☀️ 🌙

DNS4 Network Fingerprinting

Identify devices, software, and threats through multi-protocol analysis

What is DNS4?

DNS4 is DNS Science's proprietary network fingerprinting suite that identifies devices, software, and threats by analyzing network traffic patterns. Unlike traditional fingerprinting tools, DNS4 uniquely correlates network behavior with DNS intelligence, providing unprecedented visibility into infrastructure and security posture.

Problems DNS4 Solves
  • What devices are on my network? Mobile, IoT, servers, unknown devices
  • What software versions are running? Outdated clients, vulnerable services
  • Are there malicious actors? C2 traffic, data exfiltration, botnet activity
  • Who's using VPNs/proxies? Legitimate privacy tools vs. threat actor obfuscation
  • Is this traffic bot or human? Automated scrapers vs. real users
The 7 Fingerprinting Methods
DNS4-TLS

TLS Server Analysis

  • Server software identification
  • TLS configuration quality
  • Infrastructure patterns
DNS4-HTTP

HTTP Header Fingerprinting

  • Bot vs. human detection
  • Browser identification
  • Suspicious user agents
DNS4-CERT

Certificate Behavior Analysis

  • Certificate reuse tracking
  • Self-signed detection
  • CT log analysis
DNS4-SSH

SSH Client Identification

  • SSH client fingerprinting
  • Brute-force detection
  • Scanner identification
DNS4-TCP

TCP Stack Fingerprinting

  • OS identification
  • Device type detection
  • Spoofing detection
DNS4-LAT

Latency Analysis

  • VPN/proxy detection
  • Geographic mismatch
  • BGP hijacking detection
JA4 Integration

FoxIO's open-source client TLS fingerprinting standard

  • Known malware signatures
  • Application detection
  • C2 communication patterns
Quick Start
TLS Server Analysis
curl -X POST https://api.dnsscience.io/v1/dns4/tls \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "target": "example.com",
    "port": 443
  }'
Python SDK
pip install dnsscience
from dnsscience import DNS4Client

client = DNS4Client(api_key="YOUR_API_KEY")

# TLS analysis
tls = client.tls.analyze("example.com")
print(f"Server: {tls.server_software}")
print(f"Score: {tls.security_score}/100")

# Unified analysis
analysis = client.analyze("example.com", methods=["tls", "http", "cert"])
print(f"Risk Score: {analysis.threat_summary.risk_score}/100")
API Endpoints
Endpoint Method Description
/v1/dns4/tls POST TLS server fingerprinting
/v1/dns4/http POST HTTP header analysis
/v1/dns4/cert POST Certificate analysis
/v1/dns4/ssh POST SSH fingerprinting
/v1/dns4/tcp POST TCP stack fingerprinting
/v1/dns4/lat POST Latency analysis
/v1/dns4/analyze POST Unified multi-method analysis
/v1/dns4/history GET Historical fingerprint data
Example Response
DNS4-TLS Response
{
  "fingerprint": "t13d1516h2_e92c3fa1e5d2_a4b8c9",
  "server_software": "nginx/1.21.6",
  "tls_version": "TLS 1.3",
  "cipher_suite": "TLS_AES_256_GCM_SHA384",
  "security_score": 95,
  "certificate": {
    "issuer": "Let's Encrypt",
    "subject": "example.com",
    "valid_to": "2024-04-01T00:00:00Z"
  },
  "threat_intel": {
    "is_malicious": false,
    "is_blacklisted": false
  },
  "dns_correlation": {
    "domain_age_days": 3650,
    "registrar": "Example Registrar Inc.",
    "recent_ip_changes": false
  }
}
API Tiers
Tier Rate Limit DNS4 Access
Free 100/day None
Essentials 80,000/day DNS4-TLS only
Professional 135,000/day Full Suite
Research 275,000/day Full Suite + Bulk
Enterprise Unlimited Full Suite + Custom
View Pricing
Use Cases
Enterprise Security
  • Identify unauthorized devices
  • Detect C2 communication
  • Track certificate reuse
Threat Intelligence
  • Map attacker infrastructure
  • Track threat actor TTPs
  • Identify malware families
Fraud Prevention
  • Detect VPN/proxy usage
  • Identify OS spoofing
  • Distinguish bots from humans
MSSPs
  • Multi-tenant architecture
  • Per-client data isolation
  • Scalable pricing
SDKs

Python

pip install dnsscience

Node.js

npm install @dnsscience/dns4

Go

go get github.com/dnsscience/dns4-go
Support