ssdeep - Online in the Cloud

This is the command ssdeep that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


ssdeep - Computes context triggered piecewise hashes (fuzzy hashes)

SYNOPSIS


ssdeep [-m <file>] [-k <file>] [-vdprgsblcxa] [-t val] [FILES]
ssdeep [-V|h]

DESCRIPTION


Computes a signature based on context triggered piecewise hashes for each input file, also
called a fuzzy hash. If requested, the program matches those signatures against a file of
known signatures and reports any possible matches. It can also examine one or more files
of signatures and find any matches in those files. Output is written to standard out and
errors to standard error.

-m <file>
Loads the specified file of known hashes to be used for matching. This file must be
a previous output of the program. The program then hashes each entry in FILES and
compares these signatures to the known signatures. Any matches which score above
the threshold are displayed. This flag may be used multiple times to load more
known signatures. This flag may not be used with the -k or -x flags.

-k <file>
Load the specified file of known hashes to be used for matching. This file must be
a previous output of the program. The program then treats each entry in FILES as a
set of known hashes as well. The hashes in these FILES are compared to the known
hashes from this file. Matches which score above the threshold are displayed. Both
the file specified here and the input FILES should contain fuzzy hashes. This flag
may be used multiple times to load more known signatures. This flag may not be
used with the -m, -d, or -p flags.

-v Verbose mode. The name of each file is printed to standard error as it is being
hashed.

-d Computes a signature for each entry in the FILES and compares it to the set of
known signatures. Matches which score above the threshold are displayed. The
computed signature is then added to the set of known signatures. This flag may not
be used with the -k or -x flags.

-p Works like the -d flag, but displays all matches for each file. That is, for two
files A and B which match score above the threshold, displays "A matches B" and "B
matches A". This flag may not be used with the -k or -x flags.

-r Enables recursive mode. All subdirectories are traversed. Please note that
recursive mode cannot be used to examine all files of a given file extension. For
example, invoking the program with -r *.txt will examine all files in directories
that end in .txt. If you want to process all files in a directory tree with the
.txt suffix, try using the find(1) command.

-g Similar files are grouped together into clusters. This can be handy for finding
more similar files. That is, if you are searching for file A, which matches B,
anything which matches B will also be included in the cluster.

-s Silent mode. All error messages are suppressed.

-b Enables bare mode. Strips any leading directory information from displayed
filenames. This flag may not be used in conjunction with the -l flag.

-l Enables relative file paths. Instead of printing the absolute path for each file,
displays the relative file path as indicated on the command line. This flag may not
be used in conjunction with the -b flag.

-c Enables comma separated output mode. In any of the matching modes -d, -p, or -m,
displays the results as input file, known file, matching score.

-x Signature file matching. Each entry in FILES must contain signatures generated by
a previous output of the program. Each signature is loaded and compared against the
set of known hashes. Match scores above the threshold are displayed. Each signature
is then added to the set of knowns. This flag may not be used with the -m, -d, or
-p flags.

-a Displays all matches in any of the matching mode, regardless of score. Using the
-a flag displays all results, even if the match score is zero.

-t <val>
In any of the matching modes, only display matches when match score is greater than
the given value. The default threshold value is zero.

-h Show a help screen and exit.

-V Show the version number and exit.

RETURN VALUE


Returns 0 on success, 1 if there is a problem. Read errors, permission denied, and
encountering directories while not in recursive mode are still considered successes.
Problems are things like being unable to load the matching file, specifying both bare and
relative paths, etc.

Use ssdeep online using onworks.net services



Latest Linux & Windows online programs