Network forensics without internet. By architecture.
SNF is a passive network intelligence engine written entirely in Rust. It captures
raw packets, reconstructs flows, fingerprints TLS/JA3/JA4, detects C2 beacons,
DGA domains, DNS tunnels, lateral movement, and ICS/SCADA abuse — then emits
structured NDJSON for forensic analysis and court-admissible evidence bundles.
Zero network calls. Ever.
SNF is a passive network intelligence engine and offline NDR platform. The SNF core engine performs deep packet inspection, TLS fingerprinting, JA3 and JA4 analysis, C2 beacon detection, DGA domain detection, DNS tunnel detection, lateral movement detection, and ICS SCADA protocol analysis without any network connectivity.
The SNF passive engine and snf-core binary run on Linux, RHEL, and Windows in forensic mode, monitor mode, and replay mode. Written entirely in Rust for maximum performance and memory safety. Shadow network fingerprinting has never been available in a fully offline, air-gap-native form until SNF.
SNF Labs is making the snf-core passive network fingerprinting engine available for acquisition. Contact [email protected] for serious inquiries about the shadow network fingerprinting engine.