Python wrapper for the ssdeep library
ssdeep Python Wrapper
This is a straightforward Python wrapper for ssdeep by Jesse Kornblum, which is a library for computing context triggered piecewise hashes (CTPH). Also called fuzzy hashes, CTPH can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.
How to use it
To compute a fuzzy hash, use hash function:
>>> import ssdeep >>> hash1 = ssdeep.hash('Also called fuzzy hashes, Ctph can match inputs that have homologies.') >>> hash1 '3:AXGBicFlgVNhBGcL6wCrFQEv:AXGHsNhxLsr2C' >>> hash2 = ssdeep.hash('Also called fuzzy hashes, CTPH can match inputs that have homologies.') >>> hash2 '3:AXGBicFlIHBGcL6wCrFQEv:AXGH6xLsr2C'
The compare function returns the match between 2 hashes, an integer value from 0 (no match) to 100.
>>> ssdeep.compare(hash1, hash2) 22
More examples are available in the python-ssdeep documentation.
If all requirements are met it is possible to install the wrapper by using pip or easy_install.
$ pip install ssdeep
The build will fail if the ssdeep library isn’t installed. To use the included version of the ssdeep library use the following command.
$ BUILD_LIB=1 pip install ssdeep
For more information have a look at the python-ssdeep documentation.
Tested on …
- CentOS 7
- Debian 8
- Ubuntu 14.04, 16.04
The code is licensed under the terms of the LGPLv3+.
This wrapper includes the unchanged source distribution of ssdeep version 2.13. It is licensed under the GPLv2.