|
A deterministic, offline-first packet analysis engine written in Rust. Built for environments where cloud tools aren't an option. Air-gap safe. Zero cloud. Zero network calls.
|
What it detects β fully offline: π‘οΈ JA3/JA4 TLS fingerprinting Same PCAP β SHA-256 identical output. Always. |
| Phase | Feature | Status |
|---|---|---|
| β 19 | Offline Threat Intel β IOC matching, JA3/JA4 threat actor attribution | DONE |
| π¨ 20 | PCAP Redaction Engine β anonymize IPs/MACs for safe PCAP sharing | IN PROGRESS |
| π 21 | Hardware Fingerprinting β passive OS/device detection from TTL, TCP window | PLANNED |
| π 22 | Multi-PCAP Correlation β track persistent threat actors across captures | PLANNED |
| π 23 | Query Extension β show flows where bytes > 1MB on stored sessions |
PLANNED |
| π 24 | SIEM Export β Splunk/Elastic/CEF file-based export | PLANNED |
Core: Rust Β· pcap Β· etherparse Β· md5 Β· sha2 Β· serde
Domains: Network forensics Β· Threat intelligence Β· ICS/SCADA security Β· TLS fingerprinting
Platforms: RHEL 9 Β· Windows 11 Β· Cross-platform deterministic builds
Building the commercial edition of SNF β advanced threat detection, behavioral analysis, graph engine, timeline reconstruction, and SIEM integration. Open core model: SNF-Core is free forever. Pro edition coming soon.
If you work in network security, DFIR, or ICS/OT β SNF-Core might be useful to you.
Star the repo if it is β