Python ssdeep.hash_from_file() Examples
The following are 8
code examples of ssdeep.hash_from_file().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
ssdeep
, or try the search function
.
.
Example #1
| Source File: pescanner.py From CapTipper with GNU General Public License v3.0 | 6 votes |
|
def get_ssdeep(filename):
"""There are two Python bindings for ssdeep, each with a different interface. So we try
Jose's pyssdeep first and if it fails, try the one from pypi. Just install one or the other:
http://code.google.com/p/pyssdeep/
http://pypi.python.org/packages/source/s/ssdeep/ssdeep-2.5.tar.gz#md5=fd9e5271c01ca389cc621ae306327ab6
"""
try:
from ssdeep import ssdeep
s = ssdeep()
return s.hash_file(filename)
except:
try:
import ssdeep
return ssdeep.hash_from_file(filename)
except:
pass
return ''
Example #2
| Source File: pescanner.py From codex-backend with MIT License | 6 votes |
|
def get_ssdeep(filename):
"""There are two Python bindings for ssdeep, each with a different interface. So we try
Jose's pyssdeep first and if it fails, try the one from pypi. Just install one or the other:
http://code.google.com/p/pyssdeep/
http://pypi.python.org/packages/source/s/ssdeep/ssdeep-2.5.tar.gz#md5=fd9e5271c01ca389cc621ae306327ab6
"""
try:
from ssdeep import ssdeep
s = ssdeep()
return s.hash_file(filename)
except:
try:
import ssdeep
return ssdeep.hash_from_file(filename)
except:
pass
Example #3
| Source File: check_file.py From SSMA with GNU General Public License v3.0 | 5 votes |
|
def get_ssdeep(self):
try:
return ssdeep.hash_from_file(self.filename)
except ImportError:
pass
return ''
# this requires pefile v1.2.10-139 +
Example #4
| Source File: check_file.py From SSMA with GNU General Public License v3.0 | 5 votes |
|
def get_ssdeep(self):
try:
return ssdeep.hash_from_file(self.filename)
except ImportError:
pass
return ''
Example #5
| Source File: check_file.py From SSMA with GNU General Public License v3.0 | 5 votes |
|
def file_info(filename):
info = []
with open(filename, 'rb') as f:
file = f.read()
info.append("File: {}".format(filename))
info.append("Size: {} bytes".format(os.path.getsize(filename)))
info.append("Type: {}".format(magic.from_file(filename, mime=True)))
info.append("MD5: {}".format(hashlib.md5(file).hexdigest()))
info.append("SHA1: {}".format(hashlib.sha1(file).hexdigest()))
if ssdeep_r:
info.append("ssdeep: {}".format(ssdeep.hash_from_file(filename)))
return info
Example #6
| Source File: basic_analyze.py From MalAnalyzer with GNU General Public License v3.0 | 5 votes |
|
def get_ssdeep(self):
try:
return ssdeep.hash_from_file(self.filepath)
except Exception as e:
self.logger.exception('%s: %s' % (Exception, e))
Example #7
| Source File: ssdeeper.py From multiscanner with Mozilla Public License 2.0 | 5 votes |
|
def scan(filelist):
results = []
for fname in filelist:
goodtogo = False
i = 0
# Ran into a weird issue with file locking, this fixes it
while not goodtogo and i < 5:
try:
ssdeep_hash = ssdeep.hash_from_file(fname)
chunksize, chunk, double_chunk = ssdeep_hash.split(':')
chunksize = int(chunksize)
doc = {
'ssdeep_hash': ssdeep_hash,
'chunksize': chunksize,
'chunk': chunk,
'double_chunk': double_chunk,
'analyzed': 'false',
'matches': {},
}
results.append((fname, doc))
goodtogo = True
except Exception as e:
print('ssdeeper:', e)
time.sleep(3)
i += 1
metadata = {}
metadata["Name"] = NAME
metadata["Type"] = TYPE
metadata["Include"] = False
return (results, metadata)
Example #8
| Source File: ssdeep_python.py From Learning-Python-for-Forensics-Second-Edition with MIT License | 4 votes |
|
def main(known_file, comparison, output_type):
"""
The main function handles the main operations of the script
:param known_file: path to known file
:param comparison: path to look for similar files
:param output_type: type of output to provide
:return: None
"""
# Check output formats
if output_type not in OUTPUT_OPTS:
logger.error(
"Unsupported output format '{}' selected. Please "
"use one of {}".format(
output_type, ", ".join(OUTPUT_OPTS)))
sys.exit(2)
elif output_type == 'csv':
# Special handling for CSV headers
print('"similarity","known_file","known_hash",'
'"comp_file","comp_hash"')
# Check provided file paths
known_file = os.path.abspath(known_file)
comparison = os.path.abspath(comparison)
# Generate ssdeep signature for known file
if not os.path.exists(known_file):
logger.error("Error - path {} not found".format(
comparison))
sys.exit(1)
known_hash = ssdeep.hash_from_file(known_file)
# Generate and test ssdeep signature for comparison file(s)
if os.path.isdir(comparison):
# Process files in folders
for root, _, files in os.walk(comparison):
for f in files:
file_entry = os.path.join(root, f)
comp_hash = ssdeep.hash_from_file(file_entry)
comp_val = ssdeep.compare(known_hash, comp_hash)
output(known_file, known_hash,
file_entry, comp_hash,
comp_val, output_type)
elif os.path.isfile(comparison):
# Process a single file
comp_hash = ssdeep.hash_from_file(comparison)
comp_val = ssdeep.compare(known_hash, comp_hash)
output(known_file, known_hash, file_entry, comp_hash,
comp_val, output_type)
else:
logger.error("Error - path {} not found".format(
comparison))
sys.exit(1)
