Skip to content

bradwasher/md5party

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
hashes
hashes
 
 
README.md
README.md
 
 
install.sh
install.sh
 
 
md5party-extract.bro
md5party-extract.bro
 
 
md5party.sh
md5party.sh
 
 
scrape-vs.py
scrape-vs.py
 
 

Repository files navigation

md5party

These are a few scripts that allow files extracted by Bro to be hashed and compared with the VirusShare MD5 hash dump.

Install

There's a python script provided that will scrape VirusShare to download all the hashes. After that run install.sh and restart Bro. The bro script provided will be appended to local.bro.

$ git clone https://github.com/vesche/md5party
$ python scrape-vs.py
$ sudo bash install.sh

The default install location is /data/md5party. Files will be extracted to /data/md5party/extract. If an extracted files hash is found to be within the VirusShare MD5 hash list, it will appear in /data/md5party/results.txt.

Speed

It takes roughly 20 seconds to compare one file hash to the ~27.5 million hashes from VirusShare.

$ time bash md5party.sh mimikatz.exe

real  0m18.177s
user  0m18.005s
sys   0m0.166s

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages