NEW: security/ssdeep

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

NEW: security/ssdeep

Lawrence Teo-7
ssdeep is a fuzzy hashing program and library that is useful for finding
almost identical files.

From pkg/DESCR:
"ssdeep is a program for computing context triggered piecewise hashes (CTPH).
Also called fuzzy hashes, CTPH can match inputs that have homologies.  Such
inputs have sequences of identical bytes in the same order, although bytes
in between these sequences may be different in both content and length.

The package also includes a fuzzy hashing API, which is documented in the
README file."


Sample usage:

$ ssdeep /bsd
ssdeep,1.1--blocksize:hash:hash,filename
196608:0FEGkK3+KgZ50tiuWUcvExbAcLYZ3lbAn7YZqWE/j0yky8Q3oM3ocm7GAWJ:ZyUuUA7YEp,"/bsd"

This URL shows more usage examples:

http://ssdeep.sourceforge.net/usage.html#basic

ok?

Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/ssdeep

Lawrence Teo-7
On Wed, Mar 23, 2016 at 08:42:09PM -0400, Lawrence Teo wrote:

> ssdeep is a fuzzy hashing program and library that is useful for finding
> almost identical files.
>
> From pkg/DESCR:
> "ssdeep is a program for computing context triggered piecewise hashes (CTPH).
> Also called fuzzy hashes, CTPH can match inputs that have homologies.  Such
> inputs have sequences of identical bytes in the same order, although bytes
> in between these sequences may be different in both content and length.
>
> The package also includes a fuzzy hashing API, which is documented in the
> README file."
>
>
> Sample usage:
>
> $ ssdeep /bsd
> ssdeep,1.1--blocksize:hash:hash,filename
> 196608:0FEGkK3+KgZ50tiuWUcvExbAcLYZ3lbAn7YZqWE/j0yky8Q3oM3ocm7GAWJ:ZyUuUA7YEp,"/bsd"
>
> This URL shows more usage examples:
>
> http://ssdeep.sourceforge.net/usage.html#basic
>
> ok?
Let's try that again, with an attachment this time. :)

ssdeep.tar.gz (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/ssdeep

Michael McConville-3
Lawrence Teo wrote:

> On Wed, Mar 23, 2016 at 08:42:09PM -0400, Lawrence Teo wrote:
> > ssdeep is a fuzzy hashing program and library that is useful for finding
> > almost identical files.
> >
> > From pkg/DESCR:
> > "ssdeep is a program for computing context triggered piecewise hashes (CTPH).
> > Also called fuzzy hashes, CTPH can match inputs that have homologies.  Such
> > inputs have sequences of identical bytes in the same order, although bytes
> > in between these sequences may be different in both content and length.
> >
> > The package also includes a fuzzy hashing API, which is documented in the
> > README file."
> >
> >
> > Sample usage:
> >
> > $ ssdeep /bsd
> > ssdeep,1.1--blocksize:hash:hash,filename
> > 196608:0FEGkK3+KgZ50tiuWUcvExbAcLYZ3lbAn7YZqWE/j0yky8Q3oM3ocm7GAWJ:ZyUuUA7YEp,"/bsd"
> >
> > This URL shows more usage examples:
> >
> > http://ssdeep.sourceforge.net/usage.html#basic
> >
> > ok?
>
> Let's try that again, with an attachment this time. :)

Looks good to me. Clean Makefile, builds fine, runs fine, the PLIST
looks sane, and portcheck -N doesn't report anything.

Seems like a useful tool, too. I've been meaning to search for something
like this for a long time.

Should be reviewed by more experienced eyes, but ok mmcc@.

Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/ssdeep

Vadim Zhukov
In reply to this post by Lawrence Teo-7
2016-03-24 3:48 GMT+03:00 Lawrence Teo <[hidden email]>:

> On Wed, Mar 23, 2016 at 08:42:09PM -0400, Lawrence Teo wrote:
>> ssdeep is a fuzzy hashing program and library that is useful for finding
>> almost identical files.
>>
>> From pkg/DESCR:
>> "ssdeep is a program for computing context triggered piecewise hashes (CTPH).
>> Also called fuzzy hashes, CTPH can match inputs that have homologies.  Such
>> inputs have sequences of identical bytes in the same order, although bytes
>> in between these sequences may be different in both content and length.
>>
>> The package also includes a fuzzy hashing API, which is documented in the
>> README file."
>>
>>
>> Sample usage:
>>
>> $ ssdeep /bsd
>> ssdeep,1.1--blocksize:hash:hash,filename
>> 196608:0FEGkK3+KgZ50tiuWUcvExbAcLYZ3lbAn7YZqWE/j0yky8Q3oM3ocm7GAWJ:ZyUuUA7YEp,"/bsd"
>>
>> This URL shows more usage examples:
>>
>> http://ssdeep.sourceforge.net/usage.html#basic
>>
>> ok?
>
> Let's try that again, with an attachment this time. :)

okay zhuk@

--
  WBR,
  Vadim Zhukov