This tool compares JA4+ fingerprint hashes against a database to identify similar clients or tools. It supports both local JSON databases and fetching the latest entries from the JA4DB API (json blob).
I wanted to create this as I believe JA4 is a super interesting concept from network traffic analysis perspective and I believe the JA4+ Suite is helping to revolutionize this analysis.
- Match JA4+ fingerprints based on similarity threshold.
- Generate
.txtreports for each hash. - Supports both local databases and remote API pull.
- Automatically creates the output directory if it doesn't exist.
- Add in structures for each JA4 hash type and measure similarity thresholds based on structural matches
go run main.go [OPTIONS] <ja4_hash_1> [<ja4_hash_2> ...]
| Flag | Description |
|---|---|
--pull, -p |
Pull latest JA4+ database from https://ja4db.com/api/read/. |
--input-db, -i |
Path to local JSON JA4+ database file (required if --pull not used). |
--output-dir, -o |
Output directory for reports. Defaults to current directory. |
Using API:
go run main.go --pull -o reports t13d1517h2_8daaf6152771_b0da82dd1658
Using local DB:
go run main.go -i ./db.json -o output t13d1517h2_8daaf6152771_b0da82dd1658
Each JA4+ hash input will generate a text file (e.g., t13d1517h2_8daaf6152771_b0da82dd1658.txt) inside the specified output directory, containing matching entries from the database.
MIT