Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/d4-project/sensor-d4-tls-fingerprinting
Extract TLS certificates from pcap files or network interfaces, fingerprint TLS client/server interactions with ja3/ja3s
https://github.com/d4-project/sensor-d4-tls-fingerprinting
d4-project pcap security-monitoring tls tls-certificate
Last synced: 3 months ago
JSON representation
Extract TLS certificates from pcap files or network interfaces, fingerprint TLS client/server interactions with ja3/ja3s
- Host: GitHub
- URL: https://github.com/d4-project/sensor-d4-tls-fingerprinting
- Owner: D4-project
- License: mit
- Created: 2019-01-23T12:57:00.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2020-01-08T14:56:35.000Z (almost 5 years ago)
- Last Synced: 2024-07-16T00:51:32.687Z (4 months ago)
- Topics: d4-project, pcap, security-monitoring, tls, tls-certificate
- Language: Go
- Size: 110 KB
- Stars: 38
- Watchers: 10
- Forks: 4
- Open Issues: 11
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-network-stuff - **21**星
README
**sensor-d4-tls-fingerprinting** is intended to be used to feed a D4 project client (It can be used in standalone though).
# Main features
* extracts TLS certificates from pcap files or network interfaces
* fingerprints TLS client/server interactions with ja3/ja3s
* fingerprints TLS interactions with TLSH fuzzy hashing
* write certificates in a folder
* export in JSON to files, or stdout
# Use
This project is currently in development and is subject to change, check the list of issues.
## Compile from source
### requirements
* git
* golang >= 1.5
* libpcap
``` shell
#apt install golang git libpcap-dev
```
### Go get
``` shell
$go get github.com/D4-project/sensor-d4-tls-fingerprinting
$cd $GOPATH/github.com/D4-project/sensor-d4-tls-fingerprinting
$
```
A "sensor-d4-tls-fingerprinting" compiled for your architecture should then be in $GOPATH/bin
Alternatively, use make to compile arm/linux or amd64/linux
## How to use
Read from pcap:
``` shell
$ ./d4-tlsf-amd64l -r=file
```
Read from interface (promiscious mode):
``` shell
$ ./d4-tlsf-amd64l -i=interface
```
Write x509 certificates to folder:
``` shell
$ ./d4-tlsf-amd64l -w=folderName
```
Write output json inside folder
``` shell
$ ./d4-tlsf-amd64l -j=folderName
```