
221
+ Dodajte u `~/Library/Application Support/Claude/claude_desktop_config.json`:
222
+
223
+ ```json
224
+ {
225
+ "mcpServers": {
226
+ "fingerprint": {
227
+ "command": "npx",
228
+ "args": ["-y", "fingerprint-mcp"],
229
+ "env": {
230
+ "SHODAN_API_KEY": "optional",
231
+ "CENSYS_API_ID": "optional",
232
+ "CENSYS_API_SECRET": "optional",
233
+ "SECURITYTRAILS_API_KEY": "optional",
234
+ "VIRUSTOTAL_API_KEY": "optional"
235
+ }
236
+ }
237
+ }
238
+ }
239
+ ```
240
+
241
+ </details>
242
+
243
+ <details>
244
+ <summary><b>Cursor / Windsurf / drugi MCP klijenti</b></summary>
245
+
246
+ Isti JSON format konfiguracije. Usmjerite komandu na `npx fingerprint-mcp` ili putanju vase lokalne instalacije.
247
+
248
+ </details>
249
+
250
+ ### Pocnite sa upitima
251
+
252
+ ```
253
+ Vi: "Fingerprintuj sve o target.com — TLS, HTTP stek, WAF, DNS, otvorene portove"
254
+ ```
255
+
256
+ To je to. Agent automatski upravlja viseslojnim fingerprintingom, korelacijom signala i analizom infrastrukture.
257
+
258
+ ---
259
+
260
+ ## Sta AI Moze Uraditi
261
+
262
+ ### Brzo Izvidanje
263
+
264
+ ```
265
+ Vi: "Brzo izvidanje target.com"
266
+
267
+ Agent: -> recon {url: "https://target.com", depth: "quick"}
268
+
269
+ -> TCP: portovi 80, 443, 22 otvoreni
270
+ -> TLS: Let's Encrypt RSA certifikat, TLS 1.2+1.3, nginx JARM potpis
271
+ -> HTTP: nginx/1.24.0, Express.js, React, Cloudflare CDN
272
+ -> DNS: A 203.0.113.42, MX Google Workspace, SPF/DKIM konfigurirani
273
+ -> WAF: Cloudflare detektovan (cf-ray zaglavlje)
274
+ -> "target.com je React SPA na Express.js iza nginx/1.24.0,
275
+ serviran kroz Cloudflare CDN. TLS pravilno konfiguriran sa
276
+ Let's Encrypt. SSH na portu 22 pokrece OpenSSH 9.6. E-mail
277
+ upravlja Google Workspace sa punim SPF/DKIM/DMARC."
278
+ ```
279
+
280
+ ### Dubinska TLS Istraga
281
+
282
+ ```
283
+ Vi: "Analiziraj detaljno TLS konfiguraciju suspicious-server.com"
284
+
285
+ Agent: -> scan_tls {host: "suspicious-server.com"}
286
+
287
+ -> Certifikat: samopotpisan, CN=localhost, istekao prije 47 dana
288
+ -> JARM: 2ad2ad0002ad2ad00042d42d00000069d641f34fe76acdc05c40262f8815e5
289
+ (odgovara zadanom profilu Cobalt Strike)
290
+ -> JA4X: fingerprint odgovara poznatom obrascu C2 okvira
291
+ -> Sifar-skupovi: prihvata slabe sifre (RC4, 3DES)
292
+ -> SNI: odgovara identicno na bilo koju SNI vrijednost
293
+ -> CT logovi: certifikat nije evidentiran (nije javno pouzdan)
294
+ -> "VISOK RIZIK: TLS konfiguracija snazno ukazuje na C2 infrastrukturu.
295
+ Samopotpisan istekli certifikat, JARM fingerprint odgovara Cobalt Strike,
296
+ prihvata slabe sifre i odgovara na proizvoljne SNI vrijednosti.
297
+ Preporucuje se hitna istraga i blokiranje."
298
+ ```
299
+
300
+ ### WAF Zaobilazenje i Otkrivanje Izvora
301
+
302
+ ```
303
+ Vi: "target.com je iza WAF-a. Mozes li pronaci izvorni server?"
304
+
305
+ Agent: -> scan_waf {url: "https://target.com"}
306
+ -> scan_dns {domain: "target.com"}
307
+ -> enumerate {domain: "target.com"}
308
+
309
+ -> WAF: Cloudflare (AS13335), stranica izazova na sumnjive zahtjeve
310
+ -> DNS: A zapis pokazuje na Cloudflare IP 104.21.x.x
311
+ -> Poddomene: dev.target.com razrjesava na 203.0.113.42 (ne-Cloudflare)
312
+ -> Direktna veza na 203.0.113.42:443 vraca isti TLS certifikat
313
+ -> SecurityTrails historija: izvor je bio 203.0.113.42 prije Cloudflarea
314
+ -> "Izvorni IP pronadjen: 203.0.113.42. Otkriven putem poddomene
315
+ dev.target.com koja zaobilazi Cloudflare. Izvor servira isti
316
+ TLS certifikat i odgovara na target.com Host zaglavlje.
