hashdd

Get information about a given hash.

About hashdd

Description Image

Find the good, the bad, and the in between.

hashdd aims to collect cryptographic hashes for known entities such as files and strings. This allows you to make better decisions when handling data. For instance, one use case is to reduce the set of files which need to be investigated by first filtering out known good hashes so that you can focus on the unknown remainder.

While it is important to identify data that is known to be bad, the rate of change for files containing malware makes it difficult to stay current. Instead, hashdd focuses on documenting entities that are known to be good, which gives you the power to decide how you want to act when faced with something new.

hashdd stats

13.1m
Hashes
1.2k
Queries a Day
212
Total Users
278
Operating Systems

Frequently Asked Questions

How do I get an API Key?

API Keys are FREE with registration! Just click Sign In to get one!

What Hash type is best to lookup?

hashdd supports lots of different hash types, however sometimes third party data isn't as robust. Becuase of this, we recommend searching by MD5.

Where do you get your hashes?

hashdd actively downloads and processes files from a white list of vendors. Each file is analyzed and its metadata added to the hashdd database. hashdd also incorporates data from freely available hash sets, such as the NSRL RDS.

Is this a new concept?

Hash sets have been used in Forensics and file integrity checking for a long time. Most solutions are just an interface to the NSRL Hashsets. hashdd hopes to offer much more content that is updated on a regular basis.

Is it just file hashes?

No! hashdd also incorporates unsalted password hashes for a variety of hash formats!

Are "Known Bad" hashes included too?

Yes! We've integrated with open source threat feeds to include known-bad hashes so that you can figure out if what you're looking at is on the naughty list.

How do I use hashdd offline?

We're on the same page! Soon registered users will be able to download hashdd data query offline.

Can I download things?

Yes! Authenticated users can download any files with a bad intent. This includes user-uploaded files that the community has decided are bad (negative votes). The download button will be shown for all hashes, however the button will only be functional for bad ones.

Goodies

pyhashdd

At hashdd's core is pyhashdd, a killer Python library for profiling files and building hash databases. You can use pyhashdd as a command line tool or a python import to make your own hashdd, or query our API.

Browser extension

We've built a browser extension so that you can use the hashdd.com API to identify if the file is known good or bad. Once your download completes, click the hashdd extension icon, then drag and drop the download into the analyze field.


Bloom Filters

Our Bloom Filters allow of super fast offline lookups and are built using popular open source libraries. This enables you to include hashdd data in your own applications!

Slack Integration

Want hashdd features in the comfort of your own channel? Add the hashdd slash command for quick lookups. Registered users with third party API keys defined also see results from those integrations!

Query the API

The API provides an easy way to interact with hashdd. Some API access requires an key, but don't worry, keys are free! Just click Sign In to get one!

Hash status lookup with curl

By default, hashdd will return the status of a given hash.

curl -d 'hash=838DE99E82C5B9753BAC96D82C1A8DCB' https://api.hashdd.com/

{"838DE99E82C5B9753BAC96D82C1A8DCB": {"known_level": "Good", "result": "SUCCESS"}, "result": "SUCCESS"}

NSRL RDS lookup with curl

To lookup only NSRL RDS hashes, query /nsrl.

curl -d 'hash=838DE99E82C5B9753BAC96D82C1A8DCB' https://api.hashdd.com/nsrl

{"838DE99E82C5B9753BAC96D82C1A8DCB": {"data": {"hashes": {"crc32": "FA710E86", "sha256": "C58728794FD9D114556F8ED7BE0CD55EB99CA9F8CF65FC87F0F187536F1B23AA", "sha512": "", "md5": "838DE99E82C5B9753BAC96D82C1A8DCB", "sha1": "00085A2444A9DE0D5735580E6CE1C00567858453"}, "fileinfo": {"opsystemversion": "none", "name": "servdeps.dll", "language": "English", "opsystemmfg": "Unknown", "opsystemname": "TBD", "productmfg": "Microsoft", "productname": "MSDN Disc 1847/1848", "applicationtype": "MSDN Library", "size": 53248, "productversion": "November 2002"}, "general": {"importdate": "None", "nsrl_version": ""} }, "result": "SUCCESS"} }

Detail lookup with Python

To get full detail on a hash, including NSRL, query /detail.

import requests

resp = requests.post('https://api.hashdd.com/detail', data={ 'hash': '838DE99E82C5B9753BAC96D82C1A8DCB', 'api_key': 'YOUR_API_KEY' })

print resp.text