Tool update: sigs.py - added check mode
Over the years, I've written a number of scripts to make my life easier. One of those tools was sigs.py (which was a rewrite of an old perl script sigs.pl) to hash files. I wanted something portable that could potentially be a drop-in replacement for things like md5sum, sha1sum, etc. (and can do hashes like sha512, sha3-224, and sha3-384). I've even had cases where my python script ran faster than those Linux tools. Anyway, in some recent cases I've been working on, I've been getting manifests with hashes and to validate that I got good copies, I wanted to verify the hashes. Sometimes I was getting md5s, sometimes, sha1s, sometimes sha256s. On Linux, md5sum, sha1sum, sha256sum, etc. have the -c switch to do the checking, but my script did not have that, so I took an hour over a weekend recently and I added that capability. The script determines which hash to use based on the length of the hash it finds in the text file, so it can check any of the hashes it can calculate.


And even, SHA3-384

Hopefully others find this as useful as I do. The script can be found in my scripts repo[1] or here[2] directly.
References:
1. http://github.com/clausing/scripts
2. http://raw.githubusercontent.com/clausing/scripts/refs/heads/master/sigs.py
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
| LINUX Incident Response and Threat Hunting | Online | Japan Standard Time | Oct 27th - Nov 1st 2025 | 
 
              
Comments