317
+ Izvor nema WAF zastitu — moguc direktan pristup."
318
+ ```
319
+
320
+ ### Otkrivanje Servisa na Hostu
321
+
322
+ ```
323
+ Vi: "Koji servisi rade na 10.0.1.50?"
324
+
325
+ Agent: -> scan_ports {host: "10.0.1.50"}
326
+ -> scan_services {host: "10.0.1.50", ports: [22, 80, 3306, 5432, 6379, 8080]}
327
+
328
+ -> Port 22: OpenSSH 8.9p1 Ubuntu, ED25519 kljuc hosta
329
+ -> Port 80: Apache/2.4.57, PHP/8.2, WordPress 6.4
330
+ -> Port 3306: MySQL 8.0.36, potrebna autentifikacija
331
+ -> Port 5432: PostgreSQL 16.1, potreban SSL
332
+ -> Port 6379: Redis 7.2.4, BEZ autentifikacije (otvoren)
333
+ -> Port 8080: Node.js Express razvojni server, CORS: *
334
+ -> "KRITICNO: Redis na portu 6379 nema autentifikaciju — bilo ko na
335
+ mrezi moze citati/pisati podatke. Express razvojni server na 8080
336
+ ima wildcard CORS. MySQL i PostgreSQL pravilno zahtijevaju autentifikaciju.
337
+ WordPress zaostaje za 2 manje verzije. Hitna akcija potrebna
338
+ za Redis i izlozenost razvojnog servera."
339
+ ```
340
+
341
+ ---
342
+
343
+ ## Referenca Alata (13 alata, 103 tehnike)
344
+
345
+ <details open>
346
+ <summary><b>recon &mdash; Puno izvidanje sa odabirom tehnika baziranim na dubini</b></summary>
347
+
348
+ | Parametar | Tip | Opis |
349
+ |-----------|-----|------|
350
+ | `url` | string | Ciljni URL za fingerprinting |
351
+ | `depth` | `quick` \| `standard` \| `deep` | Dubina skeniranja: quick=5 tehnika, standard=20, deep=50+ |
352
+
353
+ Orkestrira tehnike svih provajdera na osnovu nivoa dubine. Brzi rezim daje brzi pregled; duboki rezim pokrece iscrpni fingerprinting ukljucujuci enumeraciju, OSINT i korelaciju.
354
+
355
+ </details>
356
+
357
+ <details>
358
+ <summary><b>scan_ports &mdash; TCP skeniranje portova sa detekcijom servisa (3 tehnike)</b></summary>
359
+
360
+ | Parametar | Tip | Opis |
361
+ |-----------|-----|------|
362
+ | `host` | string | Ciljni host (IP ili domena) |
363
+ | `ports` | number[] | Opciono &mdash; specificni portovi za skeniranje (podrazumijevano: uobicajeni portovi) |
364
+
365
+ | Tehnika | Opis |
366
+ |---------|------|
367
+ | `tcp_probe` | TCP connect skeniranje za detekciju otvorenih portova |
368
+ | `tcp_banner` | Dohvatanje banera na otvorenim portovima za identifikaciju servisa |
369
+ | `tcp_analysis` | Analiza kombinacija portova i zakljucivanje o servisima |
370
+
371
+ </details>
372
+
373
+ <details>
374
+ <summary><b>scan_tls &mdash; Kompletna TLS/SSL analiza (8 tehnika)</b></summary>
375
+
376
+ | Parametar | Tip | Opis |
377
+ |-----------|-----|------|
378
+ | `host` | string | Ciljni host (IP ili domena) |
379
+ | `port` | number | Opciono &mdash; TLS port (podrazumijevano: 443) |
380
+
381
+ | Tehnika | Opis |
382
+ |---------|------|
383
+ | `tls_certificate` | Parsiranje X.509 certifikata &mdash; subjekt, izdavac, SAN-ovi, valjanost, lanac |
384
+ | `tls_jarm` | JARM aktivni fingerprinting &mdash; 10 TLS Client Hello sondi, 62-znakovni hash |
385
+ | `tls_ja4x` | JA4X pasivni TLS fingerprinting iz svojstava certifikata |
386
+ | `tls_ciphers` | Enumeracija sifar-skupova i analiza jacine |
387
+ | `tls_protocols` | Detekcija podrzanih verzija TLS protokola (SSLv3 do TLS 1.3) |
388
+ | `tls_sni` | Testiranje ponasanja SNI &mdash; podrazumijevani certifikat vs. zatrazeno ime hosta |
389
+ | `tls_ct_logs` | Pretraga Certificate Transparency logova putem crt.sh |
390
+ | `tls_ocsp` | Provjera OCSP staplinga i statusa opoziva |
391
+
392
+ </details>
393
+
394
+ <details>
395
+ <summary><b>scan_dns &mdash; DNS obavjestajni rad (7 tehnika)</b></summary>
396
+
397
+ | Parametar | Tip | Opis |
