Feature Request: Hash forms different from MD5 #11
Comments
|
The very first version (nine years ago) supported MD5, SHA-1, and SHA-256 hashes. SHA-1 and SHA-256 were quickly dropped due to absolutely no users caring about SHA-1 and/or SHA-256. I'm currently doing a total rewrite of nsrlsvr (and nsrllookup), and one of the features planned is returning support for hashes other than MD5. |
|
Insofar as a way to collect hashes of different types from these same machines: I personally use @jessek (Jesse Kornblum)'s hashdeep suite. There are many other good tools you can use to collect hash artifacts from target machines, but that's the one I use. |
|
Thanks so much for the prompt reply, and I respect your decision to slim
down the program in the past. I'll be sure to keep an eye on it moving
forward. Do you have any suggestions for public servers where I might be
able to harvest SHA1s, like nsrl does with MD5?
…On Tue, Jan 5, 2021, 12:44 PM Robert J. Hansen ***@***.***> wrote:
The very first version (nine years ago) supported MD5, SHA-1, and SHA-256
hashes. SHA-1 and SHA-256 were quickly dropped due to absolutely no users
caring about SHA-1 and/or SHA-256.
I'm currently doing a total rewrite of nsrlsvr (and nsrllookup), and one
of the features planned is returning support for hashes other than MD5.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#11 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ANSGKOK5RTXMAB25LGDYZKTSYN227ANCNFSM4VWE5Y6A>
.
|
|
Sure: NIST! NIST maintains a huge database of known digests of known software packages. I only use one particular digest (MD5), but SHA-1 and SHA-256 digests are also part of the dataset. You want to look for the most recent National Software Reference Library Reference Data Set (NSRL RDS). |
|
Oh, whoops, they changed their URL. https://www.nist.gov/itl/ssd/software-quality-group/national-software-reference-library-nsrl |
Just getting started with NSRLLookup, and this program seems to be a fantastic approach to AIO forensics. My organization collects SHA1 sums of binaries on machines to-be-audited, and I was wondering if there is a built in feature, or possibly a feature to be implemented in the future, that would collect hashes of different types from these same resources
The text was updated successfully, but these errors were encountered: