Cyberdefense/DeepBlueCLI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update DeepWhite.md

Browse Source
This commit is contained in:
Eric Conrad
2017-09-07 19:33:33 -04:00
committed by GitHub
parent 7914291c98
commit 59609d5dc2
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
DeepWhite.md
View File

@ -24,7 +24,7 @@ The script assumes a personal API key, and waits 15 seconds between submissions.
Install hashdeep: https://github.com/jessek/hashdeep/releases
Generate your own whitelist on Windows:
Generate a custom whitelist on Windows (note: this is optional):
```
C:\> hashdeep.exe -r / -c md5,sha1,sha56 > raw-hashes.csv
@ -33,7 +33,7 @@ Note that hashdeep, etc., has a dumb recursive design (from the manpage):
> Enables recursive mode. All subdirectories are traversed. Please note that recursive mode cannot be used to examine all files of a given file extension. For example, calling hashdeep -r *.txt will examine all files in directories that end in .txt. Move file to Unix/Linux, remove Windows carriage returns, grab EXEs and DLLs, make CSV.
On Linux/Unix: take the raw CSV, remove the carriage returns, select DLLs, EXEs and SYS files, grab the 2nd field to the end, and create a new whitelist:
On Linux/Unix: create a new CSV with the proper header (required by PowerShell's ConvertFrom-Csv), take the raw CSV, remove the carriage returns, select DLLs, EXEs and SYS files, grab the 2nd field to the end, and append to the new CSV:
```shell
$ echo "md5,sha1,sha256,path" > file-whitelist.csv
$ cat raw-hashes.csv | tr -d '\r' | egrep "\.dll$|\.exe$|\.sys$" | cut -d, -f2- >> file-whitelist.csv