jarmed/README.md


[![Project Status: Active – The project has reached a stable, usable
state and is being actively
developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active)
[![Signed
by](https://img.shields.io/badge/Keybase-Verified-brightgreen.svg)](https://keybase.io/hrbrmstr)
![Signed commit
%](https://img.shields.io/badge/Signed_Commits-100%25-lightgrey.svg)
[![Linux build
Status](https://travis-ci.org/hrbrmstr/jarmed.svg?branch=master)](https://travis-ci.org/hrbrmstr/jarmed)  
![Minimal R
Version](https://img.shields.io/badge/R%3E%3D-3.6.0-blue.svg)
![License](https://img.shields.io/badge/License-BSD_3_clause%20+%20file%20LICENSE-blue.svg)

# jarmed

Fingerprint TLS Servers with Salesforece JARM Algorithm

## Description

The Salesforce JARM Tool <https://github.com/salesforce/jarm> is an
active Transport Layer Security (TLS) server fingerprinting tool. JARM
fingerprints can be used to quickly verify that all servers in a group
have the same TLS configuration; group disparate servers on the internet
by configuration, identifying that a server may belong to Google
vs. Salesforce vs. Apple, for example; Identify default applications or
infrastructure; and/or Identify malware command and control
infrastructure and other malicious servers on the Internet. Tools are
provided to generate JARM fingerprints.

## What’s Inside The Tin

The following functions are implemented:

-   `jarm_fingerprint`: Fingerprint a TLS server

## Installation

``` r
remotes::install_git("https://git.rud.is/hrbrmstr/jarmed.git")
# or
remotes::install_gitlab("hrbrmstr/jarmed")
# or
remotes::install_bitbucket("hrbrmstr/jarmed")
```

NOTE: To use the ‘remotes’ install options you will need to have the
[{remotes} package](https://github.com/r-lib/remotes) installed.

## Usage

``` r
library(jarmed)

# current version
packageVersion("jarmed")
## [1] '0.1.0'
```

``` r
(res <- jarm_fingerprint("rud.is"))
##   Host: rud.is
##   Port: 443
##     IP: 172.93.49.183
## Result: 15d2ad16d29d29d00015d2ad15d29dd1c3ca624d74ad1df5cec63008795502
##   JARM: 009e|0303|h2|0000-ff01-0010,c030|0303|h2|0000-ff01-000b-0010,009f|0303|h2|0000-ff01-0010,c02f|0303||0000-ff01-000b,c02f|0303||0000-ff01-000b,|||,009e|0303|h2|0000-ff01-0010,c030|0303|h2|0000-ff01-000b-0010,009e|0303|h2|0000-ff01-0010,c02f|0303|h2|0000-ff01-000b-0010

str(res, 1)
## List of 5
##  $ host  : chr "rud.is"
##  $ port  : int 443
##  $ ip    : chr "172.93.49.183"
##  $ result: chr "15d2ad16d29d29d00015d2ad15d29dd1c3ca624d74ad1df5cec63008795502"
##  $ jarm  : chr "009e|0303|h2|0000-ff01-0010,c030|0303|h2|0000-ff01-000b-0010,009f|0303|h2|0000-ff01-0010,c02f|0303||0000-ff01-0"| __truncated__
##  - attr(*, "class")= chr [1:2] "jarm_result" "list"
```

``` r
library(tidyverse)

c(
  "rud.is",
  "r-project.org",
  "rstudio.com",
  "apple.com"
) -> sites

sites %>% 
  map_df(jarm_fingerprint)
## # A tibble: 4 x 5
##   host       port ip        result                            jarm                                                      
##   <chr>     <int> <chr>     <chr>                             <chr>                                                     
## 1 rud.is      443 172.93.4… 15d2ad16d29d29d00015d2ad15d29dd1… 009e|0303|h2|0000-ff01-0010,c030|0303|h2|0000-ff01-000b-0…
## 2 r-projec…   443 137.208.… 07d19d1ad21d21d07c42d43d000000ee… 0033|0303|http/1.1|ff01-0000-0001-0023-0010-0017,00c0|030…
## 3 rstudio.…   443 104.198.… 2ad2ad16d2ad2ad00042d42d000000df… c030|0303|h2|ff01-0000-0001-000b-0023-0010-0017,c030|0303…
## 4 apple.com   443 17.253.1… 29d29d15d29d29d00041d41d0000004a… c02f|0303|http/1.0|ff01-0000-0001-000b-0023-0010-0017,c02…
```

## jarmed Metrics

| Lang | \# Files | (%) | LoC |  (%) | Blank lines |  (%) | \# Lines |  (%) |
|:-----|---------:|----:|----:|-----:|------------:|-----:|---------:|-----:|
| R    |        4 | 0.4 |  27 | 0.29 |          12 | 0.19 |       30 | 0.25 |
| Rmd  |        1 | 0.1 |  19 | 0.21 |          20 | 0.31 |       31 | 0.25 |
| SUM  |        5 | 0.5 |  46 | 0.50 |          32 | 0.50 |       61 | 0.50 |

clock Package Metrics for jarmed

## Code of Conduct

Please note that this project is released with a Contributor Code of
Conduct. By participating in this project you agree to abide by its
terms.
initial commit 3 years ago
			`[![Project Status: Active – The project has reached a stable, usable`
			`state and is being actively`
			`developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active)`
			`[![Signed`
			`by](https://img.shields.io/badge/Keybase-Verified-brightgreen.svg)](https://keybase.io/hrbrmstr)`
			`![Signed commit`
			`%](https://img.shields.io/badge/Signed_Commits-100%25-lightgrey.svg)`
			`[![Linux build`
			`Status](https://travis-ci.org/hrbrmstr/jarmed.svg?branch=master)](https://travis-ci.org/hrbrmstr/jarmed)`
			`![Minimal R`
			`Version](https://img.shields.io/badge/R%3E%3D-3.6.0-blue.svg)`
			`![License](https://img.shields.io/badge/License-BSD_3_clause%20+%20file%20LICENSE-blue.svg)`

