People think of the internet as a host for services like banking websites, blogs and social networks. However, this is only a small part of everything connected. The internet is home to a big range of IoT systems and machines as well. These vary from simple “smart” light switches, to machinery used in industrial plants.
One of the concerns stated in the yearly publication by the Dutch government called “Cybersecuritybeeld Nederland” (2019) was the lack of insight into malicious digital (state sponsored) activity towards vital infrastructure. …
TL;DR: JARM is very useful fingerprinting tool, but can be deceived by replaying server hello’s from other services.
The JARM scanner created by @SalesforceEng is quite an effective tool for system fingerprinting. It uses the Server Hello responses from a TLS handshake to generate a signature. These can then be used to find similar software or services. Ideal for finding C2 or other malicious servers that implement TLS. So, It doesn’t come as a surprise that Shodan.io uses this fingerprinting mechanism in their scanners. Read the Salesforce post for more information about the JARM library, scanner and its uses.