This is an interesting project. It looks like a wrapper around an API allows you to send a (md5/sha1) hash and it'll return information that it has about the file, including sources that have that file.
I've run in to a similar thing before, and had hit something interesting with empty files, so I thought it'd be interesting to test -
Indeed, specific files such as empty files but also many one or two bytes files are very recurring in many software sources. In the next version, we will include the MISP-warninglists such as the empty-hashes lists https://github.com/MISP/misp-warninglists/blob/main/lists/em... to warn about potential common files.
The tool can also work with the Bloom filter provided by hashlookup when the request to the API are not possible.
I've run in to a similar thing before, and had hit something interesting with empty files, so I thought it'd be interesting to test -