Alternatives and similar repositories for ja3

Users that are interested in ja3 are comparing it to the libraries listed below

• FoxIO-LLC / ja4
  JA4+ is a suite of network fingerprinting standards
  ☆1,279Updated last week
• salesforce / jarm
  ☆1,224Updated last year
• cloudflare / mitmengine
  A MITM (monster-in-the-middle) detection tool. Used to build MALCOLM:
  ☆809Updated last year
• iagox86 / dnscat2
  ☆3,580Updated last year
• LeeBrotherston / tls-fingerprinting
  TLS Fingerprinting
  ☆388Updated 4 years ago
• zmap / zgrab2
  Fast Application Layer Scanner
  ☆1,868Updated this week
• activecm / rita-legacy
  Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…
  ☆2,509Updated 10 months ago
• Yara-Rules / rules
  Repository of yara rules
  ☆4,390Updated last year
• Neo23x0 / signature-base
  YARA signature and IOC database for my scanners and tools
  ☆2,619Updated this week
• p0f / p0f
  p0f unofficial git repo
  ☆492Updated 5 years ago
• EnableSecurity / wafw00f
  WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
  ☆5,649Updated 4 months ago
• ptresearch / AttackDetection
  Attack Detection
  ☆1,356Updated 2 years ago
• ivre / ivre
  Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run yo…
  ☆3,697Updated 2 weeks ago
• darkoperator / dnsrecon
  DNS Enumeration Script
  ☆2,764Updated 2 weeks ago
• Srinivas11789 / PcapXray
  PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highli…
  ☆1,723Updated 3 years ago
• cisagov / Malcolm
  Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs an…
  ☆2,118Updated this week
• ComodoSecurity / openedr
  Open EDR public repository
  ☆2,430Updated last year
• refraction-networking / utls
  Fork of the Go standard TLS library, providing low-level access to the ClientHello for mimicry purposes.
  ☆1,897Updated last week
• mitre / caldera
  Automated Adversary Emulation Platform
  ☆6,122Updated 3 weeks ago
• volatilityfoundation / volatility
  An advanced memory forensics framework
  ☆7,672Updated last year
• VirusTotal / yara
  The pattern matching swiss knife
  ☆8,758Updated 2 weeks ago
• NikolaiT / zardaxt
  Passive TCP/IP Fingerprinting Tool. Run this on your server and find out what Operating Systems your clients are *really* using.
  ☆350Updated last year
• arkime / arkime
  Arkime is an open source, large scale, full packet capturing, indexing, and database system.
  ☆6,630Updated this week
• salesforce / hassh
  HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints…
  ☆540Updated 2 weeks ago
• CUCyber / ja3transport
  Impersonating JA3 signatures
  ☆390Updated last year
• VirusTotal / yara-python
  The Python interface for YARA
  ☆691Updated 2 weeks ago
• NextronSystems / APTSimulator
  A toolset to make a system look as if it was the victim of an APT attack
  ☆2,591Updated last year
• mandiant / flare-floss
  FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
  ☆3,521Updated this week
• blechschmidt / massdns
  A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
  ☆3,334Updated 3 months ago
• blackorbird / APT_REPORT
  Interesting APT Report Collection And Some Special IOC
  ☆2,551Updated last week