398
+ |-----------|-----|------|
399
+ | `domain` | string | Ciljna domena |
400
+
401
+ | Tehnika | Opis |
402
+ |---------|------|
403
+ | `dns_records` | Potpuna enumeracija zapisa &mdash; A, AAAA, MX, NS, TXT, CNAME, SOA |
404
+ | `dns_email_auth` | Analiza SPF, DKIM i DMARC zapisa |
405
+ | `dns_saas` | Detekcija SaaS/servisa putem CNAME i MX obrazaca (Slack, Zendesk itd.) |
406
+ | `dns_server` | Fingerprinting DNS servera (BIND, PowerDNS, Cloudflare itd.) |
407
+ | `dns_takeover` | Detekcija preuzimanja poddomene putem analize visecih CNAME-ova |
408
+ | `dns_zone` | Pokusaj prijenosa zone (AXFR) |
409
+ | `dns_caa` | Analiza CAA zapisa za ogranicenja certifikacijskih tijela |
410
+
411
+ </details>
412
+
413
+ <details>
414
+ <summary><b>scan_http &mdash; HTTP/web fingerprinting (29 tehnika)</b></summary>
415
+
416
+ | Parametar | Tip | Opis |
417
+ |-----------|-----|------|
418
+ | `url` | string | Ciljni URL |
419
+
420
+ | Tehnika | Provajder | Opis |
421
+ |---------|-----------|------|
422
+ | `http_headers` | HTTP | Analiza zaglavlja odgovora i identifikacija servera |
423
+ | `http_header_order` | HTTP | Fingerprint redoslijeda zaglavlja (potpis serverskog softvera) |
424
+ | `http_security_headers` | HTTP | Revizija sigurnosnih zaglavlja (CSP, HSTS, X-Frame-Options itd.) |
425
+ | `http_cookies` | HTTP | Analiza kolacica &mdash; zastave, prefiksi, detekcija okvira |
426
+ | `http_methods` | HTTP | Enumeracija dozvoljenih HTTP metoda (OPTIONS) |
427
+ | `http_cors` | HTTP | Analiza CORS politike i detekcija pogresne konfiguracije |
428
+ | `http_compression` | HTTP | Podrzani algoritmi kompresije (gzip, br, zstd) |
429
+ | `http_caching` | HTTP | Analiza zaglavlja kesiranja (detekcija CDN-a, reverse proxyja) |
430
+ | `http_etag` | HTTP | Analiza formata ETag-a za identifikaciju backenda |
431
+ | `http_error` | HTTP | Fingerprinting stranica gresaka (prilagodene vs. podrazumijevane stranice gresaka) |
432
+ | `http_redirect` | HTTP | Analiza lanca preusmjeravanja |
433
+ | `http_timing` | HTTP | Bazno vrijeme odgovora za profiliranje performansi servera |
434
+ | `http_favicon` | HTTP | Hash favicona (MurmurHash3) za identifikaciju tehnologija |
435
+ | `http_robots` | HTTP | Parsiranje robots.txt i ekstrakcija zabranjenih putanja |
436
+ | `http_sitemap` | HTTP | Otkrivanje mape sajta i ekstrakcija URL-ova |
437
+ | `http_wellknown` | HTTP | Otkrivanje .well-known krajnjih tacaka (security.txt, openid itd.) |
438
+ | `web_tech` | Web | Detekcija tehnologija putem HTML/JS/CSS obrazaca |
439
+ | `web_analytics` | Web | Detekcija servisa analitike i pracenja |
440
+ | `web_sourcemaps` | Web | Otkrivanje source map fajlova |
441
+ | `web_websocket` | Web | Detekcija WebSocket krajnjih tacaka |
442
+ | `web_graphql` | Web | Detekcija GraphQL krajnjih tacaka i introspekcija |
443
+ | `web_spa` | Web | Detekcija okvira jednostranicnih aplikacija |
444
+ | `web_cdn` | Web | Detekcija CDN-a putem zaglavlja odgovora i DNS-a |
445
+ | `web_meta` | Web | Analiza HTML meta tagova (generator, naznake okvira) |
446
+ | `web_feed` | Web | Otkrivanje RSS/Atom feedova |
447
+ | `h2_detect` | HTTP/2 | Detekcija podrske HTTP/2 protokola |
448
+ | `h2_fingerprint` | HTTP/2 | Fingerprinting HTTP/2 servera (SETTINGS, WINDOW_UPDATE) |
449
+ | `h2_h3` | HTTP/2 | Detekcija podrske HTTP/3 (QUIC) putem Alt-Svc zaglavlja |
450
+ | `app_cms` | Application | Detekcija CMS-a (WordPress, Drupal, Joomla itd.) |
451
+
452
+ </details>
453
+
454
+ <details>
455
+ <summary><b>scan_paths &mdash; Obavjestajni rad o putanjama (5 tehnika)</b></summary>
456
+
457
