anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

chore: update templates and development documentation

Browse Source 
- templates/sniffer/decnet_logging.py: add logging configuration for sniffer integration
- templates/ssh/decnet_logging.py: add SSH service logging template
- development/DEVELOPMENT.md: document new MySQL backend, p0f, profiler, config API features
- pyproject.toml: update dependencies for MySQL, p0f, profiler functionality
This commit is contained in:
anti
2026-04-15 12:51:22 -04:00
parent ddfb232590
commit 7d10b78d50
4 changed files with 102 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
development/DEVELOPMENT.md
View File

@@ -89,11 +89,11 @@
### TLS/SSL Fingerprinting (via sniffer container)
- [x] **JA3/JA3S** — TLS ClientHello/ServerHello fingerprint hashes
- [ ] **JA4+ family** — JA4, JA4S, JA4H, JA4L (latency/geo estimation via RTT)
- [ ] **JARM** — Active server fingerprint; identifies C2 framework from TLS server behavior
- [ ] **CYU** — Citrix-specific TLS fingerprint
- [ ] **TLS session resumption behavior** — Identifies tooling by how it handles session tickets
- [ ] **Certificate details** — CN, SANs, issuer, validity period, self-signed flag (attacker-run servers)
- [x] **JA4+ family** — JA4, JA4S, JA4H, JA4L (latency/geo estimation via RTT)
- [x] **JARM** — Active server fingerprint; identifies C2 framework from TLS server behavior
- [~] **CYU** — Citrix-specific TLS fingerprint: WILL NOT implement pre-v1. Don't have that kind of data.
- [x] **TLS session resumption behavior** — Identifies tooling by how it handles session tickets
- [x] **Certificate details** — CN, SANs, issuer, validity period, self-signed flag (attacker-run servers)
### Timing & Behavioral
- [ ] **Inter-packet arrival times** — OS TCP stack fingerprint + beaconing interval detection