table of contents
other versions
- wheezy 3.2.3-2
- wheezy-backports 4.1.3-3~bpo70+1
- jessie 4.1.3-4
- testing 4.4.0-5
- unstable 4.4.0-5
HFIND(1) | General Commands Manual | HFIND(1) |
NAME¶
hfind - Lookup a hash value in a hash databaseSYNOPSIS¶
hfind [-i db_type ] [-f lookup_file ] [-eq] db_file [hashes]DESCRIPTION¶
hfind looks up hash values in a database using a binary search algorithm. This allows one to easily create a hash database and identify if a file is known or not. It works with the NIST National Software Reference Library (NSRL) and the output of 'md5sum'.ARGUMENTS¶
- -i db_type
- Create an index file for the database. This step must be done before a lookup can be performed. The 'db_type' argument specifies the database type (i.e. nsrl-md5 or md5sum). See section below.
- -f lookup_file
- Specify the location of a file that contains one hash value per line. These hashes will be looked up in the database.
- -e
- Extended mode. Additional information besides just the name is printed. (Does not apply for all hash database types).
- -q
- Quick mode. Instead of displaying the corresponding information with the hash, just display 0 if the hash was not found and 1 if it was. If this flag is used, then only one hash can be given at a time.
- -V
- Display version
- db_file
- The location of the hash database file.
- [hashes]
- The hashes to lookup. If they are not supplied on the
command line, STDIN is used. If index files exist for both SHA-1 and MD5
hashes, then both types of hashes can be given at runtime.
INDEX FILE¶
hfind uses an index file to perform a binary search for a hash value. This is much faster than using 'grep', which will do a linear search. Before a hash database is used, a corresponding index file must be created. This is done with the '-i' option to hfind.MD5 (test.txt) = 76b1f4de1522c20b67acc132937cf82e
76b1f4de1522c20b67acc132937cf82e test.txt
EXAMPLES¶
To create an MD5 index file for NIST NSRL:# hfind -i nsrl-md5 /usr/local/hash/nsrl/NSRLFile.txt
# hfind /usr/local/hash/nsrl/NSRLFile.txt 76b1f4de1522c20b67acc132937cf82e
76b1f4de1522c20b67acc132937cf82e Hash Not Found
# hfind -i nsrl-sha1 /usr/local/hash/nsrl/NSRLFile.txt
# hfind /usr/local/hash/nsrl/NSRLFile.txt
76b1f4de1522c20b67acc132937cf82e
80001A80B3F1B80076B297CEE8805AAA04E1B5BA
76b1f4de1522c20b67acc132937cf82e Hash Not Found
80001A80B3F1B80076B297CEE8805AAA04E1B5BA thrdcore.cpp
# md5sum /bin/* /sbin/* /usr/bin/* /usr/bin/* /usr/local/bin/* /usr/local/sbin/* > system.md5
# hfind -i md5sum system.md5
# hfind system.md5 76b1f4de1522c20b67acc132937cf82e
76b1f4de1522c20b67acc132937cf82e Hash Not Found
# md5sum -q /bin/* | hfind system.md5
928682269cd3edb1acdf9a7f7e606ff2 /bin/bash
<...>
# md5sum -q /bin/* > bin.md5
# hfind -f bin.md5 system.md5
928682269cd3edb1acdf9a7f7e606ff2 /bin/bash
<...>