+ | Parametar | Tip | Opis |
458
+ |-----------|-----|------|
459
+ | `url` | string | Ciljni URL |
460
+ | `categories` | string[] | Opciono &mdash; kategorije za provjeru (sensitive, git, debug, api, config) |
461
+
462
+ | Tehnika | Opis |
463
+ |---------|------|
464
+ | `path_sensitive` | Otkrivanje osjetljivih fajlova (sigurnosne kopije, konfiguracijski fajlovi, dumpovi baza podataka) |
465
+ | `path_robots` | Analiza robots.txt i sitemap.xml za skrivene putanje |
466
+ | `path_git` | Detekcija curenja Git repozitorija (.git/HEAD, .git/config) |
467
+ | `path_debug` | Otkrivanje debug krajnjih tacaka (phpinfo, server-status, debug konzole) |
468
+ | `path_api` | Otkrivanje verzija API-ja i krajnjih tacaka dokumentacije |
469
+
470
+ </details>
471
+
472
+ <details>
473
+ <summary><b>scan_waf &mdash; Detekcija i fingerprinting WAF/CDN (4 tehnike)</b></summary>
474
+
475
+ | Parametar | Tip | Opis |
476
+ |-----------|-----|------|
477
+ | `url` | string | Ciljni URL |
478
+
479
+ | Tehnika | Opis |
480
+ |---------|------|
481
+ | `waf_detect` | Detekcija prisustva WAF-a putem analize zaglavlja odgovora i ponasanja |
482
+ | `waf_cdn` | Identifikacija CDN provajdera (Cloudflare, Akamai, Fastly itd.) |
483
+ | `waf_fingerprint` | Identifikacija WAF proizvoda i detekcija verzije |
484
+ | `waf_origin` | Otkrivanje izvornog IP-a iza WAF/CDN (zahtijeva `SECURITYTRAILS_API_KEY`) |
485
+
486
+ </details>
487
+
488
+ <details>
489
+ <summary><b>scan_services &mdash; Sondiranje na nivou servisa (12 tehnika)</b></summary>
490
+
491
+ | Parametar | Tip | Opis |
492
+ |-----------|-----|------|
493
+ | `host` | string | Ciljni host (IP ili domena) |
494
+ | `ports` | number[] | Opciono &mdash; specificni portovi za sondiranje |
495
+ | `service` | string | Opciono &mdash; specifican servis za sondiranje (mysql, postgres, redis, ftp, ssh, smtp, vnc, iot) |
496
+
497
+ | Tehnika | Provajder | Opis |
498
+ |---------|-----------|------|
499
+ | `ssh_probe` | SSH | Detekcija verzije SSH protokola i softvera |
500
+ | `ssh_algorithms` | SSH | Revizija SSH algoritama (KEX, sifre, MAC-ovi, tipovi kljuca hosta) |
501
+ | `ssh_hostkey_lookup` | SSH | Pretraga SSH kljuca hosta putem Shodana (zahtijeva `SHODAN_API_KEY`) |
502
+ | `svc_mysql` | Service | Detekcija verzije MySQL-a i fingerprinting mogucnosti |
503
+ | `svc_postgres` | Service | Detekcija verzije PostgreSQL-a i provjera podrske za SSL |
504
+ | `svc_redis` | Service | Detekcija verzije Redisa i status autentifikacije |
505
+ | `svc_ftp` | Service | Analiza FTP banera i provjera anonimne prijave |
506
+ | `svc_vnc_rdp` | Service | Detekcija VNC/RDP servisa i procjena sigurnosti |
507
+ | `smtp_banner` | SMTP | Analiza SMTP banera i identifikacija MTA |
508
+ | `smtp_starttls` | SMTP | Podrska SMTP STARTTLS i inspekcija certifikata |
509
+ | `iot_detect` | IoT | Detekcija IoT uredjaja putem obrazaca banera i podrazumijevanih stranica |
510
+ | `iot_upnp` | IoT | Otkrivanje UPnP/SSDP uredjaja na lokalnoj mrezi |
511
+
512
+ </details>
513
+
514
+ <details>
515
+ <summary><b>enumerate &mdash; Prosirenje obima (8 tehnika)</b></summary>
516
+
517
+ | Parametar | Tip | Opis |
518
+ |-----------|-----|------|
519
+ | `domain` | string | Ciljna domena |
520
+
521
+ | Tehnika | Opis |
522
+ |---------|------|
523
+ | `enum_subdomains` | Enumeracija poddomena putem visestrukih metoda |
524
+ | `enum_wildcard` | Detekcija wildcard DNS-a |
525
+ | `enum_tld` | Prosirenje TLD-a (target.com -> target.net, target.org itd.) |
526
+ | `enum_related` | Otkrivanje povezanih domena putem dijeljene infrastrukture |
527
