fofamapUse this skill when the user wants FOFA-based asset discovery, host profiling, distribution statistics, icon_hash generation, query refinement after zero-res...
Install via ClawdBot CLI:
clawdbot install asaotomo/fofamapRequires:
Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Calls external URL not in known-safe list
https://github.com/asaotomo/FofaMapAudited Apr 17, 2026 · audit v1.0
Generated May 4, 2026
A security operations center (SOC) analyst uses fofamap to discover exposed assets and services associated with their organization's external-facing IPs and domains. The skill automates FOFA searches to identify unknown subdomains, open ports, and application fingerprints, providing a comprehensive view of the attack surface.
A penetration tester employs fofamap during the reconnaissance phase of a red team engagement to gather intelligence on target networks. By running FOFA queries and live checks, they compile a list of live, reachable assets for further exploitation attempts, streamlining the initial data collection process.
A product manager at a cybersecurity vendor uses fofamap to analyze the distribution of specific software or services across countries and ASNs. The skill's stats mode provides insights into market penetration and deployment patterns, informing competitive strategy and sales targeting.
A vulnerability researcher uses fofamap to search for assets running known vulnerable software versions, then exports the results with live verification to a clean Excel file. This handoff package is used by remediation teams to prioritize patching efforts based on actual reachability.
Offer fofamap as a premium feature within a broader security intelligence platform, where users pay a monthly fee for unlimited FOFA searches, advanced filtering, and export capabilities. Revenue is generated through tiered subscription plans with different API call limits and report formats.
Provide a consulting service where clients pay per engagement for a comprehensive attack surface analysis using fofamap. Deliverables include a detailed report with live-checked asset lists and prioritized recommendations, suitable for organizations without in-house FOFA expertise.
Offer a free tier with basic search capabilities and limited exports, then charge per export file or per advanced feature like icon-hash lookup or project-run. This model attracts individual researchers and small teams while monetizing heavy users.
💬 Integration Tip
Integrate fofamap into automated threat intelligence pipelines by calling the helper script from CI/CD jobs to regularly scan and update asset inventories. For seamless integration, ensure the FOFA environment variables are securely stored and rotate API keys periodically.
Scored Apr 19, 2026
Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L...
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Audit a user's current AI tool stack. Score each tool by ROI, identify redundancies, gaps, and upgrade opportunities. Produces a structured report with score...
Detect anomalies and outliers in construction data: unusual costs, schedule variances, productivity spikes. Statistical and ML-based detection methods.