correlate
Cross-reference fingerprint data to validate consistency, detect honeypots, identify spoofing, compare profiles, reconstruct topology, detect C2 frameworks, and lookup hashes.
Instructions
Cross-layer correlation engine. Validates fingerprint consistency, detects honeypots, identifies spoofing, compares profiles, reconstructs infrastructure topology, detects C2 frameworks, and looks up fingerprint hashes.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| hash | No | Fingerprint hash (for identify) | |
| host | No | Target host (for c2) | |
| jarm | No | JARM hash | |
| port | No | Target port (for c2) | |
| type | Yes | Correlation type | |
| hassh | No | HASSH fingerprint | |
| certCn | No | Certificate CN (for c2) | |
| certOrg | No | Certificate Org (for c2) | |
| cookies | No | Cookie names | |
| certSans | No | Certificate SANs (for topology) | |
| hashType | No | Hash type (for identify) | |
| originIp | No | Origin IP (for topology) | |
| profile1 | No | First profile (for compare) | |
| profile2 | No | Second profile (for compare) | |
| services | No | Detected services (for honeypot) | |
| lbCookies | No | LB cookies (for topology) | |
| sshBanner | No | SSH banner | |
| dnsRecords | No | DNS records (for topology) | |
| tlsVersion | No | TLS version | |
| cdnProvider | No | CDN provider (for topology) | |
| headerOrder | No | Header ordering (for spoofing) | |
| serverHeader | No | Server header value | |
| openPortCount | No | Total open ports (for honeypot) | |
| sshAlgorithms | No | SSH algorithms | |
| certSelfSigned | No | Self-signed cert (for c2) | |
| claimedVersion | No | Claimed server version | |
| errorSignature | No | Error page signature | |
| headerOrderHash | No | Header order hash | |
| certValidityDays | No | Cert validity days (for c2) | |
| responseTimingMs | No | Response timing ms (for c2) | |
| internalHostnames | No | Internal hostnames (for topology) |