+ | `enum_asn` | Otkrivanje ASN susjeda &mdash; druge domene na istoj mrezi |
528
+ | `enum_ct` | Ekstrakcija poddomena iz Certificate Transparency logova |
529
+ | `enum_passive_dns` | Historija pasivnog DNS-a (zahtijeva `SECURITYTRAILS_API_KEY`) |
530
+ | `enum_scope` | Sazetak obima i pregled povrsine napada |
531
+
532
+ </details>
533
+
534
+ <details>
535
+ <summary><b>osint &mdash; OSINT obogacivanje (6 tehnika)</b></summary>
536
+
537
+ | Parametar | Tip | Opis |
538
+ |-----------|-----|------|
539
+ | `target` | string | IP adresa ili domena za obogacivanje |
540
+ | `type` | `ip` \| `domain` | Opciono &mdash; tip cilja (automatski detektovan ako je izostavljen) |
541
+
542
+ | Tehnika | Auth | Opis |
543
+ |---------|------|------|
544
+ | `osint_shodan` | `SHODAN_API_KEY` | Shodan pretraga hosta &mdash; otvoreni portovi, baneri, ranjivosti, OS |
545
+ | `osint_censys` | `CENSYS_API_ID` + `CENSYS_API_SECRET` | Censys podaci hosta &mdash; servisi, TLS, autonomni sistem |
546
+ | `osint_reverse_ip` | Nema | Obrnuta IP pretraga &mdash; druge domene na istom IP-u |
547
+ | `osint_whois` | Nema | WHOIS registracijski podaci &mdash; registrar, datumi, nameserveri |
548
+ | `osint_webarchive` | Nema | Web Archive historija &mdash; prvi/zadnji snimak, ucestalost promjena |
549
+ | `osint_virustotal` | `VIRUSTOTAL_API_KEY` | VirusTotal izvjestaj domena/IP &mdash; detekcije, kategorije, DNS |
550
+
551
+ </details>
552
+
553
+ <details>
554
+ <summary><b>analyze &mdash; Pasivna analiza fingerprinta (3 rezima)</b></summary>
555
+
556
+ | Parametar | Tip | Opis |
557
+ |-----------|-----|------|
558
+ | `type` | `headers` \| `html` \| `banner` | Tip podataka za analizu |
559
+ | `data` | string | Sirovi podaci za analizu (zalijepite zaglavlja, HTML ili izlaz banera) |
560
+
561
+ | Rezim | Opis |
562
+ |-------|------|
563
+ | `fp_analyze_headers` | Pasivna analiza HTTP zaglavlja &mdash; detekcija servera, okvira, proxyja bez slanja prometa |
564
+ | `fp_analyze_html` | Pasivna HTML analiza &mdash; detekcija tehnologija, identifikacija okvira iz izvornog koda |
565
+ | `fp_analyze_banner` | Pasivna analiza banera &mdash; identifikacija servisa iz sirovog teksta banera |
566
+
567
+ </details>
568
+
569
+ <details>
570
+ <summary><b>correlate &mdash; Motor za korelaciju visestrukih signala (7 rezima)</b></summary>
571
+
572
+ | Parametar | Tip | Opis |
573
+ |-----------|-----|------|
574
+ | `type` | `consistency` \| `honeypot` \| `spoofing` \| `compare` \| `topology` \| `c2` \| `identify` | Rezim korelacije |
575
+ | `signals` | object | Signali fingerprinta za korelaciju (variraju prema rezimu) |
576
+
577
+ | Rezim | Opis |
578
+ |-------|------|
579
+ | `fp_consistency` | Provjera konzistentnosti medjuslojnih signala &mdash; slazu li se TCP, TLS, HTTP i DNS fingerprintovi? |
580
+ | `fp_honeypot` | Detekcija honeypota &mdash; provjera nemogucih kombinacija servisa i anomalija ponasanja |
581
+ | `fp_spoofing` | Detekcija spoofinga &mdash; identificiranje neslaganja zaglavlja servera vs. stvarnog ponasanja |
582
+ | `fp_compare` | Usporedba profila fingerprinta dva hosta jedan pored drugog |
583
+ | `fp_topology` | Mapiranje topologije infrastrukture &mdash; CDN, load balancer, lanac reverse proxyja |
584
+ | `fp_c2` | Detekcija C2 okvira putem JARM, TLS, HTTP i korelacije tajminga |
585
+ | `fp_identify` | Identifikacija bazirana na hashovima prema bazi poznatih potpisa |
586
+
587
+ </details>
588
+
589
+ <details>
590
+ <summary><b>meta &mdash; Konfiguracija servera i podaci (3 rezima)</b></summary>
591
+
592
+ | Parametar | Tip | Opis |
