hashlookup project
The hashlookup project provides a complete set of open source tools and open standards to lookup hash values against known database of files. Hashlookup helps to improve and speed-up Digital Forensic and Incident Response (DFIR) by providing a readily-accessible list of known files metadata published.
Presentations
- 2021 at “Unlock Your Brain, Harden Your System” conference in Brest - How to improve and speed-up DFIR with hashlookup - indexing all the published software
- 2022 at FIRSTCON22 conference in Dublin - How to Secure Your Software Supply Chain and Speed-Up DFIR with Hashlookup - Video
Public online hashlookup services
- CIRCL hashlookup (hashlookup.circl.lu) - API hashlookup.circl.lu
- Metalookup public web interface - Find published software by hashes
Tools using hashlookup services or dataset
Maintained by hashlookup.io project
- hashlookup-forensic-analyser Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service or offline with Bloom filters. This tool can help a digital forensic investigator to know the context, origin of specific files during a digital forensic investigation.
- hashlookup-gui provides a multi-platform Graphical User Interface for hashlookup.
- PyHashlookup is a client API in Python to query CIRCL hashlookup.
- MISP module hashlookup expansion is a MISP module allowing to lookup and expand from hashlookup.
- a-ray-grass is a yara module that provides support for DCSO format bloom filters in yara. In the context of hashlookup, it allows quickly discard known files “pour séparer le grain de l’ivraie” from hashlookup Bloom filters.
Maintained by others
- The Hive Project - Cortex Analyzers pull-request to be integrated in The Hive Cortex Analyzers.
- munin - Online Hash Checker for Virustotal and Other Services includes the support for hashlookup.
- R package to query hashlookup.
- PyOTI - Python Open Threat Intelligence.
- Demisto - CIRCL Hashlookup on Cortex XSOAR.
- FACT - core - The Firmware Analysis and Comparison Tool (FACT).
- Hash Hunter.
- UAC_processor.
- LowRegret-Scoring which uses Low-Regret Methodology for Evaluating Cyber Threat Intelligence to Enable Network Defense where hashlookup can be used a source for setting
High-Regret
. - LookyLoo to lookup known elements while doing Web forensic.
- Pandora analysis includes a hashlookup module.
- PaloAlto Cortex XSOAR hashlookup.
- intel_collector
- AssemblyLine integration
Public dataset
- CIRCL hashlookup Bloom Filter dataset ( :warning: 800+ MB) with all the known SHA-1 values from hashlookup.circl.lu.
Who is behind the hashlookup project
The project is run by @adulau, @gallypette with the help of many contributors. Don’t hesitate to follow our Mastodon account @hashlookup@paperbay.org.