			`# jarmed`

			`Fingerprint TLS Servers with Salesforece JARM Algorithm`

			`## Description`

			`The Salesforce JARM Tool <https://github.com/salesforce/jarm> is an`
			`active Transport Layer Security (TLS) server fingerprinting tool. JARM`
			`fingerprints can be used to quickly verify that all servers in a group`
			`have the same TLS configuration; group disparate servers on the internet`
			`by configuration, identifying that a server may belong to Google`
			`vs. Salesforce vs. Apple, for example; Identify default applications or`
			`infrastructure; and/or Identify malware command and control`
			`infrastructure and other malicious servers on the Internet. Tools are`
			`provided to generate JARM fingerprints.`

			`## What’s Inside The Tin`

			`The following functions are implemented:`

			- `jarm_fingerprint`: Fingerprint a TLS server

			`## Installation`

			``` r
			`remotes::install_git("https://git.rud.is/hrbrmstr/jarmed.git")`
			`# or`
			`remotes::install_gitlab("hrbrmstr/jarmed")`
			`# or`
			`remotes::install_bitbucket("hrbrmstr/jarmed")`
			```

			`NOTE: To use the ‘remotes’ install options you will need to have the`
			`[{remotes} package](https://github.com/r-lib/remotes) installed.`

			`## Usage`

			``` r
			`library(jarmed)`

			`# current version`
			`packageVersion("jarmed")`
			`## [1] '0.1.0'`
			```

			``` r
			`(res <- jarm_fingerprint("rud.is"))`
			`## Host: rud.is`
			`## Port: 443`
			`## IP: 172.93.49.183`
			`## Result: 15d2ad16d29d29d00015d2ad15d29dd1c3ca624d74ad1df5cec63008795502`
			`## JARM: 009e\|0303\|h2\|0000-ff01-0010,c030\|0303\|h2\|0000-ff01-000b-0010,009f\|0303\|h2\|0000-ff01-0010,c02f\|0303\|\|0000-ff01-000b,c02f\|0303\|\|0000-ff01-000b,\|\|\|,009e\|0303\|h2\|0000-ff01-0010,c030\|0303\|h2\|0000-ff01-000b-0010,009e\|0303\|h2\|0000-ff01-0010,c02f\|0303\|h2\|0000-ff01-000b-0010`

			`str(res, 1)`
			`## List of 5`
			`## $ host : chr "rud.is"`
			`## $ port : int 443`
			`## $ ip : chr "172.93.49.183"`
			`## $ result: chr "15d2ad16d29d29d00015d2ad15d29dd1c3ca624d74ad1df5cec63008795502"`
			`## $ jarm : chr "009e\|0303\|h2\|0000-ff01-0010,c030\|0303\|h2\|0000-ff01-000b-0010,009f\|0303\|h2\|0000-ff01-0010,c02f\|0303\|\|0000-ff01-0"\| __truncated__`
			`## - attr(*, "class")= chr [1:2] "jarm_result" "list"`
			```

			``` r
			`library(tidyverse)`

			`c(`
			`"rud.is",`
			`"r-project.org",`
			`"rstudio.com",`
			`"apple.com"`
			`) -> sites`

			`sites %>%`
			`map_df(jarm_fingerprint)`
			`## # A tibble: 4 x 5`
			`## host port ip result jarm`
			`## <chr> <int> <chr> <chr> <chr>`
			`## 1 rud.is 443 172.93.4… 15d2ad16d29d29d00015d2ad15d29dd1… 009e\|0303\|h2\|0000-ff01-0010,c030\|0303\|h2\|0000-ff01-000b-0…`
tweak due to IP addresses not coming back on some sites 3 years ago			`## 2 r-projec… 443 137.208.… 07d19d1ad21d21d07c42d43d000000ee… 0033\|0303\|http/1.1\|ff01-0000-0001-0023-0010-0017,00c0\|030…`
			`## 3 rstudio.… 443 104.198.… 2ad2ad16d2ad2ad00042d42d000000df… c030\|0303\|h2\|ff01-0000-0001-000b-0023-0010-0017,c030\|0303…`
			`## 4 apple.com 443 17.253.1… 29d29d15d29d29d00041d41d0000004a… c02f\|0303\|http/1.0\|ff01-0000-0001-000b-0023-0010-0017,c02…`
initial commit 3 years ago			```

			`## jarmed Metrics`

			`\| Lang \| \# Files \| (%) \| LoC \| (%) \| Blank lines \| (%) \| \# Lines \| (%) \|`
			`\|:-----\|---------:\|----:\|----:\|-----:\|------------:\|-----:\|---------:\|-----:\|`
			`\| R \| 4 \| 0.4 \| 27 \| 0.29 \| 12 \| 0.19 \| 30 \| 0.25 \|`
			`\| Rmd \| 1 \| 0.1 \| 19 \| 0.21 \| 20 \| 0.31 \| 31 \| 0.25 \|`
			`\| SUM \| 5 \| 0.5 \| 46 \| 0.50 \| 32 \| 0.50 \| 61 \| 0.50 \|`

			`clock Package Metrics for jarmed`

			`## Code of Conduct`

			`Please note that this project is released with a Contributor Code of`
			`Conduct. By participating in this project you agree to abide by its`
			`terms.`