def file_ssdeep(inputname): """returns the ssdeep hash of a file buffered, so memory isn't swamped when dealing with large files.""" h = ssdeep.Hash() with open(inputname, 'rb', buffering=0) as f: for b in iter(lambda: f.read(128*1024), b''): h.update(b) return h.digest()
def get_hashes(data): md5_hash = hashlib.md5() sha1_hash = hashlib.sha1() sha256_hash = hashlib.sha256() ssdeep_hash = ssdeep.Hash() md5_hash.update(data) sha1_hash.update(data) sha256_hash.update(data) ssdeep_hash.update(bytes(data)) return md5_hash.hexdigest(), sha1_hash.hexdigest( ), sha256_hash.hexdigest(), ssdeep_hash.digest()
def transform(cls, sample): """ Calculate sdeep for sample :param sample: :return: """ h = ssdeep.Hash() for chunk in sample.chunks(): h.update(chunk) sample.add('ssdeep.digest', h.digest()) block_size, block_chunks, double_block_chunks = cls.preprocess_hash( sample.get('ssdeep.digest')) sample.add('ssdeep.block_size', block_size) sample.add('ssdeep.block_chunks', block_chunks) sample.add('ssdeep.double_block_chunks', double_block_chunks)
def get_ssdeep(fname): """Get malware ssdeep Params: -fname Returns: - rslt """ hash_ssdeep = ssdeep.Hash() with open(fpath + fname, 'rb') as f: for chunk in iter(lambda: f.read(4096), b""): hash_ssdeep.update(chunk) rslt = hash_ssdeep.digest() return rslt
def get_hashes(file_path): with open(file_path, 'rb') as fh: md5 = hashlib.md5() sha1 = hashlib.sha1() xx32 = xxhash.xxh32() xx64 = xxhash.xxh64() ssdeep = deep.Hash() while True: data = fh.read(8192) if not data: break md5.update(data) sha1.update(data) xx32.update(data) xx64.update(data) ssdeep.update(data) return md5.hexdigest(), sha1.hexdigest(), xx32.hexdigest(), xx64.hexdigest( ), ssdeep.digest()
def create_object(self, obj): file = request.files['file'] file.stream.seek(0, os.SEEK_END) fsize = file.tell() if fsize == 0: raise BadRequest("Uploaded file is empty") sha256 = calc_hash(file.stream, hashlib.sha256(), lambda h: h.hexdigest()) file.stream.seek(0, os.SEEK_SET) fmagic = magic.from_buffer(file.stream.read()) # Create file first so we can add it without worrying about race conditions thanks to get_or_create db_file = File() db_file.file_name = secure_filename(request.files['file'].filename) db_file.file_size = fsize db_file.file_type = fmagic db_file.parents = [] db_file.crc32 = crc32_sum(file.stream) db_file.md5 = calc_hash(file.stream, hashlib.md5(), lambda h: h.hexdigest()) db_file.sha1 = calc_hash(file.stream, hashlib.sha1(), lambda h: h.hexdigest()) db_file.sha256 = sha256 db_file.dhash = sha256 db_file.sha512 = calc_hash(file.stream, hashlib.sha512(), lambda h: h.hexdigest()) db_file.humanhash = Humanhash._humanhash(sha256) db_file.ssdeep = calc_hash(file.stream, ssdeep.Hash(), lambda h: h.digest()) db_file.upload_time = datetime.now() if app_config.malwarecage.enable_maintenance and g.auth_user.login == app_config.malwarecage.admin_login: db_file.upload_time = obj.data.get("upload_time", datetime.now()) db_file, is_file_new = File.get_or_create(db_file, file) return db_file, is_file_new
def _init_hash(self, input): self.hobj = ssdeep.Hash()
def calc_ssdeep(stream): return calc_hash(stream, ssdeep.Hash(), lambda h: h.digest())
def setup(self, arg): self.h = ssdeep.Hash()
def get_ssdeep(code): binary = make_bytes(code) raw_hash = ssdeep.Hash() raw_hash.update(binary) return raw_hash.digest()
def test_update_02(self): obj = ssdeep.Hash() with pytest.raises(TypeError): obj.update(1234)
def test_update(self): obj = ssdeep.Hash() obj.update("Also called fuzzy hashes, Ctph can match inputs that have homologies.") res = obj.digest() assert res == "3:AXGBicFlgVNhBGcL6wCrFQEv:AXGHsNhxLsr2C"
def __init__(self, elffile): ELFHashFeature.__init__(self, elffile) self.hobj = ssdeep.Hash()
def ssdeep_hash(file): hash_fn = ssdeep.Hash() hash_fn.update(file.read()) file.seek(0) ret_val = hash_fn.digest() return ret_val