Overview
Huginn Net is a Rust library for passive fingerprinting and analysis of multiple network protocols, including TCP, HTTP, and TLS.
Inspired by p0f and JA4, Huginn Net extends passive OS fingerprinting and TLS fingerprinting to support modern detection standards and multi-protocol analysis.
It leverages pnet, httparse, pcap-file, and tls-parser to analyze raw packets and extract protocol-specific features for robust, non-intrusive network monitoring.
Specifically, Huginn Net does not require any client-side software installation and can be used to analyze traffic on any network interface or via pcap files.
This library is under active development. Feedback and contributions welcome.
Network Stack (OSI Model)
| Layer | Name | Protocol / Feature | Example in Huginn Net |
|---|---|---|---|
| 7 | Application Layer | TLS | JA4 (FoxIO-style) |
| 7 | Application Layer | HTTP | Headers, User-Agent, Lang |
| 4 | Transport Layer | TCP | OS Fingerprinting (p0f-style) |
Passive Fingerprinting Introduction
Passive fingerprinting is a technique that allows you to infer information about a remote host's operating system, network stack, and browser without sending any probes. By analyzing characteristics of incoming TCP packets (such as window size, TTL, and TCP options), HTTP requests and responses, and TLS handshake packets.
To get started with cargo, simply add the following line to your Cargo.toml file.
[dependencies]
huginn-net = ""Features
Passive Analysis: Unlike active fingerprinting tools, huginn-net does not send any packets to the target host, making it less intrusive and more stealthy.
Modern Rust Implementation: Leveraging Rust's safety and concurrency features, huginn-net provides a reliable and efficient library for passive fingerprinting.
Extensibility: Designed with modularity in mind, allowing for easy addition of new fingerprinting signatures and heuristics.
Integration-Friendly: Can be integrated into various Rust-based network analysis tools and applications.
Use Cases
Network Monitoring: Identify operating systems and network devices on your network without active scanning.
Security Analysis: Detect potentially unauthorized devices or unexpected changes in your network's landscape.
Research: Study the distribution of operating systems and network stacks in different environments.
Inspiration
Library is heavily inspired by ideas from p0f and JA4.
p0f: Passive OS fingerprinting tool that analyzes TCP/IP stack behavior to identify operating systems without sending any probes.
JA4: Modern TLS fingerprinting standard that provides a structured way to identify client software and detect anomalies in TLS handshakes.
License
Licensed under the MIT License . Refer to the license file.