+- Python Forum (https://python-forum.io)
+-- Forum: Python Coding (https://python-forum.io/forum-7.html)
+--- Forum: General Coding Help (https://python-forum.io/forum-8.html)
+--- Thread: Python Hash list check (/thread-2206.html)
Python Hash list check - here2learn - Feb-26-2017
Hi All,
First post!
I'm Looking for a bit of help with a small task.
I am pretty new to python and have a program which generates a list of hashes in either md5 or sha256 (users choice) for every file in a directory and subdirectories using oswalk then outputs that list to a report, example below.
('Format = hash,filename ', '/users')
284d3b132b8586183474ff8c5e396d3a62b9b9fd7cafb448e137d0ec493ad5ce /users/"username"/.bash_history
I'm look for help on how to compare the hashes in the report file with a list list of known good ones. I'm completely stuck on how to get this started.
Any help would be greatly appreciated.
RE: Python Hash list check - ichabod801 - Feb-26-2017
Perhaps a good way to get started is with a clearer definition of the problem. Planning a largely underestimated skill in programming. What is a "good hash"? What sort of comparison are you trying to do?
RE: Python Hash list check - here2learn - Feb-26-2017
(Feb-26-2017, 08:54 PM)ichabod801 Wrote: Perhaps a good way to get started is with a clearer definition of the problem. Planning a largely underestimated skill in programming. What is a "good hash"? What sort of comparison are you trying to do?
Sorry I should have expanded:
This is in relation to Digital Forensics, the exported list as mentioned in the OP contains hashes for all files in any given/specified directory and subdirectories. What I need to do is compare this list of hashes with a list of known good hashes i.e. perform an md5checksum or equivalent check on sha256 this will (at the end of the program) output three files containing known good hashes, known bad hashes and a list that requires further investigation
A list of known good hashes can be found at https://www.owasp.org/index.php/OWASP_File_Hash_Repository, the questions I have is how do I start coding python to read in the hashes and compare them to the above database (as an example) and flag up if it's good or not?
Hope that makes sense.
RE: Python Hash list check - Ofnuts - Feb-27-2017
Read the list of known good ones into a dictionary (keys: file paths, values, hashes). Then once you have recomputed the hash of a file, retrieve the expected hash from the dictionary using the file path, and compare the two.
RE: Python Hash list check - here2learn - Feb-27-2017
(Feb-27-2017, 09:35 AM)Ofnuts Wrote: Read the list of known good ones into a dictionary (keys: file paths, values, hashes). Then once you have recomputed the hash of a file, retrieve the expected hash from the dictionary using the file path, and compare the two.
Thanks, that makes some degree of sense, i'll look into that
