SYNOPSIS

       ssdeep [-m <file>] [-k <file>] [-vdprgsblcxa] [-t val] [FILES]
       ssdeep [-V|h]



DESCRIPTION

       Computes  a  signature  based on context triggered piecewise hashes for
       each input file, also called a fuzzy hash.  If requested,  the  program
       matches those signatures against a file of known signatures and reports
       any possible matches.  It can also examine one or more files of  signa-
       tures  and find any matches in those files.  Output is written to stan-
       dard out and errors to standard error.


       -m <file>
              Loads the specified file of known hashes to be used  for  match-
              ing.  This  file  must  be a previous output of the program. The
              program then hashes each entry in FILES and compares these  sig-
              natures  to the known signatures.  Any matches which score above
              the threshold are displayed.  This flag  may  be  used  multiple
              times  to load more known signatures.  This flag may not be used
              with the -k or -x flags.


       -k <file>
              Load the specified file of known hashes to be used for matching.
              This  file must be a previous output of the program. The program
              then treats each entry in FILES as a  set  of  known  hashes  as
              well. The hashes in these FILES are compared to the known hashes
              from this file. Matches which score above the threshold are dis-
              played.  Both the file specified here and the input FILES should
              contain fuzzy hashes.  This flag may be used multiple  times  to
              load  more known signatures.  This flag may not be used with the
              -m, -d, or -p flags.


       -v     Verbose mode. The name of each file is printed to standard error
              as it is being hashed.


       -d     Computes a signature for each entry in the FILES and compares it
              to the set of known signatures. Matches which  score  above  the
              threshold are displayed. The computed signature is then added to
              the set of known signatures.  This flag may not be used with the
              -k or -x flags.


       -p     Works  like the -d flag, but displays all matches for each file.
              That is, for two files A and  B  which  match  score  above  the
              threshold,  displays "A matches B" and "B matches A".  This flag
              may not be used with the -k or -x flags.


       -s     Silent mode. All error messages are suppressed.


       -b     Enables bare mode. Strips any leading directory information from
              displayed  filenames.   This flag may not be used in conjunction
              with the -l flag.


       -l     Enables relative file paths. Instead of  printing  the  absolute
              path for each file, displays the relative file path as indicated
              on the command line. This flag may not be  used  in  conjunction
              with the -b flag.


       -c     Enables  comma  separated  output  mode.  In any of the matching
              modes -d, -p, or -m, displays the results as input  file,  known
              file, matching score.


       -x     Signature  file matching.  Each entry in FILES must contain sig-
              natures generated by a previous output of the program. Each sig-
              nature  is  loaded and compared against the set of known hashes.
              Match scores above the threshold are displayed.  Each  signature
              is  then  added to the set of knowns.  This flag may not be used
              with the -m, -d, or -p flags.


       -a     Displays all matches in any of the matching mode, regardless  of
              score.   Using  the  -a  flag  displays all results, even if the
              match score is zero.


       -t <val>
              In any of the matching modes, only display  matches  when  match
              score  is  greater  than  the given value. The default threshold
              value is zero.


       -h     Show a help screen and exit.


       -V     Show the version number and exit.




RETURN VALUE

       Returns 0 on success, 1 if there is a problem.  Read errors, permission
       denied,  and  encountering  directories while not in recursive mode are
       still considered successes. Problems are things like  being  unable  to
       load the matching file, specifying both bare and relative paths, etc.
       This program is based on SpamSum by Dr. Andrews Tridgell.
       http://www.samba.org/ftp/unpacked/junkcode/spamsum/



Facebook                  Version 2.13 - 24 Apr 2015                 SSDEEP(1)

Man(1) output converted with man2html