v1.9.51 — enumOneAPI + enumArgilla enumerators; neon pink banner

Two new deep enumerators (One API, Argilla), neon pink banner, Cat-03 model serving fingerprints.

New enumerators

enumOneAPI — songquanpeng/one-api LLM gateway (1.19M Docker Hub pulls)

• /api/status — identity: version, system_name, email_verification flag (public by design)
• /v1/models — open relay detection; 200 = anyone can route inference requests through the operator's upstream provider accounts (OpenAI, Anthropic, etc.)
• POST /api/user/login {"username":"root","password":"123456"} — default credential check. Documented in the one-api README, actively exploited in the wild. Surfaces CRITICAL with role + username on success. Verified live: 27.124.10.54:3000.

enumArgilla — HuggingFace Argilla annotation platform

• /api/v1/me — auth gate; handles both error shapes:
  • v2.x: {"error":"Unauthorized Access"} (HTTP 401)
  • v1.x: {"detail":{"code":"argilla.api.errors::UnauthorizedError",...}} (HTTP 401)
  • 200 + "username" field = misconfigured anonymous access → CRITICAL
• /api/v1/workspaces — workspace names; readable without auth = annotation training data exposed → CRITICAL
• /api/v1/datasets — dataset names; readable without auth → CRITICAL

Both enumerators were previously falling through to mkResult (no-op fallback), returning auth_status: unknown and findings: null. agent-logging-system flagged both as error_rate_high (100% error rate). Root cause: neither was registered in enumeratorRegistry.

Other changes

• Banner: color changed from cyan (\033[96m) to neon pink (\033[38;5;198m)
• Cat-03 model serving fingerprints: KoboldCpp (port 5001), LM Studio (port 1234), Aphrodite Engine (port 2242), LMDeploy, GPT4All, HuggingFace TGI, faster-whisper server
• README: banner image, screenshots section (6 images: fingerprinting, phase 3, service cards, Ollama CRIT, One API default creds, full summary)

Binaries

Platform	File
Linux x86_64	aimap-linux-amd64
Linux arm64	aimap-linux-arm64
macOS x86_64	aimap-darwin-amd64
macOS arm64 (Apple Silicon)	aimap-darwin-arm64

Verify with sha256sum -c SHA256SUMS.

v1.9.45: MCP deep enumerator (enumMCP)

[v1.9.45] - 2026-05-31

MCP deep enumerator (enumMCP). The "MCP Server" fingerprint already detected
presence (9 disjunctive probes, 88-server-derived); it had no registered deep
enumerator, so a match produced only a bare mkResult — identity without auth
state or tool surface (the Stage-1-vs-Stage-2 gap, Insight #16). enumMCP closes
it: it runs the active JSON-RPC initialize handshake (Streamable HTTP POST /mcp
with Accept: application/json, text/event-stream; root and fingerprint-path
fallbacks; SSE-framed responses unwrapped), gates on protocol-shape conformance
(protocolVersion in the closed spec-date set + non-empty serverInfo.name — the
honeypot discriminator, Insight #1), then enumerates the tool surface via
tools/list and classifies auth state (200+result = unauthenticated; 401/403 +
WWW-Authenticate = OAuth-configured, not a finding). Tool-surface severity is a
bag-of-fields classifier over the tool-name set (execute_command/write_file/
kubectl/get_secret → critical; filesystem-read/database → high; network →
medium). sparfenyuk/mcp-proxy is identified by its vendor-unique /status
server_instances map. RESTRAINT (schema-recon): names, descriptions, and input
schemas only — tools/call and resources/read are never invoked; findings
carry data_accessed: false. An end-to-end test asserts the no-invocation
guarantee. 18 new test cases (unit + integration). No fingerprint changes.

v1.9.21 — fix data race in watchdog tests

Fix

The v1.9.19 CI added go test -race and v1.9.20 fixed the resulting IPv6 vet warning. v1.9.21 fixes the next thing race-mode flagged: watchdog_test.go shared a bytes.Buffer between the watchdog goroutine and the assertion code without synchronization. The race detector correctly identified this as unsafe concurrent access on the buffer.

Wrapped the buffer in a safeBuf type (mutex-protected Write/String/Len) so the watchdog goroutine writer and the test reader are properly synchronized.

The watchdog itself is unaffected — the race lived in the test harness, not the production code. The watchdog's own io.Writer write path is fine when given a thread-safe target (which scan-time os.Stderr is, and which safeBuf is, but a raw bytes.Buffer is not).

