This project provides a comprehensive analysis of files using various hashing algorithms. Originally a Python script, it has been ported to Go to provide a high-performance, dependency-free, single-binary executable for Windows, macOS, and Linux.
- Cryptographic Hashes: MD5, SHA1, SHA256.
- Fuzzy Hashes: SSDEEP, TLSH (Pure Go implementations - no DLLs required!).
- PE Analysis: ImpHash, Rich Header Hash, Section Hashes, Entropy.
- Output: Beautiful terminal output (via Lipgloss) or JSON for automation.
- Forensic Metadata: JSON output now includes a timestamp, tool version, and unique system information (hostname, OS, architecture, user, and a stable machine ID) for forensic host identification.
Download the latest release for your platform from the Releases page.
# Analyze a file
./malware_hashes malicious_file.exe
# Output JSON for piping to other tools, including forensic metadata
./malware_hashes malicious_file.exe --json- Zero Dependencies: No Python interpreter, no
pip install, no C headers, no DLL hell. - Fast: Compiled to native machine code.
- Cross-Platform: Works identically on Windows, Mac, and Linux.
go build -o malware_hashes main.goIf you download the binary from GitHub Releases, macOS Gatekeeper may block it because it is not notarized. To fix this, remove the quarantine attribute:
xattr -d com.apple.quarantine malware_hashes-macos-amd64Now you can run it normally.
The forensic machine_id included in the JSON output is derived from stable, OS-specific identifiers:
- Windows:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid - Linux:
/var/lib/dbus/machine-idor/etc/machine-id - macOS:
IOPlatformUUID(viaioreg)
This ID is stable across reboots but may be duplicated if a Virtual Machine is cloned without proper generalization (sysprep/machine-id reset).