593
+ |-----------|-----|------|
594
+ | `category` | string | Opciono &mdash; filtrirajte po kategoriji |
595
+
596
+ | Rezim | Opis |
597
+ |-------|------|
598
+ | `fp_sources` | Lista svih dostupnih izvora podataka sa konfiguracijom i statusom API kljuceva |
599
+ | `fp_config` | Konfiguracija servera &mdash; verzija, ucitani provajderi, broj tehnika |
600
+ | `fp_signatures` | Lista baze potpisa &mdash; JARM, baner, WAF, potpisi aplikacija |
601
+
602
+ </details>
603
+
604
+ ---
605
+
606
+ ### CLI Koristenje
607
+
608
+ ```bash
609
+ # Listajte sve dostupne alate i tehnike
610
+ npx fingerprint-mcp --list
611
+
612
+ # Pokrenite bilo koji alat direktno
613
+ npx fingerprint-mcp --tool recon '{"url":"https://example.com","depth":"quick"}'
614
+ npx fingerprint-mcp --tool scan_tls '{"host":"example.com"}'
615
+ npx fingerprint-mcp --tool scan_ports '{"host":"10.0.1.50","ports":[22,80,443,3306,8080]}'
616
+ npx fingerprint-mcp --tool scan_dns '{"domain":"example.com"}'
617
+ npx fingerprint-mcp --tool scan_http '{"url":"https://example.com"}'
618
+ npx fingerprint-mcp --tool scan_waf '{"url":"https://example.com"}'
619
+ npx fingerprint-mcp --tool scan_services '{"host":"10.0.1.50","service":"redis"}'
620
+ npx fingerprint-mcp --tool enumerate '{"domain":"example.com"}'
621
+ npx fingerprint-mcp --tool analyze '{"type":"headers","data":"Server: nginx/1.24.0\nX-Powered-By: Express"}'
622
+ npx fingerprint-mcp --tool correlate '{"type":"honeypot","signals":{"jarm":"...","banner":"..."}}'
623
+ npx fingerprint-mcp --tool meta '{}'
624
+
625
+ # OSINT alati (zahtijevaju API kljuceve)
626
+ SHODAN_API_KEY=your-key npx fingerprint-mcp --tool osint '{"target":"203.0.113.42","type":"ip"}'
627
+ ```
628
+
629
+ ---
630
+
631
+ ## Izvori Podataka (21)
632
+
633
+ | Izvor | Auth | Sta pruza |
634
+ |-------|------|-----------|
635
+ | TCP sondiranje | Nema | Skeniranje portova, dohvatanje banera, detekcija servisa |
636
+ | TLS/SSL analiza | Nema | Parsiranje certifikata, JARM fingerprinting, JA4X, enumeracija sifara, SNI testiranje |
637
+ | SSH sondiranje | Nema | Verzija protokola, revizija algoritama, detekcija softvera |
638
+ | HTTP analiza | Nema | Fingerprinting zaglavlja, hashiranje favicona, analiza kolacica, enumeracija metoda, CORS |
639
+ | Web detekcija | Nema | Detekcija tehnologija, analitika, source mape, WebSocket, GraphQL, SPA okviri |
640
+ | Otkrivanje putanja | Nema | Osjetljivi fajlovi, curenje gita, debug krajnje tacke, API verzije, robots.txt |
641
+ | DNS razrjesavanje | Nema | Enumeracija zapisa, analiza autentifikacije e-maila, detekcija SaaS-a, fingerprinting servera |
642
+ | WAF/CDN detekcija | Nema | Identifikacija WAF-a, detekcija CDN-a, fingerprinting WAF-a |
643
+ | Analiza tajminga | Nema | Bazno vrijeme odgovora, detekcija odstupanja sata |
644
+ | HTTP/2 i HTTP/3 | Nema | Detekcija i fingerprinting HTTP/2, otkrivanje HTTP/3 Alt-Svc |
645
+ | SMTP sondiranje | Nema | Analiza SMTP banera, inspekcija STARTTLS |
646
+ | IoT/Embedded | Nema | Detekcija IoT uredjaja, otkrivanje UPnP/SSDP |
647
+ | Detekcija aplikacija | Nema | Identifikacija CMS-a, okvira i platformi za e-trgovinu |
648
+ | Sondiranje servisa | Nema | Fingerprinting MySQL, PostgreSQL, Redis, FTP, VNC/RDP |
649
+ | Detekcija infrastrukture | Nema | Identifikacija cloud provajdera, hosting provajdera, CDN-a |
650
+ | Motor korelacije | Nema | Konzistentnost signala, detekcija honeypota, detekcija spoofinga, mapiranje topologije |
651
+ | Motor identifikacije | Nema | Identifikacija bazirana na hashovima, detekcija C2, podudaranje potpisa |
652
