Skip to main content

Library to simplify process of gathering identifiable attributes about files

Project description


atklite is a library intended to help easily determine identifiable attributes about files under investigation. With a simple usage syntax, the following information can be determined by calling applications:

  • MD5 hash

  • SHA-1 hash

  • SHA-256 hash

  • CRC32 checksum

  • File size

  • File type (from magic bytes)

  • Fuzzy hash (CTPH) via ssdeep

atklite is primarily intended for use in analyzing malware samples but may be useful for anyone looking for a simple API for analyzing files.

Additionally, atklite can be used as a binary storage system, utilizing a standard filesystem to store the files in a sharded manner using the first n bytes of the hash that a user chooses to use (md5, sha1, sha256 or sha512).



  • Python (tested with Python 2.7)

  • python-magic. On most systems this requires the libmagic library to be installed.

  • Python ssdeep wrapper, one of either:

Installing Prerequisites

Installing the prerequisites on an ubuntu system is fairly easy.

First we must install the prerequisites for python-ssdeep::

$ apt-get install cython ssdeep python-dev


Installation with pip is simple:

$ pip install atklite

If installing from source, unpack the distribution tarball and then install as follows:

$ python build
$ python install

Configuration and use


From the cli using atk-info:
jpleger@jupiter:~$ atk-info ~/glyphicons-halflings-white.png
[-] Using binary store at: /home/jpleger/binary_store
-- glyphicons-halflings-white.png ----------------------------------------------
  Analyze time: Mon Jul 29 18:23:10 2013
  File name:    glyphicons-halflings-white.png
  File size:    8777
  File type:    PNG image data, 469 x 159, 8-bit colormap, non-interlaced
  CRC-32:       43808ba4
  MD5 hash:     9bbc6e9602998a385c2ea13df56470fd
  SHA1 hash:    a25c4705320fd63c33790e666872910e702b9bf6
  SHA256 hash:  f0e0d95a9c8abcdfabf46348e2d4285829bb0491f5f6af0e05af52bffb6324c4
  Fuzzy hash:   192:41MFu/STZChMGLw/LtI30ukSCeQm9F+xZdqdfQpTTTIyQY7thi7uWB:iMdZ/GLILBmWEiTTTIyQY5hi71
  Stored File:  /home/jpleger/binary_store/9/b/b/9bbc6e9602998a385c2ea13df56470fd

From the python interpreter:
>>> import atklite
>>> file_analysis = atklite.FileAnalysis(filename='9ba57b128089f0a5a07b262511307f9c.exe')
>>> print file_analysis.dump()
sha1: 63738713f1e22425e06dd1f20e5cd22c630fd7d3
analyzetime: Sat Mar  2 00:57:50 2013
ftype: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
crc32: 9083b5e6
ttime: 1362211070.21
sha256: 04a191e1d7526025ee911f8a55d5c329af456cbd48d507dc2040b4ead1e4a525
ssdeep: 1536:o+I6XtaJU0ikjlcCGXM6ds6GGA2P+ly+Hmuh81HSR:o+fXtBYcCiX1xP0Hmk8s
md5: 9ba57b128089f0a5a07b262511307f9c
size: 77824

>>> analysis = file_analysis.return_analysis()
>>> analysis['analyzetime']
'Sat Mar  2 00:57:50 2013'
>>> print analysis['md5']
>>> print analysis['sha1']
>>> print analysis['sha256']
>>> print analysis['size']
>>> print analysis['crc32']
>>> print analysis['ftype']
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
>>> print analysis['ssdeep']

To Do

Nice to Have

  • Storing the reports with the files

  • Tagging within the saved reports

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

atklite-1.1-release.tar.gz (11.0 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page