hfind looks up hash values in a database using a binary search algorithm. This allows one to easily create a hash database and identify if a file is known or not. It works with the NIST National Software Reference Library (NSRL) and the output of ’md5sum’. Before the database can be used by ’hfind’, an index file must be created with the ’-i’ option. this tool is needed for efficiency. Most text-based databases do not have fixed length entries and are sometimes not sorted. The hfind tool will create an index file that is sorted and has fixed-length entries. This allows for fast lookups using a binary search algorithm instead of a linear search such as ’grep’.
hfind [-eqV] [-f lookup_file] [-i db_type] db_file [hashes]
-e: Extended mode - where values other than just the name are printed -q: Quick mode - where a 1 is printed if it is found, else 0 -V: Print version to STDOUT -f lookup_file: File with one hash per line to lookup -i db_type: Create index file for a given hash database type db_file: The location of the original hash database [hashes]: hashes to lookup (STDIN is used otherwise)
cyborg@cyborg:~$ hfind /usr/local/hash/nsrl/NSRLFile.txt 76b1f4de1522c20b67acc132937cf82e 80001A80B3F1B80076B297CEE8805AAA04E1B5BA