New tool: sigs.py
Back in 2005, I wrote a perl script to calculate multiple cryptographic hashes for me. We had md5sum and sha1sum, but I wanted a single script that could calculate whichever one I wanted or all of them at the same time. Well, the weekend before last, I rewrote it in Python[1] and added SHA3 support. I've added it to my githup scripts repo[2]. I also added the -r switch to the Python version, so that it can be used to recursively hash all the files in a directory a la Jesse Kornblum's hashdeep suite. Also, for consistency with Jesse's recent release of his beta of sha3deep[3], I chose to use SHA3-384 for my SHA3 hash choice (in preliminary testing I had been using SHA3-256, but that could have been confused with SHA2-256 aka SHA256 as currently used by VirusTotal, etc.). By default, it will calculate all 5 hashes, or you can specify which ones you want with command-line switches. For example, sigs.py -m will give you output that should be identical to md5sum. Also, without the -f switch, it will show relative paths, with it, it will show full path. Enjoy.
jac@leibnitz[510]$ sigs.py -h
usage: sigs.py [-h] [-V] [-r] [-a] [-m] [-s] [-2] [-3] [-5] [-f] [-b blk]
FILE [FILE ...]
Calculate hashes
positional arguments:
FILE files to hash
optional arguments:
-h, --help show this help message and exit
-V, --version print version number
-r, --recursive recursive mode. All subdirectories are traversed
-a, --all All (MD5, SHA1, SHA256, SHA512, and SHA3-384), default
if no other options chosen
-m, --md5 MD5 signature (md5sum equivalent output)
-s, --sha1 SHA1 signature (sha1sum equivalent output)
-2, --sha256 SHA2 (aka SHA2-256) signature (sha256sum equivalent
output)
-3, --sha3 SHA3-384 signature
-5, --sha512 SHA512 (aka SHA2-512) signature (note: base64 encoded
rather than hex)
-f, --fullpath print full path rather than relative
-b blk, --block blk block size to read file, default = 65536
References
- https://github.com/clausing/scripts/blob/master/sigs.py
- https://github.com/clausing/scripts
- http://jessekornblum.livejournal.com/296308.html
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
LINUX Incident Response and Threat Hunting | Online | US Eastern | Jan 29th - Feb 3rd 2025 |
Comments