CI is now race-clean. go test -race ./... passes locally and on every push/PR via the workflow added in v1.9.19.

Install

curl -LO https://github.com/Nicholas-Kloster/aimap/releases/download/v1.9.21/aimap-linux-amd64
chmod +x aimap-linux-amd64
sudo mv aimap-linux-amd64 /usr/local/bin/aimap

v1.9.20 — fix IPv6 address formatting

Latent bug surfaced by the v1.9.19 CI run on Go 1.25 vet: fmt.Sprintf("%s:%d", host, port) does not produce a valid net.Dial address when host is an unbracketed IPv6 literal. Replaced two call sites in scanner.go and enumerators.go (clawdbotWSProbe) with net.JoinHostPort(host, strconv.Itoa(port)).

Before this fix, IPv6 scanning silently failed at the dial step. After: works end-to-end.

Inherited from v1.0. Local Go 1.22 vet did not flag it; CI Go 1.25 did. The CI workflow added in v1.9.19 caught its own first regression in the same release cycle.

No new tests (mechanical fix). go vet ./... and go test ./... clean.

Install:

curl -LO https://github.com/Nicholas-Kloster/aimap/releases/download/v1.9.20/aimap-linux-amd64
chmod +x aimap-linux-amd64
sudo mv aimap-linux-amd64 /usr/local/bin/aimap

v1.9.19 — close v1.9.17 review items (6/6)

What this is

The v1.9.17 internal review identified six follow-up items. v1.9.19 closes all six.

Changes

1. Fingerprint hardening: Insight #6 anchoring applied to 24 naked probes

The v1.9.17 audit found 24 body_contains probes in fingerprints.go that violated the README's load-bearing rule ("naked single-word body_contains is unsound at population scale"). v1.9.19 fixes all 24:

• High-FP-risk probes anchored to status + structured signal: vLLM, LiteLLM ×2, Jupyter, Milvus, Langfuse, Kubeflow, Whisper ASR, dcm4chee, plus the HTML-title fallbacks (Clawdbot, Coolify, Dify, OpenHands)
• 11 Exposed API Credentials probes now require status_code=200 — credential leaks in the wild come from 200-response surfaces (env-var dumps, build logs, JS bundles, debug endpoints)
• 2 MCP Server permissive fallbacks gain body_not_contains "<!DOCTYPE html" — keeps the spec-unique-string recall while excluding HTML doc-page FPs

20 regression tests added in fingerprints_anchoring_test.go: every fix has both a TP test (real-shape response still matches) and a FP-reject test (previously-FP-prone response is now rejected). Plus an inventory test that fails if a new credentialClass is added without a matching fingerprint probe.

2. scanSecrets ported to validation discipline (Insight #38 generalized)

Pre-v1.9.19: every match emitted Severity: "critical" regardless of evidence. Post: severity follows the evidence:

• Anchor only (env-var name visible, value not extracted) → BaseSev (medium for env-vars, high for credential prefixes, low for very generic anchors)
• Anchor + value extracted, Format valid → critical
• Anchor + value extracted, Format mismatch → BaseSev (no upgrade — value is suspicious but doesn't match vendor's documented shape)

HUGGING_FACE (a very generic anchor that previously fired critical on any doc page) now emits at low unless a real hf_xxx value is extracted. 12 env-var patterns get format-validated against vendor-documented shapes (sk-proj-/sk-ant-/AKIA/AIza/hf_/etc.).

3. enum_credentials.go: credential code extracted from enumerators.go

The 363 lines of credential/secret-scanning code (secretPattern, credentialClass, redactKey, scanCredentials, scanSecrets, enumExposedCredentials) moved out of the 4,500-line enumerators.go into a focused enum_credentials.go. Partial split — the full category split (per-category files for vector/llm/observability/orchestration/bi/safety) is queued for a separate refactor.

4. Registry-pattern dispatcher

runEnumerators's 50-arm switch statement converted to a map[string]enumeratorFn lookup:

type enumeratorFn func(c *http.Client, svc ServiceMatch) EnumResult
var enumeratorRegistry = map[string]enumeratorFn{
    "Weaviate":          enumWeaviate,
    "Ollama":            enumOllama,
    // ... 50 entries grouped by category
}

Adding a new enumerator is one-line registration. "Did you wire it up?" becomes a compile error rather than a silent "no enumerator ran" miss. No behavior change.

