Fingerprint TLS Servers with Salesforece JARM Algorithm
The Salesforce JARM Tool https://github.com/salesforce/jarm is an active Transport Layer Security (TLS) server fingerprinting tool. JARM fingerprints can be used to quickly verify that all servers in a group have the same TLS configuration; group disparate servers on the internet by configuration, identifying that a server may belong to Google vs. Salesforce vs. Apple, for example; Identify default applications or infrastructure; and/or Identify malware command and control infrastructure and other malicious servers on the Internet. Tools are provided to generate JARM fingerprints.
The following functions are implemented:
jarm_fingerprint: Fingerprint a TLS server
remotes::install_git("https://git.rud.is/hrbrmstr/jarmed.git")
# or
remotes::install_gitlab("hrbrmstr/jarmed")
# or
remotes::install_bitbucket("hrbrmstr/jarmed")NOTE: To use the ‘remotes’ install options you will need to have the {remotes} package installed.
library(jarmed)
# current version
packageVersion("jarmed")
## [1] '0.1.0'(res <- jarm_fingerprint("rud.is"))
## Host: rud.is
## Port: 443
## IP: 172.93.49.183
## Result: 15d2ad16d29d29d00015d2ad15d29dd1c3ca624d74ad1df5cec63008795502
## JARM: 009e|0303|h2|0000-ff01-0010,c030|0303|h2|0000-ff01-000b-0010,009f|0303|h2|0000-ff01-0010,c02f|0303||0000-ff01-000b,c02f|0303||0000-ff01-000b,|||,009e|0303|h2|0000-ff01-0010,c030|0303|h2|0000-ff01-000b-0010,009e|0303|h2|0000-ff01-0010,c02f|0303|h2|0000-ff01-000b-0010
str(res, 1)
## List of 5
## $ host : chr "rud.is"
## $ port : int 443
## $ ip : chr "172.93.49.183"
## $ result: chr "15d2ad16d29d29d00015d2ad15d29dd1c3ca624d74ad1df5cec63008795502"
## $ jarm : chr "009e|0303|h2|0000-ff01-0010,c030|0303|h2|0000-ff01-000b-0010,009f|0303|h2|0000-ff01-0010,c02f|0303||0000-ff01-0"| __truncated__
## - attr(*, "class")= chr [1:2] "jarm_result" "list"library(tidyverse)
c(
"rud.is",
"r-project.org",
"rstudio.com",
"apple.com"
) -> sites
sites %>%
map_df(jarm_fingerprint)
## # A tibble: 4 x 5
## host port ip result jarm
## <chr> <int> <chr> <chr> <chr>
## 1 rud.is 443 172.93.4… 15d2ad16d29d29d00015d2ad15d29dd1… 009e|0303|h2|0000-ff01-0010,c030|0303|h2|0000-ff01-000b-0…
## 2 r-projec… 443 137.208.… 07d19d1ad21d21d07c42d43d000000ee… 0033|0303|http/1.1|ff01-0000-0001-0023-0010-0017,00c0|030…
## 3 rstudio.… 443 104.198.… 2ad2ad16d2ad2ad00042d42d000000df… c030|0303|h2|ff01-0000-0001-000b-0023-0010-0017,c030|0303…
## 4 apple.com 443 17.253.1… 29d29d15d29d29d00041d41d0000004a… c02f|0303|http/1.0|ff01-0000-0001-000b-0023-0010-0017,c02…| Lang | # Files | (%) | LoC | (%) | Blank lines | (%) | # Lines | (%) |
|---|---|---|---|---|---|---|---|---|
| R | 4 | 0.4 | 27 | 0.29 | 12 | 0.19 | 30 | 0.25 |
| Rmd | 1 | 0.1 | 19 | 0.21 | 20 | 0.31 | 31 | 0.25 |
| SUM | 5 | 0.5 | 46 | 0.50 | 32 | 0.50 | 61 | 0.50 |
clock Package Metrics for jarmed
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.