precursor 0.2.3

Pre-protocol payload tagging, similarity clustering, and packet/firmware triage CLI.
1
2
3
4

{"tlsh":"lzjd:8:498bfc24c71b6f6ab1e57dcd1520d55d","similarity_hash":"lzjd:8:498bfc24c71b6f6ab1e57dcd1520d55d","tags":["modbus_mbap"],"protocol_label":"unknown","protocol_abstained":true,"protocol_confidence":0.11090354888959125,"protocol_candidates":[{"protocol":"unknown","score":0.11090354888959125,"evidence":["no protocol heuristics matched","similarity cluster boost from 3 neighbors"]}],"xxh3_64_sum":"e40a7db551b7707f","tlsh_similarities":{"lzjd:17:e4ac19d2d0f0cb47627835204f9bb5e5":100,"lzjd:21:bd02b220d6815f4fa7dc7a9c6f55e468":84,"lzjd:54:eeab9896f636bae081b935f08a3a4981":100}}
{"tlsh":"lzjd:21:bd02b220d6815f4fa7dc7a9c6f55e468","similarity_hash":"lzjd:21:bd02b220d6815f4fa7dc7a9c6f55e468","tags":["tls_handshake_record"],"protocol_label":"tls","protocol_abstained":false,"protocol_confidence":0.99,"protocol_candidates":[{"protocol":"tls","score":0.99,"evidence":["matched TLS handshake prefix 16 03 xx","tag evidence: tls/ssl","similarity cluster boost from 1 neighbors"]}],"xxh3_64_sum":"e05fe49d391d884a","tlsh_similarities":{"lzjd:54:eeab9896f636bae081b935f08a3a4981":99}}
{"tlsh":"lzjd:17:e4ac19d2d0f0cb47627835204f9bb5e5","similarity_hash":"lzjd:17:e4ac19d2d0f0cb47627835204f9bb5e5","tags":["ssh_banner"],"protocol_label":"ssh","protocol_abstained":false,"protocol_confidence":0.99,"protocol_candidates":[{"protocol":"ssh","score":0.99,"evidence":["matched SSH identification banner","tag evidence: ssh","similarity cluster boost from 2 neighbors"]},{"protocol":"dns_or_domain_payload","score":0.5278889830934488,"evidence":["domain-like token shape","similarity cluster boost from 2 neighbors"]}],"xxh3_64_sum":"334a496385b190eb","tlsh_similarities":{"lzjd:21:bd02b220d6815f4fa7dc7a9c6f55e468":100,"lzjd:54:eeab9896f636bae081b935f08a3a4981":87}}
{"tlsh":"lzjd:54:eeab9896f636bae081b935f08a3a4981","similarity_hash":"lzjd:54:eeab9896f636bae081b935f08a3a4981","tags":["http_method"],"protocol_label":"http","protocol_abstained":false,"protocol_confidence":0.99,"protocol_candidates":[{"protocol":"http","score":0.99,"evidence":["matched HTTP request/headers","tag evidence: http"]}],"xxh3_64_sum":"53fc4f37dbc42574","tlsh_similarities":{}}