Skip to main content
Help us improve Python packaging – donate today!

Python wrapper for the ssdeep library

Project Description

ssdeep Python Wrapper

This is a straightforward Python wrapper for ssdeep by Jesse Kornblum, which is a library for computing context triggered piecewise hashes (CTPH). Also called fuzzy hashes, CTPH can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.

How to use it

To compute a fuzzy hash, use hash function:

>>> import ssdeep
>>> hash1 = ssdeep.hash('Also called fuzzy hashes, Ctph can match inputs that have homologies.')
>>> hash1
'3:AXGBicFlgVNhBGcL6wCrFQEv:AXGHsNhxLsr2C'
>>> hash2 = ssdeep.hash('Also called fuzzy hashes, CTPH can match inputs that have homologies.')
>>> hash2
'3:AXGBicFlIHBGcL6wCrFQEv:AXGH6xLsr2C'

The compare function returns the match between 2 hashes, an integer value from 0 (no match) to 100.

>>> ssdeep.compare(hash1, hash2)
22

The hash_from_file accepts filename as argument and calculates the hash of the contents of the file.

>>> ssdeep.hash_from_file('/etc/resolv.conf')
'3:S3yE29cFrrMOoiECAaHJgvn:S3m+COoiUCuvn'

This wrapper includes the unchanged source distribution of ssdeep version 2.9 and has no external dependencies.

Install

To build the package the following dependencies have to be installed.

  • Python 2.7 or Python 3.x including development files
  • gcc and build essentials
  • Cython

If all requirements are met it is possible to install the wrapper by using pip or easy_install.

pip install ssdeep

FAQ

  • When comparing two hashes the result is always 0

    The result depends on the algorithms in the ssdeep library. There are some issues if the length of provided data is to short or if the algorithm could not find enough patterns.

    The following example must not return the expected value.

    >>> hash1 = ssdeep.hash('foo'\*4096)
    >>> hash2 = ssdeep.hash('foo'\*4096)
    >>> ssdeep.compare(hash1, hash2)
    0
    

Licensing

The code is licensed under the terms of the GPLv2.

History

The initial version was published in 2010 by Denis Bilenko on bitbucket. Since 2012 the source is maintained by Philipp Seidel(DinoTools) and has been published on github.

Release history Release notifications

History Node

3.3

History Node

3.2

History Node

3.1.1

History Node

3.1

History Node

3.0

History Node

2.5

History Node

2.9-0.3

This version
History Node

2.9-0.2

History Node

2.9-0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
ssdeep-2.9-0.2.zip (393.5 kB) Copy SHA256 hash SHA256 Source None Oct 11, 2012

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page