precursor 0.2.3

Pre-protocol payload tagging, similarity clustering, and packet/firmware triage CLI.
1
2
3
4
5
6
7
8
9
10

{"tlsh":"fbhash:227:294cb799466c30672fbc02a727755001","similarity_hash":"fbhash:227:294cb799466c30672fbc02a727755001","tags":["http_method","urlencoded_jndi","ldap_scheme"],"protocol_label":"http","protocol_abstained":false,"protocol_confidence":0.99,"protocol_candidates":[{"protocol":"http","score":0.99,"evidence":["matched HTTP request/headers","tag evidence: http","similarity cluster boost from 9 neighbors"]}],"xxh3_64_sum":"612a4f3803dc2110","tlsh_similarities":{"fbhash:80:de765fcd8861dc3c3b17fbe45abb4ae3":88,"fbhash:80:c8f490e698c2ba57c1f88374503b162d":88,"fbhash:80:2d4e564aa0f5e8c207fefe1523d3af85":88,"fbhash:80:74d9a54cb165463b95315476c44ce79a":88,"fbhash:80:f82eac81c88020d591f3242c2c5a1e72":88,"fbhash:80:a2c00f1789ec419679f3592d6fa0dbc1":88,"fbhash:80:819a4fd1eaab6918df7e04cf101d4090":88,"fbhash:80:d576f484ce2c3e7055ef96680c4d5f5d":88,"fbhash:80:b8f9919d9ff2b5b3f2082ef0426dc978":88}}
{"tlsh":"fbhash:80:de765fcd8861dc3c3b17fbe45abb4ae3","similarity_hash":"fbhash:80:de765fcd8861dc3c3b17fbe45abb4ae3","tags":["http_method","exploit_class_path","java_user_agent"],"protocol_label":"http","protocol_abstained":false,"protocol_confidence":0.99,"protocol_candidates":[{"protocol":"http","score":0.99,"evidence":["matched HTTP request/headers","tag evidence: http","similarity cluster boost from 8 neighbors"]}],"xxh3_64_sum":"312e3f63a899a72e","tlsh_similarities":{"fbhash:80:c8f490e698c2ba57c1f88374503b162d":39,"fbhash:80:2d4e564aa0f5e8c207fefe1523d3af85":39,"fbhash:80:74d9a54cb165463b95315476c44ce79a":39,"fbhash:80:f82eac81c88020d591f3242c2c5a1e72":39,"fbhash:80:a2c00f1789ec419679f3592d6fa0dbc1":39,"fbhash:80:819a4fd1eaab6918df7e04cf101d4090":39,"fbhash:80:d576f484ce2c3e7055ef96680c4d5f5d":39,"fbhash:80:b8f9919d9ff2b5b3f2082ef0426dc978":39}}
{"tlsh":"fbhash:80:74d9a54cb165463b95315476c44ce79a","similarity_hash":"fbhash:80:74d9a54cb165463b95315476c44ce79a","tags":["http_method","exploit_class_path","java_user_agent"],"protocol_label":"http","protocol_abstained":false,"protocol_confidence":0.99,"protocol_candidates":[{"protocol":"http","score":0.99,"evidence":["matched HTTP request/headers","tag evidence: http","similarity cluster boost from 5 neighbors"]}],"xxh3_64_sum":"170d6ca84449255c","tlsh_similarities":{"fbhash:80:f82eac81c88020d591f3242c2c5a1e72":39,"fbhash:80:a2c00f1789ec419679f3592d6fa0dbc1":39,"fbhash:80:819a4fd1eaab6918df7e04cf101d4090":39,"fbhash:80:d576f484ce2c3e7055ef96680c4d5f5d":39,"fbhash:80:b8f9919d9ff2b5b3f2082ef0426dc978":39}}
{"tlsh":"fbhash:80:c8f490e698c2ba57c1f88374503b162d","similarity_hash":"fbhash:80:c8f490e698c2ba57c1f88374503b162d","tags":["http_method","exploit_class_path","java_user_agent"],"protocol_label":"http","protocol_abstained":false,"protocol_confidence":0.99,"protocol_candidates":[{"protocol":"http","score":0.99,"evidence":["matched HTTP request/headers","tag evidence: http","similarity cluster boost from 7 neighbors"]}],"xxh3_64_sum":"b4d9e2449d8ee0b6","tlsh_similarities":{"fbhash:80:2d4e564aa0f5e8c207fefe1523d3af85":39,"fbhash:80:74d9a54cb165463b95315476c44ce79a":39,"fbhash:80:f82eac81c88020d591f3242c2c5a1e72":39,"fbhash:80:a2c00f1789ec419679f3592d6fa0dbc1":39,"fbhash:80:819a4fd1eaab6918df7e04cf101d4090":39,"fbhash:80:d576f484ce2c3e7055ef96680c4d5f5d":39,"fbhash:80:b8f9919d9ff2b5b3f2082ef0426dc978":39}}