5. GitHub Actions CI

New .github/workflows/ci.yml:

• build-and-test: go build, go vet, go test -race, plus a version.go ↔ -version output consistency check
• cross-platform-build matrix: linux+darwin × amd64+arm64 on every push/PR

6. PKGBUILD sha256 backfilled

v1.9.18's sha256sums=SKIP placeholder replaced with the real v1.9.18 tarball hash. v1.9.19 set to SKIP again pending the next tag-push; downstream packagers can compute against v1.9.19.tar.gz.

What's not in this release

No new fingerprints. No new enumerators. No new categories. Pure quality + structural improvements against the v1.9.18 baseline.

Install

curl -LO https://github.com/Nicholas-Kloster/aimap/releases/download/v1.9.19/aimap-linux-amd64
chmod +x aimap-linux-amd64 && sudo mv aimap-linux-amd64 /usr/local/bin/aimap

# Or
go install github.com/Nicholas-Kloster/aimap@v1.9.19

Verify against SHA256SUMS attached to this release.

Stats

• 1 commit, 10 files changed, 1,384 insertions, 365 deletions
• 31 new regression tests (20 anchoring + 9 scan-secrets + 2 inventory)
• All existing tests still pass

v1.9.18 — doc refresh + version-string consolidation

What this is

The doc-and-release catch-up. aimap shipped v1.4 through v1.9.17 across April–May 2026; the code landed, the GitHub Releases page did not. v1.9.18 is the catch-up: the public surface (README, man page, PKGBUILD, JSON ToolVersion, banner, User-Agent, -version flag) is now consistent with the code, and the doc gap that produced the drift is closed.

v1.9.18 specifically

• Single source of truth for the version string. const Version in version.go. The banner, ToolVersion field in JSON output, HTTP User-Agent, and the new -version flag all read from there. No more three-place drift on each release.
• -version flag. aimap -version prints aimap 1.9.18 and exits.
• README refresh. Service count corrected from 66 to 120 (50 deep enumerators). 24-row category table covers every fingerprint that ships. About reframed to honor both audiences — defenders running it on their own networks, researchers running it on authorized populations — and credit the population-FP discipline.
• Man page refresh. Updated from "aimap 1.3, April 2026, 36 services" to current reality. ML-adjacency rule and cross-cutting credential scanner described.
• PKGBUILD bump. pkgver=1.9.18, description updated.

No behavior changes, no new fingerprints, no new enumerators. All existing tests pass.

What shipped between v1.3.0 and v1.9.18

Brief catalogue of the work that landed in code but not in a published release artifact:

• v1.4 – v1.5 — container/k8s/MCP/medical-AI expansion (13 platforms), image-generation pack (5 platforms + 3 enumerators), agent-memory/data-labeling/vector-DB fingerprints (11), ComfyUI-Manager probe fix
• v1.6 — Elasticsearch / OpenSearch / ClickHouse deep enumerators
• v1.7 – v1.8 — Lunary fingerprint, extortion classifier (Meow / Indexrm read_me detector), --exclude-compromised flag, actor attribution from extortion marker docs
• v1.9.0 – v1.9.3 — AutoGen Studio, Flowise FP fix (honeypot over-match), anti-detect CDP server fingerprint, code-assistant fingerprints (Sourcegraph, Tabnine, Refact, Sweep AI, Dyad, bolt.diy, Sourcebot)
• v1.9.4 — llama.cpp fingerprint, parallelized PHASE 3 (single-threaded bug fix)
• v1.9.5 – v1.9.8 — large fingerprint expansion (95 → 120), Elasticsearch / OpenSearch + ClickHouse deep enumerators
• v1.9.9 – v1.9.11 — extortion-classifier shipped, actor attribution from marker documents, One API + NewAPI fingerprints
• v1.9.12 – v1.9.15 — Docker registry catalog-content classifiers for Jetson/NVIDIA edge, healthcare (PACS/DICOM), and finance (algotrading) operator attribution; international healthcare signal coverage (RU/DE/ES/FR/IT/CN/JP)
• v1.9.16 – v1.9.17 — three boundary-FP fixes on registry classifiers (tegra/mcintegration, ray/krayzdrav, dicom//adicom); cross-cutting Exposed API Credentials fingerprint + scanCredentials (extracts and format-validates vendor keys in HTTP responses independent of host's primary service)

See CHANGELOG.md for the full per-release detail.

