API Documentation
Overview
A JARM fingerprint is a signature for a server's TLS stack.
Driftnet takes JARM fingerprints from every TLS server it encounters, no matter the port that server is running on.
Searching
Fingerprints can be looked up either by JARM hash:
Example Request
curl -s -H 'Authorization: Bearer <your-api-token>' \
'https://api.driftnet.io/v1/scan/jarm?hash=29d3fd00029d29d00042d43d00041df6ab62833359bd21fbf27287504787f8' \
| jq . \
| less -S...or by IP address or CIDR range:
Example Request
curl -s -H 'Authorization: Bearer <your-api-token>' \
'https://api.driftnet.io/v1/scan/jarm?ip=8.8.8.0/24' \
| jq . \
| less -SExample Response
{
"page": 0,
"pages": 1,
"result_count": 20,
"results": [
{
"date": "2019-05-13",
"id": "auAgGXRnS8WguQIdjPhfvw",
"items": [
{
"context": "",
"is_metadata": true,
"type": "ip",
"value": "8.8.8.8"
},
{
"context": "",
"is_metadata": true,
"type": "port-tcp",
"value": "853"
},
{
"context": "",
"is_metadata": false,
"type": "jarm-rawhash",
"value": "c02f|0303||0017-ff01-000b-0023,cca8|0303||0017-ff01-000b-0023,...
},
{
"context": "",
"is_metadata": false,
"type": "jarm-fuzzyhash",
"value": "29d3fd00029d29d00042d43d00041df6ab62833359bd21fbf27287504787f8"
}
]
},
...Results are in the same "report" format described in the Internet Scans section. They include the IP address, port, and the raw and fuzzy JARM hashes.
The scan/jarm endpoint also accepts the page=, from= / to=, filter= and summarize= parameters. These work in exactly the same way as described in the Internet Scans section.
To see only the most recent lookup results for an IP and port, set the most_recent=true parameter.