My next class:
LINUX Incident Response and Threat HuntingOnline | US EasternJan 29th - Feb 3rd 2025

New tool: sigs.py

Published: 2017-03-13. Last Updated: 2017-03-13 18:29:45 UTC
by Jim Clausing (Version: 1)
0 comment(s)

Back in 2005, I wrote a perl script to calculate multiple cryptographic hashes for me. We had md5sum and sha1sum, but I wanted a single script that could calculate whichever one I wanted or all of them at the same time. Well, the weekend before last, I rewrote it in Python[1] and added SHA3 support. I've added it to my githup scripts repo[2]. I also added the -r switch to the Python version, so that it can be used to recursively hash all the files in a directory a la Jesse Kornblum's hashdeep suite. Also, for consistency with Jesse's recent release of his beta of sha3deep[3], I chose to use SHA3-384 for my SHA3 hash choice (in preliminary testing I had been using SHA3-256, but that could have been confused with SHA2-256 aka SHA256 as currently used by VirusTotal, etc.). By default, it will calculate all 5 hashes, or you can specify which ones you want with command-line switches. For example, sigs.py -m will give you output that should be identical to md5sum. Also, without the -f switch, it will show relative paths, with it, it will show full path. Enjoy.

jac@leibnitz[510]$ sigs.py -h
usage: sigs.py [-h] [-V] [-r] [-a] [-m] [-s] [-2] [-3] [-5] [-f] [-b blk]
               FILE [FILE ...]

Calculate hashes

positional arguments:
  FILE                 files to hash

optional arguments:
  -h, --help           show this help message and exit
  -V, --version        print version number
  -r, --recursive      recursive mode. All subdirectories are traversed
  -a, --all            All (MD5, SHA1, SHA256, SHA512, and SHA3-384), default
                       if no other options chosen
  -m, --md5            MD5 signature (md5sum equivalent output)
  -s, --sha1           SHA1 signature (sha1sum equivalent output)
  -2, --sha256         SHA2 (aka SHA2-256) signature (sha256sum equivalent
                       output)
  -3, --sha3           SHA3-384 signature
  -5, --sha512         SHA512 (aka SHA2-512) signature (note: base64 encoded
                       rather than hex)
  -f, --fullpath       print full path rather than relative
  -b blk, --block blk  block size to read file, default = 65536

References

  1. https://github.com/clausing/scripts/blob/master/sigs.py
  2. https://github.com/clausing/scripts
  3. http://jessekornblum.livejournal.com/296308.html

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

Keywords:
0 comment(s)
My next class:
LINUX Incident Response and Threat HuntingOnline | US EasternJan 29th - Feb 3rd 2025

Comments


Diary Archives