Install

# Linux amd64
curl -LO https://github.com/Nicholas-Kloster/aimap/releases/download/v1.9.18/aimap-linux-amd64
chmod +x aimap-linux-amd64 && sudo mv aimap-linux-amd64 /usr/local/bin/aimap

# Linux arm64
curl -LO https://github.com/Nicholas-Kloster/aimap/releases/download/v1.9.18/aimap-linux-arm64

# macOS
curl -LO https://github.com/Nicholas-Kloster/aimap/releases/download/v1.9.18/aimap-darwin-arm64

# Or go install
go install github.com/Nicholas-Kloster/aimap@v1.9.18

Verify the download against SHA256SUMS (also attached to this release).

Companion tools

• aimap-profile — target classification + disclosure routing
• BARE — Metasploit module ranking from scanner findings
• recongraph — seed-polymorphic recon graph
• cortex — auth-context analyzer

v1.3.0 — coverage release: AI agent platforms + observability infra

Coverage release

Backward-compatible: no CLI, JSON schema, or existing-fingerprint output changes.

Added

• 13 new fingerprints (23 → 36 total): SGLang, AI TTS Server, SillyTavern, Grafana, Prometheus, etcd, MinIO, n8n, OpenHands, Mem0, Coolify, Clawdbot, Open Directory
• 15 new deep enumerators (11 → 26 total): adds dedicated enumeration for the new services plus enumOpenWebUI and enumVLLM (previously fingerprint-only)
• 7 new default ports: 80, 443, 2379, 5678, 9000, 30000, 18789
• Two new categories: AI agent platforms (OpenHands, Mem0, Coolify, Clawdbot) and Observability / infrastructure co-deployed with AI stacks (Grafana, Prometheus, etcd, MinIO, n8n alongside Langfuse)

See CHANGELOG.md for the full per-service breakdown.

Install

curl -LO https://github.com/Nicholas-Kloster/aimap/releases/download/v1.3.0/aimap-linux-amd64
curl -LO https://github.com/Nicholas-Kloster/aimap/releases/download/v1.3.0/aimap-linux-amd64.sha256
sha256sum -c aimap-linux-amd64.sha256
chmod +x aimap-linux-amd64
sudo mv aimap-linux-amd64 /usr/local/bin/aimap

Or with go install:

go install github.com/Nicholas-Kloster/aimap@v1.3.0

Verify

aimap   # banner reports: Fingerprints: 36 AI/ML services

v1.2.0 — aimap-profile companion tool

Companion-tool release. Adds aimap-profile/ for target classification, ethics-flag surfacing, honeypot detection, and disclosure-channel routing.

No changes to the aimap Go binary (still v1.1.1), its fingerprint database, CLI flags, or JSON output schema. For the Go binary and prebuilt Linux amd64/arm64 assets, use the v1.1.1 release. This release adds a Python companion script alongside it.

What's new — aimap-profile

Where aimap fingerprints services on a target (what's running?), aimap-profile profiles the target itself (what is it? how should I approach it? where do I disclose?). The two tools are designed to be used together — profile first, then scan.

• Single-file Python (~500 LoC), read-only, passive-first by default
• Emits structured JSON designed for LLM / pipeline consumption

Eight analysis modules

Module	What it does
identity	rDNS, forward DNS, WHOIS org / netname / CIDR / country / ASN
surface_passive	Shodan historical record — ports, vulns, services, cert subject / issuer
surface_active	nmap top-100 + service detection (full mode only; opt-in)
discrepancy	Active vs passive delta + impossible-service-combo honeypot scoring
classification	Priority-ordered category + ethics flags + multi-tenant detection
adjacency	PTR /29 neighborhood sweep; CT namespace enumeration (full mode)
web_surface	Fetches /, extracts window.__NUXT__ / __NEXT_DATA__ / __INITIAL_STATE__; regex-scans for API keys, JWTs, cloud tokens
disclosure	security.txt probing, MX records, WHOIS abuse contact

Priority-ordered category system

honeypot_signal > clinical_hipaa > personal_device > commercial_staging > commercial_saas > research_lab > education

Highest-specificity / highest-ethical-gate wins. Ethics flags auto-generated per category (HIPAA-no-active-probing, CFAA-institutional-CSIRT, personal-device-archive-only, honeypot-adversary-logging, safe-harbor-check, shared-multi-user scoping).

Honeypot detection example

```json
"discrepancy": {
"honeypot_score": 6,
"verdict": "likely honeypot / deception asset",
"signals": [
"honeypot combo detected: ['GlobalProtect', 'Ivanti'] (+3)",
"honeypot combo detected: ['Asus', 'FortiGate'] (+3)"
]
}
```

Active nmap against this target returns "all filtered" — the Shodan passive fingerprint is what reveals the deception.

