Actions
Feature #2698
closedhassh and hasshServer for ssh fingerprinting
Effort:
Difficulty:
Label:
Protocol
Description
As discussed at Suricon2018, it would be great to have JA3 for non-https as well. This ticket is for SSH.
The SSH parser currently doesn't really inspect the handshake, so it will be a bit of work probably.
Updated by Victor Julien almost 6 years ago
- Related to Task #2685: SuriCon 2018 brainstorm added
Updated by Mats Klepsland almost 6 years ago
The JA3 equivalent for SSH is called hassh (and hasshServer for JA3s):
https://github.com/salesforce/hassh
It would force me to learn some Rust, so it's a nice little project I think :)
Updated by Mats Klepsland almost 6 years ago
- Subject changed from ja3/ja3s for ssh to hassh and hasshServer for ssh fingerprinting
Updated by Victor Julien almost 5 years ago
- Blocked by Feature #3445: Convert SSH parser to Rust added
Updated by Vadym Malakhatko over 4 years ago
Developed a fully functional version of "hassh" on top of Feature #3445 branch (ssh-rust-v12), will rebase after ssh conversion will be finished.
https://github.com/MalakhatkoVadym/suricata/tree/hassh-feature-2698-v1
Updated by Vadym Malakhatko over 4 years ago
Updated hassh on top of ssh-rust-v19
https://github.com/MalakhatkoVadym/suricata-hassh/tree/hassh-feature-2698-v1
Updated by Victor Julien over 4 years ago
- Status changed from Assigned to Closed
- Assignee changed from Mats Klepsland to Vadym Malakhatko
- Target version changed from TBD to 6.0.0beta1
- Effort deleted (
medium) - Difficulty deleted (
medium)
Actions