Linux Certif

Toute la documentation sur la certification Linux LPI

ssdeep

NAME

ssdeep - Computes context triggered piecewise hashes

SYNOPSIS

ssdeep [-m <file>] [-k <file>] [-vprdsblcxa] [-t val] [FILES]
ssdeep [-V|h]

DESCRIPTION

Computes a checksum based on context triggered piecewise hashes for each input file. If requested, the program matches those checksums against a file of known checksums and reports any possible matches. It can also examine one or more of signatures and find any matches in those signatures. Output is written to standard out and errors to standard error. Input from standard input is not supported.

-m <file>

Load the file of known hashes to be used for matching. This file must be a previous output of the program and have the correct header. Displays only those files that match a known file and what file they matched against. Although filenames may not contain Unicode characters, they can hold hashes with Unicode filenames. May not be used with the -k or -x flags.

-k <file>

Compare the known signatures in the specified file to the pre-computed signatures in FILES. That is, both the file specified here and the input FILES should contain fuzzy hashes already. This flag can be used multiple times to load more known signatures. May not be used with the -m or -x flags.

-v

Verbose mode. The name of each file is printed to standard error as it is being hashed.

-p

Pretty matching mode. Computes signatures for all input files and then display all matches between files. That is, if file A matches file B, displays "A matches B" and "B matches A" but not "A matches A". Each file's information is grouped and separated by newlines. This flag may be used with the -m flag, but not the -d flag.

-r

Enables recursive mode. All subdirectories are traversed. Please note that recursive mode cannot be used to examine all files of a given file extension. For example, invoking the program with -r *.txt will examine all files in directories that end in .txt. If you want to process all files in a directory tree with the .txt suffix, try using the find(1) command.

-d

Enables directory mode. In this mode, all of the FILES are examined and a signature is computed for each. If the signature for any files matches any of the previously computed signatures, a match is displayed just like the -d mode. This flag may also be used in conjunction with the -m mode, but with the -p mode.

-s

Silent mode. All error messages are suppressed.

-b

Enables bare mode. Strips any leading directory information from displayed filenames. This flag may not be used in conjunction with the -l flag.

-l

Enables relative file paths. Instead of printing the absolute path for each file, displays the relative file path as indicated on the command line. This flag may not be used in conjunction with the -b flag.

-c

Enables comma separated output mode. In any of the matching modes -d, -p, or -m, displays the results as input file, known file, matching score.

-x

Enables signature file matching. The input FILES are assumed to contain ssdeep formatted signatures. All of the signatures in these FILES are loaded into memory and compared against each other. All matches are displayed, except for matches that have the same filename and come from the same input file. May not be used with the -m or -k flags.

-a

Displays all matches in any of the matching mode, regardless of score. Yes, this displays all 'matches', even if the match score is zero.

-t <val>

In any of the matching modes, only displays matches whose match score is above the given value.

-h

Show a help screen and exit.

-V

Show the version number and exit.

RETURN VALUE

Returns 0 on success, 1 if there is a problem. Read errors, permission denied, and encountering directories while not in recursive mode are still considered successes. Problems are things like being unable to load the matching file, specifying both bare and relative paths, etc.

AUTHOR

ssdeep was written by Jesse Kornblum, ManTech International Corporation
research (%at%) jessekornblum dott com

COPYRIGHT

This program is Copyright (C) 2006-2010 ManTech International Corporation and is licensed under the terms of the General Public License. See the file COPYING for details.

SEE ALSO

This program is based on SpamSum by Dr. Andrews Tridgell.
http://www.samba.org/ftp/unpacked/junkcode/spamsum/