Scan for JARM data

Updated
  • Updated on Aug 28, 2025
  • Published on Apr 11, 2023
  • 1 minute(s) read
Prev Next

Silent Push allows you to search through data from our daily scans of the Internet's IPv4 range to obtain JARM data.

JARM (Just Another Ruby Mod) is a tool used to identify TLS servers based on their behavior and configuration, enabling security teams to identify servers that utilize outdated or insecure TLS configurations.

JARM works by sending a series of TLS messages to a server and analyzing the server's response. The tool then generates a unique fingerprint based on the response, which can be used to identify the server even if it is using a different IP address or domain name.

By comparing the JARM fingerprint of a server against a database of known malicious fingerprints, security teams can quickly identify potential threats and malicious servers engaged in phishing and/or malware operations, and take appropriate action.

JARM fingerprints also enable threat analysts to identify traffic patterns and connections across various attack vectors, and pinpoint the infrastructure and resources used by specific threat actors.

JARM data

  1. From the left navigation menu, select Advanced Query Builder > IPv4 Queries > Scan Data - JARM Usage.

  2. Specify an IPv4 address.

  3. (Optional) Add a netmask for a range.

  4. (Optional) Enter a jarm_hash.

  5. (Optional) Set a window (days) for recent results.

  6. (Optional) Skip results.

  7. Click Search.

Save Queries

Organizational users can save queries for future use or sharing.

  1. Specify query parameters.

  2. Click Save Query.

  3. Provide a Name and Description for context.

  4. Click Save. The query appears in Private Queries.