HTTP-Basma - Platform Update (v3.0 - Gaudi)
We empower businesses with cutting-edge software and expert services to navigate the complexities of today's cyber landscape. Secure your network with cutting-edge software and services that ensure your safety and peace of mind!
Following the first release of HTTP-Basma on May 20, 2026, on Netomize's official GitHub repository, including the research paper, source code, datasets, and 64-bit release versions for Windows and Linux, we launched the server edition (not publicly available) on our server on June 2nd at https://httpbasma.netomize.ca/. The server edition exposes multiple functionalities in HTTP-Basma, using dedicated routes as HTTP REST APIs. The first release of the live version was limited to fetching fingerprints with different levels of detail, allowing users to proxy probes via their own HTTP(S)/SOCKS proxy, demangle the fingerprint, compare it to another one, and search the majestic million HTTP-Basma database for matches.
In today's release, we've enhanced the live version with new features designed to assist the broader community in contributing to and maintaining a public database of all fingerprints fetched by any platform user.
The list of new features includes:
A dedicated and optional (enabled by default)
Save to Databasesection on the Fingerprint tab allows users to save fetched fingerprints in full detail to our server. You can also tag these entries to provide additional context about the submitted domain or server.Although tagging is optional, it is highly recommended. When you enable the
Save result to databaseoption in theSave to Databasesection of the Fingerprint tab, the TAGS input field becomes available. Applying tags allows you to easily cluster, categorize, and search through collected domains, for example, by tagging a domain with a specific APT actor name if its affiliation is known. You can query these tags directly within theSearchtab.If you submit a domain/server for fingerprinting with your own tags, and that domain already exists in the database, with the same fingerprint, but different tags, then the existing record's list of tags will be merged with the new ones.
Please tag your submissions, as this will benefit every user of the platform.
This is how this feature looks:
A new tab named
Recentthat displays the most recently fingerprinted servers from the HTTP-Basma database. We provide select columns from the database to display, such as the domain/server name, verbosus and pacto fingerprints, date and time probe P1 was issued, port number, is_ssl Boolean flag, the experimental response header fingerprint for probe P1, and all tags associated with the fingerprinted server/domain.- This is one of the most recently submitted domains:
A new tab named
Search. Search the live HTTP-Basma database by column. Pick what to search for, fill in the query, and run it - the total number of matches is always reported. You can search by the verbosus/pacto fingerprints, list of tags (supports AND/OR operators), P1 response header fingerprint and domain/server, using different matching operators unique per column.- The search section looks as follows:
Other updates include:
The domain input box in the fingerprint tab now accepts Unicode domains and converts them to Punycode. While only the Punycode version is stored in the database, both the Unicode and Punycode versions are displayed side by side.
The
Follow Redirectsfeature was not being configured on the backend server. This issue has been resolved, and now the final redirected URL is fingerprinted. The releases on GitHub remain unaffected by this bug.Updated FAQ and Privacy pages.
Some adjustments to various UI elements.
Enjoy and use responsibly.
Mohamad Mokbel
June 09, 2026