+ | [Shodan](https://www.shodan.io) | `SHODAN_API_KEY` | Obavjestajni podaci o hostu &mdash; otvoreni portovi, baneri, ranjivosti, detekcija OS-a |
653
+ | [Censys](https://censys.io) | `CENSYS_API_ID` | Podaci hosta &mdash; servisi, TLS certifikati, informacije o autonomnom sistemu |
654
+ | [SecurityTrails](https://securitytrails.com) | `SECURITYTRAILS_API_KEY` | Otkrivanje izvornog WAF-a, historija pasivnog DNS-a, historijski zapisi |
655
+ | [VirusTotal](https://www.virustotal.com) | `VIRUSTOTAL_API_KEY` | Reputacija domene/IP-a, rezultati detekcije, DNS historija, kategorije |
656
+
657
+ ---
658
+
659
+ ## Arhitektura
660
+
661
+ ```
662
+ src/
663
+ index.ts # CLI ulazna tacka (--help, --list, --tool, stdio server)
664
+ protocol/
665
+ mcp-server.ts # Podesavanje MCP servera (stdio transport)
666
+ tools.ts # Registar alata — svih 13 kompozitnih alata registrirano ovdje
667
+ types/
668
+ index.ts # Dijeljeni tipovi (ToolDef, ToolContext, ToolResult)
669
+ utils/
670
+ rate-limiter.ts # Rate limiter po provajderu
671
+ cache.ts # TTL kes za API odgovore
672
+ require-key.ts # Helper za validaciju API kljuceva
673
+ murmurhash3.ts # MurmurHash3 za hashiranje favicona
674
+ composite/ # 13 orkestratora kompozitnih alata
675
+ recon.ts # Orkestrator punog izvidanja (quick/standard/deep)
676
+ scan-ports.ts # Kompozitno skeniranje portova
677
+ scan-tls.ts # Kompozitna TLS analiza
678
+ scan-dns.ts # Kompozitni DNS obavjestajni rad
679
+ scan-http.ts # Kompozitni HTTP fingerprinting
680
+ scan-paths.ts # Kompozitno otkrivanje putanja
681
+ scan-waf.ts # Kompozitna WAF/CDN detekcija
682
+ scan-services.ts # Kompozitno sondiranje servisa
683
+ analyze.ts # Kompozitna pasivna analiza
684
+ correlate.ts # Kompozitni motor korelacije
685
+ enumerate.ts # Kompozitno prosirenje obima
686
+ osint.ts # Kompozitno OSINT obogacivanje
687
+ meta.ts # Kompozitni meta servera
688
+ helpers.ts # Dijeljeni kompozitni helperi
689
+ tcp/ # Tehnike TCP sondiranja (3)
690
+ tls/ # Tehnike TLS/SSL analize (8)
691
+ ssh/ # Tehnike SSH sondiranja (3)
692
+ http/ # Tehnike HTTP fingerprintinga (16)
693
+ web/ # Tehnike detekcije web tehnologija (9)
694
+ path/ # Tehnike otkrivanja putanja (5)
695
+ dns/ # Tehnike DNS obavjestajnog rada (7)
696
+ waf/ # Tehnike WAF/CDN detekcije (4)
697
+ timing/ # Tehnike analize tajminga (2)
698
+ h2/ # Tehnike HTTP/2 i HTTP/3 (3)
699
+ smtp/ # Tehnike SMTP sondiranja (2)
700
+ iot/ # Tehnike detekcije IoT/embedded (2)
701
+ app/ # Tehnike detekcije aplikacija (3)
702
+ service/ # Tehnike sondiranja servisa (5)
703
+ infra/ # Tehnike detekcije infrastrukture (3)
704
+ correlation/ # Motor korelacije (5)
705
+ identify/ # Motor identifikacije (3)
706
+ passive/ # Pasivna analiza (3)
707
+ osint/ # Tehnike OSINT obogacivanja (6)
708
+ enum/ # Tehnike enumeracije (8)
709
+ meta/ # Meta alati (3)
710
+ data/ # Baze potpisa i biblioteke obrazaca
711
+ jarm-signatures.ts # Poznati JARM fingerprintovi (C2, serveri, CDN-ovi)
712
+ waf-signatures.ts # Potpisi za detekciju WAF-a
713
+ service-banners.ts # Obrasci banera servisa
714
+ tech-patterns.ts # Obrasci detekcije tehnologija
715
+ favicon-hashes.ts # Poznate MurmurHash3 vrijednosti favicona
716
+ c2-signatures.ts # Potpisi C2 okvira
717
+ ... # 15+ baza potpisa/obrazaca
718
+ ```
719
+
720
+ **Projektne odluke:**
721
+
722
+ - **13 kompozitnih alata, 103 tehnike** &mdash; Agent poziva alate visokog nivoa (`recon`, `scan_tls`, `scan_http`). Svaki kompozit orkestrira visestruke tehnike niskog nivoa i vraca korelirane rezultate. Ovo smanjuje opterecenje poziva alata uz odrzavanje granularnosti.