{"tlsh":"fbhash:80:f82eac81c88020d591f3242c2c5a1e72","similarity_hash":"fbhash:80:f82eac81c88020d591f3242c2c5a1e72","tags":["http_method","exploit_class_path","java_user_agent"],"protocol_label":"http","protocol_abstained":false,"protocol_confidence":0.99,"protocol_candidates":[{"protocol":"http","score":0.99,"evidence":["matched HTTP request/headers","tag evidence: http","similarity cluster boost from 4 neighbors"]}],"xxh3_64_sum":"ffd960bd567bf866","tlsh_similarities":{"fbhash:80:a2c00f1789ec419679f3592d6fa0dbc1":39,"fbhash:80:819a4fd1eaab6918df7e04cf101d4090":39,"fbhash:80:d576f484ce2c3e7055ef96680c4d5f5d":39,"fbhash:80:b8f9919d9ff2b5b3f2082ef0426dc978":39}}
{"tlsh":"fbhash:80:819a4fd1eaab6918df7e04cf101d4090","similarity_hash":"fbhash:80:819a4fd1eaab6918df7e04cf101d4090","tags":["http_method","exploit_class_path","java_user_agent"],"protocol_label":"http","protocol_abstained":false,"protocol_confidence":0.99,"protocol_candidates":[{"protocol":"http","score":0.99,"evidence":["matched HTTP request/headers","tag evidence: http","similarity cluster boost from 2 neighbors"]}],"xxh3_64_sum":"45d0ebaa5f04b7a6","tlsh_similarities":{"fbhash:80:d576f484ce2c3e7055ef96680c4d5f5d":39,"fbhash:80:b8f9919d9ff2b5b3f2082ef0426dc978":39}}
{"tlsh":"fbhash:80:a2c00f1789ec419679f3592d6fa0dbc1","similarity_hash":"fbhash:80:a2c00f1789ec419679f3592d6fa0dbc1","tags":["http_method","exploit_class_path","java_user_agent"],"protocol_label":"http","protocol_abstained":false,"protocol_confidence":0.99,"protocol_candidates":[{"protocol":"http","score":0.99,"evidence":["matched HTTP request/headers","tag evidence: http","similarity cluster boost from 3 neighbors"]}],"xxh3_64_sum":"5fc49418b456e085","tlsh_similarities":{"fbhash:80:819a4fd1eaab6918df7e04cf101d4090":39,"fbhash:80:d576f484ce2c3e7055ef96680c4d5f5d":39,"fbhash:80:b8f9919d9ff2b5b3f2082ef0426dc978":39}}
{"tlsh":"fbhash:80:2d4e564aa0f5e8c207fefe1523d3af85","similarity_hash":"fbhash:80:2d4e564aa0f5e8c207fefe1523d3af85","tags":["http_method","exploit_class_path","java_user_agent"],"protocol_label":"http","protocol_abstained":false,"protocol_confidence":0.99,"protocol_candidates":[{"protocol":"http","score":0.99,"evidence":["matched HTTP request/headers","tag evidence: http","similarity cluster boost from 6 neighbors"]}],"xxh3_64_sum":"2f77d6f6ecbfcdf1","tlsh_similarities":{"fbhash:80:74d9a54cb165463b95315476c44ce79a":39,"fbhash:80:f82eac81c88020d591f3242c2c5a1e72":39,"fbhash:80:a2c00f1789ec419679f3592d6fa0dbc1":39,"fbhash:80:819a4fd1eaab6918df7e04cf101d4090":39,"fbhash:80:d576f484ce2c3e7055ef96680c4d5f5d":39,"fbhash:80:b8f9919d9ff2b5b3f2082ef0426dc978":39}}
{"tlsh":"fbhash:80:b8f9919d9ff2b5b3f2082ef0426dc978","similarity_hash":"fbhash:80:b8f9919d9ff2b5b3f2082ef0426dc978","tags":["http_method","exploit_class_path","java_user_agent"],"protocol_label":"http","protocol_abstained":false,"protocol_confidence":0.99,"protocol_candidates":[{"protocol":"http","score":0.99,"evidence":["matched HTTP request/headers","tag evidence: http"]}],"xxh3_64_sum":"90519648a3fc0f7","tlsh_similarities":{}}
{"tlsh":"fbhash:80:d576f484ce2c3e7055ef96680c4d5f5d","similarity_hash":"fbhash:80:d576f484ce2c3e7055ef96680c4d5f5d","tags":["http_method","exploit_class_path","java_user_agent"],"protocol_label":"http","protocol_abstained":false,"protocol_confidence":0.99,"protocol_candidates":[{"protocol":"http","score":0.99,"evidence":["matched HTTP request/headers","tag evidence: http","similarity cluster boost from 1 neighbors"]}],"xxh3_64_sum":"8e17ec202c88d9a4","tlsh_similarities":{"fbhash:80:b8f9919d9ff2b5b3f2082ef0426dc978":39}}