diff --git a/README.md b/README.md index bbb9790..4f6c9f9 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,44 @@ -# sensor-d4-tls-fingerprinting -Extracts TLS certificates from pcap files or network interfaces (tcpreassembly is done thanks to gopacket), fingerprints TLS client/server interactions with ja3/ja3s and print output in JSON form. +

+ sensor-d4-tls-fingerprinting +

+ Release + Software License + Go Report Card +

+

+ +**sensor-d4-tls-fingerprinting** is intended to be used to feed a D4 project client (It can be used in standalone though). + +# Main features + + * extracts TLS certificates from pcap files or network interfaces + * fingerprints TLS client/server interactions with ja3/ja3s + * fingerprints TLS interactions with TLSH fuzzy hashing + * write certificates in a folder + * export in JSON to files, or stdout + # Use -This project is currently in its very early stage and should not be used in production. - Check the list of issues. -## Install dependencies & go get +This project is currently in development and is subject to change, check the list of issues. + +## Compile from source +### requirements + * git + * golang >= 1.5 + * libpcap + ``` shell -$go get github.com/google/gopacket -$go get github.com/glaslos/tlsh -$go get github.com/D4-project/sensor-d4-tls-fingerprinting +#apt install golang git libpcap-dev ``` -make allows to compile for amd64 and arm ATM. +### Go get + +``` shell +$go get github.com/D4-project/sensor-d4-tls-fingerprinting +$cd $GOPATH/github.com/D4-project/sensor-d4-tls-fingerprinting +$ +``` +A "sensor-d4-tls-fingerprinting" compiled for your architecture should then be in $GOPATH/bin +Alternatively, use make to compile arm/linux or amd64/linux + ## How to use Read from pcap: diff --git a/media/gopherd4.png b/media/gopherd4.png new file mode 100644 index 0000000..94ea514 Binary files /dev/null and b/media/gopherd4.png differ