723
+ - **21 provajder, 1 server** &mdash; Svaki sloj fingerprintinga je nezavisan modul. Kompozitni orkestrator bira tehnike na osnovu konteksta i dubine.
724
+ - **Prvo aktivno, OSINT opciono** &mdash; 80+ tehnika radi direktnim sondiranjem cilja bez ikakvih API kljuceva. OSINT provajderi (Shodan, Censys, VirusTotal, SecurityTrails) dodaju obogacivanje, ali nikada nisu obavezni.
725
+ - **Rate limiteri po provajderu** &mdash; Svaki provajder ima svoju instancu `RateLimiter`-a. Aktivno sondiranje je ograniceno brzinom kako bi se izbjegla detekcija; OSINT API-ji su kalibrirani prema svojim kvotama.
726
+ - **TTL kesiranje** &mdash; DNS zapisi (10min), OSINT rezultati (15min), CT logovi (30min) se kesiraju da bi se izbjegle suvisne pretrage tokom visealatnih tokova rada.
727
+ - **Graceful degradacija** &mdash; Nedostajuci API kljucevi ne ruse server. OSINT alati vracaju opisne poruke: "Postavite SHODAN_API_KEY da omogucite Shodan pretragu hosta."
728
+ - **3 zavisnosti** &mdash; `@modelcontextprotocol/sdk`, `zod` i `cheerio`. Sav mrezni I/O putem nativnog `fetch()` i Node.js `net`/`tls`/`dns` modula. Bez nmap-a, bez eksternih binarnih fajlova.
729
+
730
+ ---
731
+
732
+ ## Ogranicenja
733
+
734
+ - OSINT alati (Shodan, Censys, VirusTotal, SecurityTrails) zahtijevaju API kljuceve za svoje odgovarajuce tehnike
735
+ - Censys besplatni nivo ogranicen na 250 upita/mjesec
736
+ - VirusTotal besplatni nivo ogranicen na 500 upita/dan
737
+ - Skeniranje portova koristi TCP connect (ne SYN skeniranje) &mdash; manje skriveno od nmap-a, ali ne zahtijeva root privilegije
738
+ - JARM fingerprinting zahtijeva direktan TCP pristup cilju (moze biti blokiran od strane firewalla)
739
+ - UPnP/SSDP otkrivanje radi samo na lokalnim mrezama
740
+ - Sondiranje servisa (MySQL, PostgreSQL, Redis) se povezuje, ali se ne autentificira
741
+ - Enumeracija poddomena se oslanja na CT logove i pasivne izvore (bez brute-force-a)
742
+ - Testirano na macOS / Linux (Windows nije testiran)
743
+
744
+ ---
745
+
746
+ ## Dio MCP Sigurnosnog Paketa
747
+
748
+ | Projekat | Domena | Alati |
749
+ |----------|--------|-------|
750
+ | [hackbrowser-mcp](https://github.com/badchars/hackbrowser-mcp) | Testiranje sigurnosti bazirano na pregledacu | 39 alata, Firefox, testiranje injekcija |
751
+ | [cloud-audit-mcp](https://github.com/badchars/cloud-audit-mcp) | Cloud sigurnost (AWS/Azure/GCP) | 38 alata, 60+ provjera |
752
+ | [github-security-mcp](https://github.com/badchars/github-security-mcp) | GitHub sigurnosna pozicija | 39 alata, 45 provjera |
753
+ | [cve-mcp](https://github.com/badchars/cve-mcp) | Obavjestajni rad o ranjivostima | 23 alata, 5 izvora |
754
+ | [osint-mcp-server](https://github.com/badchars/osint-mcp-server) | OSINT i izvidanje | 37 alata, 12 izvora |
755
+ | [darknet-mcp-server](https://github.com/badchars/darknet-mcp-server) | Dark web i obavjestajni rad o prijetnjama | 66 alata, 16 izvora |
756
+ | **fingerprint-mcp** | **Univerzalni digitalni fingerprinting** | **13 alata, 103 tehnike, 21 provajder** |
757
+
758
+ ---
759
+
760
+ <p align="center">
761
+ <b>Samo za ovlasteno testiranje sigurnosti i procjenu.</b><br>
762
+ Uvijek se uvjerite da imate odgovarajucu autorizaciju prije obavljanja fingerprintinga na bilo kojem cilju.
763
+ </p>
764
+
765
+ <p align="center">
766
+ <a href="LICENSE">AGPL-3.0 Licenca</a> &bull; Izgradeno sa Bun + TypeScript
767
+ </p>