Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is an interesting project. It looks like a wrapper around an API allows you to send a (md5/sha1) hash and it'll return information that it has about the file, including sources that have that file.

I've run in to a similar thing before, and had hit something interesting with empty files, so I thought it'd be interesting to test -

  $ curl "https://hashlookup.circl.lu/lookup/md5/$(md5 -q -s '')" | jq .FileName
  "./usr/lib/debug/usr/sbin/make_reiser4-1.2.1-1.mga7.i386.debug"


Indeed, specific files such as empty files but also many one or two bytes files are very recurring in many software sources. In the next version, we will include the MISP-warninglists such as the empty-hashes lists https://github.com/MISP/misp-warninglists/blob/main/lists/em... to warn about potential common files.

The tool can also work with the Bloom filter provided by hashlookup when the request to the API are not possible.


Yeah I was very impressed with the Bloom filter as well. I didn't mean it as a criticism, I was just interested




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: