Jump to content











Photo
- - - - -

ressdeep

linux windows mac checksum java fuzzy hashing spamsum ssdeep

  • Please log in to reply
No replies to this topic

#1 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 18 July 2012 - 08:37 AM

Posted Image

File Name: ressdeep
File Submitter: Nuno Brito
File Submitted: 18 Jul 2012
File Updated: 18 Jul 2012
File Category: Security

ressdeep is an implementation of the SpamSum/ssdeep algorithm originally created by Andrew Tridgell and later adapted to the context of files as ssdeep (http://ssdeep.sourceforge.net/) by Jesse Kornblum

This algorithm allows to compare two files and provide a percentage value that ranks their similarity. Particularly useful when comparing text files that only differ a few bytes, where traditional algorithms such as MD5 or SHA1 would provide a negative match. In some cases, this algorithm is also useful to detect variations of malware or variations of known files.

For me, the best analysis/description of the advantages, disadvantages and improvements of this algorithm are described by Frank Breitinger series of papers on this matter (one example): https://www.fbi.h-da...nger_ICDF2C.pdf


On this tool you find two advantages:
- A graphical user interface instead of plain command line
- A version that is based on Java, meaning that runs well on Windows, Linux, MacOSX for x64 and x86 CPU machines

The website virustotal provides ssdeep hashes on processed files. NIST provides 8 million ssdeep hashes at no cost. I will later be adding the NIST data directly available at http://filename.pro for your convenience.


note: To run in Linux/MacOS, please type from the command line:
java -jar ressdeep.exe

There are no plans at the moment to add a command line interface, for this purpose please refer to the ssdeep tool provided by Jesse Kornblum or to the PHP version by Simon Holywell: http://blog.simonhol...g-php-extension

Licensing
This tool is made available free of charge, following the community license guidelines at http://reboot.pro/about/license


Feedback is welcome, have fun!

Click here to download this file





Also tagged with one or more of these keywords: linux, windows, mac, checksum, java, fuzzy hashing, spamsum, ssdeep

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users