Provided by: ssdeep_2.14.1+git20180629.57fcfff-3_amd64
NAME
ssdeep - Computes context triggered piecewise hashes (fuzzy hashes)
SYNOPSIS
ssdeep [-m <file>] [-k <file>] [-vdprgsblcxa] [-t val] [FILES] ssdeep [-V|h]
DESCRIPTION
Computes a signature based on context triggered piecewise hashes for each input file, also called a fuzzy hash. If requested, the program matches those signatures against a file of known signatures and reports any possible matches. It can also examine one or more files of signatures and find any matches in those files. Output is written to standard out and errors to standard error. -m <file> Loads the specified file of known hashes to be used for matching. This file must be a previous output of the program. The program then hashes each entry in FILES and compares these signatures to the known signatures. Any matches which score above the threshold are displayed. This flag may be used multiple times to load more known signatures. This flag may not be used with the -k or -x flags. -k <file> Load the specified file of known hashes to be used for matching. This file must be a previous output of the program. The program then treats each entry in FILES as a set of known hashes as well. The hashes in these FILES are compared to the known hashes from this file. Matches which score above the threshold are displayed. Both the file specified here and the input FILES should contain fuzzy hashes. This flag may be used multiple times to load more known signatures. This flag may not be used with the -m, -d, or -p flags. -v Verbose mode. The name of each file is printed to standard error as it is being hashed. -d Computes a signature for each entry in the FILES and compares it to the set of known signatures. Matches which score above the threshold are displayed. The computed signature is then added to the set of known signatures. This flag may not be used with the -k or -x flags. -p Works like the -d flag, but displays all matches for each file. That is, for two files A and B which match score above the threshold, displays "A matches B" and "B matches A". This flag may not be used with the -k or -x flags. -r Enables recursive mode. All subdirectories are traversed. Please note that recursive mode cannot be used to examine all files of a given file extension. For example, invoking the program with -r *.txt will examine all files in directories that end in .txt. If you want to process all files in a directory tree with the .txt suffix, try using the find(1) command. -g Similar files are grouped together into clusters. This can be handy for finding more similar files. That is, if you are searching for file A, which matches B, anything which matches B will also be included in the cluster. -s Silent mode. All error messages are suppressed. -b Enables bare mode. Strips any leading directory information from displayed filenames. This flag may not be used in conjunction with the -l flag. -l Enables relative file paths. Instead of printing the absolute path for each file, displays the relative file path as indicated on the command line. This flag may not be used in conjunction with the -b flag. -c Enables comma separated output mode. In any of the matching modes -d, -p, or -m, displays the results as input file, known file, matching score. -x Signature file matching. Each entry in FILES must contain signatures generated by a previous output of the program. Each signature is loaded and compared against the set of known hashes. Match scores above the threshold are displayed. Each signature is then added to the set of knowns. This flag may not be used with the -m, -d, or -p flags. -a Displays all matches in any of the matching mode, regardless of score. Using the -a flag displays all results, even if the match score is zero. -t <val> In any of the matching modes, only display matches when match score is greater than the given value. The default threshold value is zero. -h Show a help screen and exit. -V Show the version number and exit.
RETURN VALUE
Returns 0 on success, 1 if there is a problem. Read errors, permission denied, and encountering directories while not in recursive mode are still considered successes. Problems are things like being unable to load the matching file, specifying both bare and relative paths, etc.
AUTHOR
ssdeep was written by Jesse Kornblum of Facebook, research@jessekornblum.com
COPYRIGHT
Copyright (C) 2002 Andrew Tridgell Copyright (C) 2006, 2008, 2010 ManTech International Corporation Copyright (C) 2012 Kyrus Copyright (C) 2013 Helmut Grohne Copyright (C) 2013, 2014 Facebook Copyright (C) 2014 kikairoya Copyright (C) 2014 Jesse Kornblum Copyright (C) 2017 Tsukasa OI This program is licensed under the terms of the General Public License. See the file COPYING for details.
SEE ALSO
This program is based on SpamSum by Dr. Andrews Tridgell. http://www.samba.org/ftp/unpacked/junkcode/spamsum/