HIPAA-boundary classification example

```json
"classification": {
"primary_category": "clinical_hipaa",
"all_hits": ["clinical_hipaa", "education", "research_lab"],
"ethics_flags": [
"HIPAA-adjacent network — no active probing of clinical systems",
"Educational institution — CFAA exposure; prefer institutional CSIRT disclosure",
"Research lab / HPC — likely shared multi-user; scope carefully"
]
}
```

Verification

100% primary-category accuracy across 17 real-world targets spanning honeypot / clinical_hipaa / personal_device / commercial_staging / commercial_saas / research_lab / education.

Install

```bash
git clone https://github.com/Nicholas-Kloster/aimap.git
cd aimap/aimap-profile
python3 -m venv .venv
.venv/bin/pip install -r requirements.txt
shodan init <API_KEY> # one-time
./aimap_profile.py --target <ip|host> --mode fast
```

See aimap-profile/README.md for the full heuristics reference and roadmap.

Versioning note

• aimap (Go binary) — v1.1.1, unchanged
• aimap-profile (Python companion) — v0.1.0, new

The companion tool has its own versioning track. Upgrading or skipping it does not affect `aimap` itself.

v1.1.1 — Docs, Packaging, Prebuilt Binaries

Docs and packaging release on top of v1.1.0. No code or fingerprint changes — same 23 AI/ML services as v1.1.0.

What's new

Change	Why it matters
MIT LICENSE added	Closes the gap where the README claimed MIT but no LICENSE file existed. Required for distro inclusion.
README rewrite	Badges, install instructions, "why aimap exists" framing, restructured for defenders.
aimap(1) man page	Standard groff format. Installs to /usr/share/man/man1/. Required for proper packaging.
PKGBUILD	Ready for Arch / BlackArch / AUR submission.
Prebuilt binaries	linux-amd64, linux-arm64, darwin-amd64, darwin-arm64 — no Go toolchain required to use aimap.

Install (no Go required)

Linux x86_64:

curl -LO https://github.com/Nicholas-Kloster/aimap/releases/download/v1.1.1/aimap-linux-amd64
chmod +x aimap-linux-amd64
sudo mv aimap-linux-amd64 /usr/local/bin/aimap
aimap

macOS Apple Silicon:

curl -LO https://github.com/Nicholas-Kloster/aimap/releases/download/v1.1.1/aimap-darwin-arm64
chmod +x aimap-darwin-arm64
sudo mv aimap-darwin-arm64 /usr/local/bin/aimap
aimap

Verify with checksums:

curl -LO https://github.com/Nicholas-Kloster/aimap/releases/download/v1.1.1/SHA256SUMS
sha256sum -c SHA256SUMS --ignore-missing

Upgrading from v1.1.0

If you installed via go install or built from source: git pull && go build -o aimap . — that's it. There are no code changes.

If you want the prebuilt binary instead, grab one from the assets above.

Full changelog

See CHANGELOG.md for the full v1.1.x history.

v1.1.0 — Fingerprint Expansion

Additive release. No CLI, JSON schema, or existing fingerprint output changes — safe to drop in.

Added

7 new fingerprints (16 → 23 total)

Service	Ports	Notes
Milvus	9091, 19530	Closes gap where 19530 was scanned but unfingerprinted
Langfuse	3000	High severity — stores full prompt/response traces
Dify	80, 5001, 3000	Catches critical "setup not completed → admin claimable" state
BentoML	3000
Ray Dashboard	8265	Distinct from Ray Serve
Kubeflow	8080
Docker Registry	5000, 51000, 55000	Low severity — flagged for handoff

5 new default scan ports: 9091, 5001, 8265, 51000, 55000

4 new deep enumerators: Milvus (collections + PII detection), Langfuse (auth status + project enumeration), Dify (admin-claim detection), Docker Registry (anonymous catalog access).

Install / Upgrade

git pull origin main
go build -o aimap .
./aimap   # banner should report "Fingerprints: 23 AI/ML services"

Known limitations / queued for v1.2

• Dedicated deep enumerators for BentoML, Ray Dashboard, Kubeflow (currently use generic path)
• Tier 2 fingerprints: Typesense, Label Studio, Argilla, ArangoDB
• NVIDIA DCGM (low severity standalone)
• Autonomous agent frameworks intentionally skipped — category churns too fast for stable fingerprints

Full release notes: CHANGELOG.md