anti
ce2699455b
Add active TLS probing via JARM to identify C2 frameworks (Cobalt Strike, Sliver, Metasploit) by their TLS server implementation quirks. Runs as a detached host-level process — no container dependency. - decnet/prober/jarm.py: pure-stdlib JARM implementation (10 crafted probes) - decnet/prober/worker.py: standalone async worker with RFC 5424 + JSON output - CLI: `decnet probe --targets ip:port` and `--probe-targets` on deploy - Ingester: JARM bounty extraction (fingerprint type) - 68 new tests covering JARM logic and bounty extraction
14 lines
462 B
Python
14 lines
462 B
Python
"""
|
|
DECNET-PROBER — standalone active network probing service.
|
|
|
|
Runs as a detached host-level process (no container). Sends crafted TLS
|
|
probes to discover C2 frameworks and other attacker infrastructure via
|
|
JARM fingerprinting. Results are written as RFC 5424 syslog + JSON to the
|
|
same log file the collector uses, so the existing ingestion pipeline picks
|
|
them up automatically.
|
|
"""
|
|
|
|
from decnet.prober.worker import prober_worker
|
|
|
|
__all__ = ["prober_worker"]
|