File Name: ressdeep
File Submitter: Nuno Brito
File Submitted: 18 Jul 2012
File Updated: 18 Jul 2012
File Category: Security
ressdeep is an implementation of the SpamSum/ssdeep algorithm originally created by Andrew Tridgell and later adapted to the context of files as ssdeep (http://ssdeep.sourceforge.net/) by Jesse Kornblum
This algorithm allows to compare two files and provide a percentage value that ranks their similarity. Particularly useful when comparing text files that only differ a few bytes, where traditional algorithms such as MD5 or SHA1 would provide a negative match. In some cases, this algorithm is also useful to detect variations of malware or variations of known files.
For me, the best analysis/description of the advantages, disadvantages and improvements of this algorithm are described by Frank Breitinger series of papers on this matter (one example): https://www.fbi.h-da...nger_ICDF2C.pdf
On this tool you find two advantages:
- A graphical user interface instead of plain command line
- A version that is based on Java, meaning that runs well on Windows, Linux, MacOSX for x64 and x86 CPU machines
The website virustotal provides ssdeep hashes on processed files. NIST provides 8 million ssdeep hashes at no cost. I will later be adding the NIST data directly available at http://filename.pro for your convenience.
note: To run in Linux/MacOS, please type from the command line:
java -jar ressdeep.exe
There are no plans at the moment to add a command line interface, for this purpose please refer to the ssdeep tool provided by Jesse Kornblum or to the PHP version by Simon Holywell: http://blog.simonhol...g-php-extension
This tool is made available free of charge, following the community license guidelines at http://reboot.pro/about/license
Feedback is welcome, have fun!
Click here to download this file