The D4 project is composed of various open source software to run a complete sensor network including analysing traffic to discover DDoS activities, malicious activities or even collect Passive DNS records.

D4 overview

D4 core software

The D4 core software are the open source software components designed to run a D4 sensor or running a complete sensor network including server, sensors and components.


  • version 0.2 - D4 server is an implementation D4 server written in Python 3.6 which can handle D4 clients (sensors), manage the sensors registration and dispatch to the analyzers.

d4 client

  • version 0.2 - D4 client is a simple and minimal C implementation of the D4 encapsulation protocol.

d4 goclient

  • version 0.1 - d4-goclient is a D4 project client (sensor) implementing the D4 encapsulation protocol. The client can be used on different targets and architectures to collect network capture, logs, specific network monitoring and send it back to a D4 server.

D4 add-on software

D4 is composed of different building blocks which can be used depending of your need and requirements.


analyzer-d4-passivedns is an analyzer for a D4 network sensor. The analyser can process data produced by D4 sensors (in passivedns CSV format (more to come)) and ingest them into a Passive DNS server which can be queried later to search for the Passive DNS records.

The analyzer includes a compliant Passive DNS ReST server compliant to Common Output Format.


Extract TLS certificates from pcap files or network interfaces, fingerprint TLS client/server interactions with ja3/ja3s


analyzer-d4-pibs is a Passive Identification of BackScatter analyzer for the D4 sensor network capturing raw packet in pcap.

D4 complementary software

Complementary software which are developed in the scope of the D4 project to support security researcher, analysts and network engineers.

IP ASN History

IP ASN History is an online server and open source software to find the ASN announcing an IP range in a specific time range.

BGP Ranking