mirror of
https://github.com/mubix/kaliwiki.git
synced 2025-10-29 16:59:26 +00:00
1.8 KiB
1.8 KiB
hfind.md
Notes
hfind - Lookup a hash value in a hash database
Help Text
usage: hfind [-eqV] [-f lookup_file] [-i db_type] db_file [hashes]
-e: Extended mode - where values other than just the name are printed
-q: Quick mode - where a 1 is printed if it is found, else 0
-V: Print version to STDOUT
-f lookup_file: File with one hash per line to lookup
-i db_type: Create index file for a given hash database type
db_file: The location of the original hash database
[hashes]: hashes to lookup (STDIN is used otherwise)
Supported types: nsrl-md5, nsrl-sha1, md5sum, hk
Example Usage
To create an MD5 index file for NIST NSRL:
* hfind -i nsrl-md5 /usr/local/hash/nsrl/NSRLFile.txt
To lookup a value in the NSRL:
* hfind /usr/local/hash/nsrl/NSRLFile.txt 76b1f4de1522c20b67acc132937cf82e
76b1f4de1522c20b67acc132937cf82e Hash Not Found
You can even do both SHA-1 and MD5 if you want:
* hfind -i nsrl-sha1 /usr/local/hash/nsrl/NSRLFile.txt
* hfind /usr/local/hash/nsrl/NSRLFile.txt
76b1f4de1522c20b67acc132937cf82e
80001A80B3F1B80076B297CEE8805AAA04E1B5BA
76b1f4de1522c20b67acc132937cf82e Hash Not Found
80001A80B3F1B80076B297CEE8805AAA04E1B5BA thrdcore.cpp
To make a database of critical binaries of a trusted system, use ’md5sum’:
* md5sum /bin/* /sbin/* /usr/bin/* /usr/bin/* /usr/local/bin/* /usr/local/sbin/* > system.md5
* hfind -i md5sum system.md5
To look entries up, the following will work:
* hfind system.md5 76b1f4de1522c20b67acc132937cf82e
76b1f4de1522c20b67acc132937cf82e Hash Not Found
or
* md5sum -q /bin/* | hfind system.md5
928682269cd3edb1acdf9a7f7e606ff2 /bin/bash
<...>
or
* md5sum -q /bin/* > bin.md5
* hfind -f bin.md5 system.md5
928682269cd3edb1acdf9a7f7e606ff2 /bin/bash
<...>