AppFinger
English | δΈζ
AppFinger is a fast HTTP application fingerprint scanner and Go library. It fetches web banners, headers, titles, certificates, favicon hashes, and client-side redirects, then matches them against YAML fingerprint rules.
Rules are maintained separately in hexbay/finger-rules.
β¨ Features
- π HTTP banner and response fingerprinting
- π― Header, body, title, status code, certificate, favicon hash, and body hash matching
- π HTTP redirect, meta refresh, and lightweight JavaScript redirect handling
- β‘ Concurrent target scanning
- π§° Optional proxy, timeout, stdin, file input, and JSON output
- π§± WordPress plugin and theme enhancement detection
- β
Strict rule validation mode
- π§ͺ Usable both as a CLI and as a Go library
π¦ Installation
Build from source:
git clone https://github.com/hexbay/appfinger.git
cd appfinger
go build -o appfinger .
Or install with Go:
go install github.com/hexbay/appfinger@latest
π Quick Start
Scan one target:
appfinger -u https://example.com
Scan multiple targets:
appfinger -u https://example.com -u https://example.org
Scan from a file:
appfinger -l urls.txt -t 30 -o result.json -output-format json
Scan from stdin:
cat urls.txt | appfinger -s
Use an HTTP proxy:
appfinger -u https://example.com -x http://127.0.0.1:7890
βοΈ CLI Options
APPFINGER:
-u, -url string[] Target URL to scan (-u INPUT1 -u INPUT2)
-l, -url-file string File containing URLs to scan
-s, -stdin Read URLs from stdin
-t, -threads int Number of concurrent threads (default 10)
-timeout int Timeout in seconds (default 10)
-x, -proxy string HTTP proxy, e.g. http://127.0.0.1:7890
-d, -finger-home string Fingerprint YAML directory
-ur, -update-rule Update rules from the finger-rules repository
-di, -disable-icon Disable favicon fetching and icon hash matching
-dj, -disable-js Disable JavaScript redirect parsing
-debug-req Dump HTTP requests
-debug-resp Dump HTTP responses
-v, -version Show version
-validate Validate rules and exit
OUTPUT:
-o, -output string File to write output to
-output-format string Output format: txt or json (default txt)
HELP:
-debug Enable debug logs
π§© Rule Repository
AppFinger uses YAML rules from finger-rules.
When the default rule directory does not exist, AppFinger initializes it automatically by downloading finger-rules.
Update the local rule repository:
appfinger -update-rule
Use a custom rule directory:
appfinger -u https://example.com -d /path/to/finger-rules
Validate rules before scanning:
appfinger -validate -d /path/to/finger-rules
π οΈ Library Usage
package main
import (
"context"
"fmt"
"github.com/hexbay/appfinger/pkg/fetch"
"github.com/hexbay/appfinger/pkg/rule"
"github.com/hexbay/appfinger/pkg/runner"
)
func main() {
fetcher := fetch.NewFetcher(fetch.DefaultOption())
manager, err := rule.LoadDefaultRules(context.Background())
if err != nil {
panic(err)
}
r, err := runner.NewRunner(fetcher, manager, &runner.Options{
Threads: 10,
Timeout: 10,
})
if err != nil {
panic(err)
}
defer r.Close()
result, err := r.Scan("https://example.com")
if err != nil {
panic(err)
}
fmt.Printf("%#v\n", result.Components)
}
π How It Works
AppFinger fetches target HTTP responses and normalizes useful matching data into banners. The rule engine then evaluates YAML matchers against response parts such as body, headers, title, certificate, favicon hash, and status code.

π§ͺ Development
Run tests:
go test ./...
Build locally:
go build ./...
π€ Contributing
Issues and pull requests are welcome. If you add or modify fingerprint behavior, please include focused tests where possible.
π License
AppFinger is licensed under the MIT License. See LICENSE for details.