precursor.hashdb.io

Pre-Protocol Payload Triage for Packets, Logs, and Firmware Fragments

Precursor tags payloads with named captures, clusters near-matches with TLSH/LZJD (and optional MRSHv2 adapter mode), and emits JSON designed for SOC pipelines and LLM-guided protocol discovery loops.

GitHub Try Demo Scenarios

Dual Input Shapes

Text/base64/hex now, raw-binary expansion in active roadmap.

Similarity Modes

TLSH + LZJD implemented, MRSHv2 available behind native adapter feature.

Discovery Loop

Protocol hints + single-packet inference for human and LLM analysis loops.

Why Install Precursor

One command turns opaque payload streams into tags, clusters, and protocol confidence output you can act on immediately.

Input stream

GET /admin HTTP/1.1 16 03 03 ... 00 01 00 00 00 06 11 03 ...

Tag + similarity

  • tags: ["http_method"]
  • similarity_hash: "lzjd:..."
  • tlsh_similarities: {...}

Actionable triage

http 0.93
tls 0.90
firmware_binary 0.86
Sample JSON line 
{"protocol_label":"http","protocol_confidence":0.93,"similarity_hash":"lzjd:128:...","tags":["http_method"]}

Scenario Demos

These examples map directly to files committed under samples/scenarios/.

Command
Expected signal

High-Impact Use Cases

Exploit Spray Triage

Cluster scanner traffic before parser development and identify repeated payload families quickly.

ICS/OT Packet Discovery

Start from single packets when DPI fails or protocol metadata is missing.

Firmware Fragment Sorting

Tag binary fragments by magic + similarity to route unknown blobs to the right analyst workflow.

Deploy This Site to GitHub Pages

  1. Enable Pages in repository settings and select GitHub Actions as source.
  2. Create DNS record: precursor.hashdb.io CNAME obsecurus.github.io.
  3. Push to main; workflow pages.yml publishes site/.